[Freeipa-users] Adding Display Pictures/Avatars into FreeIPA
Martin Kosek
mkosek at redhat.com
Fri Dec 6 09:48:34 UTC 2013
On 12/06/2013 10:10 AM, Dale Macartney wrote:
>
>
> On 05/12/13 22:58, Simo Sorce wrote:
>> On Thu, 2013-12-05 at 22:32 +0000, Dale Macartney wrote:
>>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>>
>>> Hi folks
>>>
>>> Just a quick mail from me before I call it a night.
>>>
>>> Today I've added user display pictures/avatars into FreeIPA, detailed
> here.
>>>
>>>
> https://www.dalemacartney.com/2013/12/05/adding-display-picturesavatars-red-hat-idmfreeipa/
>>>
>>>
>
As well as pulling those images into a GNOME3 desktop session, detailed
>>> here.
>>>
>>>
> https://www.dalemacartney.com/2013/12/05/loading-display-picturesavatars-red-hat-idmfreeipa-gnome3/
>>>
>>>
>
Would love some feedback if anyone is interested in these items.
>>>
>>> G'night all.
>>>
>
>> Great stuff Dale, I wonder if ipa user-mod --addattr could be used to
>> load the avatar, instead of using ldap commands.
>
>> Simo.
> G'day Simo Thanks for the suggestion however I haven't been able to do it
> with an ipa command for this task.
>
> I've tried the following:
>
> [root at ds01 ~]# ipa user-mod --addattr="objectClass=jpegPhoto"
> --addattr="jpegPhoto:< file:///root/hulk.jpg" bbanner ipa: ERROR: invalid
> 'addattr': Invalid format. Should be name=value [root at ds01 ~]# [root at ds01
> ~]# [root at ds01 ~]# ipa user-mod --addattr="objectClass=jpegPhoto"
> --addattr="jpegPhoto:/root/hulk.jpg" bbanner ipa: ERROR: invalid
> 'addattr': Invalid format. Should be name=value [root at ds01 ~]# ipa
> user-mod --addattr="objectClass=jpegPhoto" --addattr="jpegPhoto=<
> file:///root/hulk.jpg" bbanner ipa: ERROR: unknown object class
> "jpegPhoto" [root at ds01 ~]# ipa user-mod --addattr="jpegPhoto=<
> file:///root/hulk.jpg" bbanner ----------------------- Modified user
> "bbanner" ----------------------- User login: bbanner First name: Bruce
> Last name: Banner Home directory: /home/bbanner Login shell: /bin/sh Email
> address: bbanner at example.com UID: 212800012 GID: 212800012 Account
> disabled: False Password: False Member of groups: ipausers Kerberos keys
> available: False [root at ds01 ~]# ipa user-show --all bbanner dn:
> uid=bbanner,cn=users,cn=accounts,dc=example,dc=com User login: bbanner
> First name: Bruce Last name: Banner Full name: Bruce Banner Display name:
> Bruce Banner Initials: BB Home directory: /home/bbanner GECOS field: Bruce
> Banner Login shell: /bin/sh Kerberos principal: bbanner at EXAMPLE.COM Email
> address: bbanner at example.com UID: 212800012 GID: 212800012 Account
> disabled: False Password: False Member of groups: ipausers Kerberos keys
> available: False ipauniqueid: b4009286-5e53-11e3-9d5e-001a4a0000bb
> jpegphoto: PCBmaWxlOi8vL3Jvb3QvaHVsay5qcGc= krbpwdpolicyreference:
> cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com
> mepmanagedentry: cn=bbanner,cn=groups,cn=accounts,dc=example,dc=com
> objectclass: top, person, organizationalperson, inetorgperson, inetuser,
> posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject, ipasshuser,
> ipaSshGroupOfPubKeys, mepOriginEntry [root at ds01 ~]#
>
> You can see that the last command of " ipa user-mod --addattr="jpegPhoto=<
> file:///root/hulk.jpg" bbanner" however as the jpegPhoto attribute is
> encoded with base64, it appears to be encoding the characters "<
> file:///root/hulk.jpg" instead of the image file.
>
> The above details from showing the user after the change only shows the
> following text for jpegPhoto jpegphoto: PCBmaWxlOi8vL3Jvb3QvaHVsay5qcGc=
>
> When using ldapmodify, that attribute looks like the following
>
> [root at ds01 ~]# ipa user-show --all bbanner dn:
> uid=bbanner,cn=users,cn=accounts,dc=example,dc=com User login: bbanner
> First name: Bruce Last name: Banner Full name: Bruce Banner Display name:
> Bruce Banner Initials: BB Home directory: /home/bbanner GECOS field: Bruce
> Banner Login shell: /bin/sh Kerberos principal: bbanner at EXAMPLE.COM Email
> address: bbanner at example.com UID: 212800012 GID: 212800012 Account
> disabled: False Password: False Member of groups: ipausers Kerberos keys
> available: False ipauniqueid: b4009286-5e53-11e3-9d5e-001a4a0000bb
> jpegphoto:
> /9j/4AAQSkZJRgABAgAAAQABAAD/4AAcT2NhZCRSZXY6IDE0Nzk3ICQAAAAAAAAAABj/2wCEAAIEBAYIBggICAgICAgICAgKCgoKCgoKCgoKCgoKCgoKCgoKCgwMDAwMDAwMDA0MDAwMDAwMDAwODw0MDgwMDAwBAhAQICAgICAgIEBAQEBAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgP/AABEIAHgAeAMBEQACEQEDEQH/xACVAAACAwEBAQEAAAAAAAAAAAAGBwQFCAMJAgEBAAIDAQEBAAAAAAAAAAAAAAMEAgUGAQAHEAABAgQDBAcHAQUGBwAAAAABAgMABBEhBRIxEyJBUQYyYXGhsfAHFEJSgZHRchUjYsHhFyRDgqLxFjNTY5LC4hEBAAMAAgICAgMAAAAAAAAAAAECEQMSITETQVFhBCIy/9oADAMBAAIRAxEAPwDyylFuEUICFDUEXjYMcNW5Z6lcyY88nNMO15x5wUZDlvrHkURSecdeQdjXtP38o4gIX2mJFsPzIdIAqEJBFf1G1vVIxFuT8LmKhj+1x2WSUyMpJBR1LzWc053oi3OhMZWaTP21MGpgPthmJlSP2kMPlJdI/eObAKUU/KhkEFS1aJJyhOphH4v2L2a+wX2j9GMTddlkYMpiQYb2jk66uq0iyc+UJV1j8INBzEVvSfy5oUxae6AMvqdDjj7ShTdUEEk65UjNXLqBat7xcxNyWQiq9mzEwht6SU661MIzs2utP6zQVTxSog8BWsXvyyQmrOuJdD5xGdaRuINDn3VD9QVQjupfgYvK8xCakg9LlJvSvYa+X5jVkFKtETcEjrexdyqACt3XVQ7LfcG8cREraqi3lTziQQgZR2R4JILceQRlM17/ALx4URLYk5CTM9NO0Ashuikkr4aEa8E1vzEYa/J9L+tWIukvS6bxJ3fIDCDRtGUJ+q8!
uv!
>
>
aTpwhSK4uilWtSTWu9w599/KLF52adHWWoqVWw6x/1GnnHAxqjpBNoQtll1SS+kJcVWm58m7S3EgWPKAvB159tIQUOrcUn5hlpzyd+lTEkRnL9M8TYVVuZmNwp2dXXN2l90FVBTkKAwHq4eWLe1zEZsS0y6ltc0k5H1lNdokDdC6nerc1IsYUmmpQYeF9IcKxJpSFNNMTXw0SQCTpqrL3GtK6iFotNUJgPz+GTDCyl1tST3UHruMfRK21mpMWZky65mKSSDWsF0HHRuRcr1Se6PbAmLT3NxPwn19I92AxyUmgodYZKpuHyaluppxOulB3/7xV3t4NQy17R8eS9Ne6tL/u8vupA1Uv43Promp04R89rH23DLyVUPLvv6+kaBxXr8/XGCOOdImEsWhQZ1A04cL/0gaS1alyogJRmqLnkT38uZiGvKRzxHLT0YI65HNHnF7ITJQ4FJVlI7aeYPiIXlx6ISs0J7CG3SHcyElKyF5k7vNBBPeQSCLiKek5JSz0qw3Fegsum7aH6arcJV9dQO+gj5/N7Nd1MSU6fdAeqZWVok3VsqfzBgXeQuojRMdAcSWUISltSq0LalIT41+1Il80p9SyxH2S4S84VSM+mijZLlFf62yfEVjU1/kKaeNkb2n9HnujOHoW+6znmCpLIbVmXUC6qEcK2UQQOFTDvfs50eNT721dUs1ueOpP1PHnwi/SlTnrdvhDQbjSp1qfCCOJhZQn4syuz1w7LQIVeN1J305koFf0nnbwB10gQLudqtsoGRpsG5KqKJ7hc9wFI4gDymleN/vDaa3okhPK1fKvkaQJ1SZd6Dhtf+zyff2K5Q1CFEuIVwqnVJqfsKit4o59l5CisUeV8VIzeNcgKmnq1C1174JhUS4Zjs9LKzsukV4V9fiFpqLp6YJ7SJ6XfDylLzV3wk2VT1yikmhhnT2h9LJjFJ4zDzqlq4JKlKyJ+UZictdcotG246KaZIqWQVrCcpI!
> PL+nPSL+S5kDo277vt122hUU23qJ+TgO8/QRnvk+jvVWJ6Pv5Mxy5TfMTbxHDjB+4vVClp
> DaBWw3spoXPnPytIPipVof7Z7ICJMhvCtd07/ABG0+W3y+J7IV0ulmVSVVWWjZRucvZenOFdehMd6P50obLeQpC1lSVpcqFWRRFtOPGl+EWESiWf7PebaC1CsusqRmHNPiCLKvqNK0h7XFBlUlVdaClPX3tDDrbXsxk0OSs4oKTTZZi2TRSSPiFdRwINxqNYy1p/tAcs9Zh9a98caFJBqgGnGleFeR4wJxFzGtq15RNAQsSEy5TdsfoD/ALcYUHLfEpDLUqVVRUAkAW7eXV4698aKsquYbF9kfRVp2VmZt5AUmuRuum7dRt9o+UfyuXzEQ2/FTQH05xhlx9Mq23lbYSE0G6qvxKOUnXhXSLfhr9kOSWfVOPBrJtFFCz1DrQX489OHGN4z0ybuFFgsNusqNWt1xvjTnbgdK84zVjA1Rs2fdKpzFbm0WPnrv9m6NOceVi7wfDk4hOvPPLal0JO8coSlCeATY3Og4mFZkYeY3IyvujZk07dT5yZyndG7kSEVvuipJNOJ0EGiVaSmLYIpKUIzJWyhopISQQFZfmFTvbxKT1VaRbRYJlGYUoAJrdJI/wDE/wA41Zl6VewroujFEPtlxDOZtwtqV/1B/h/5hcE1jC8k5MG8YRJqk6xcnE5KnNnwSlViOZ5/g8IEILcKZbZQpx4glW7l6x/PbFdYyM5zEUtSWcFKSfr37t9Yq6x5MSCEOsziZdSm85CHEZUih2qlKyZqGpvQlWiRakXnos9AGG1YdgbbTVAlLYbqnXPqtVr7xuOenZHwKZ7Wbz1DC3SDBi49t0qOZYvrX/NxtqdY+01tnhh5qT8y0wnOFl4FKNwJooFX8ZURQcbAnhreNfWWdlAw7EXmVhQFRW/8Q7eNuRg9oebBwfGG8QTMTE2wE+5yu0OQZeoMqFZDTXdTQcKqJjMTUUXdHcf6PrkFB1Di5kLzJaSndf3aAZjZtKdVKUe6sJdJemRLP9JJuY2bctJyjL!
KE!
>
>
pQkbWqafH1SK14i1u+HMVyM5Kzam0pflWWkrOXaS5SWwa7qspv2GgqIWkNgfpVhhlsTfa+Ut6fxpzcftWNjSfBtpP2cY1MSTOdtSkpOtOz8G1ReMzyRo2suIc41Prvi9MPgvGutY85q3amj1ian+XrwhXB9Xk+8iZZGUFJSKkVypHOhr5iAV9iSP/Zy0j9oID9NkEOONp5qpQa0PbS3lFTz+j3H7aQ6TTrrbWRF8xP31pr9RWPl/FDT3kmZXG00O0TWlu3x8bxtZqo9CWITcndS0BSldVCbn7CvnY6xdViSsg5tpsu1LCWQvkakfU8+Qi1mSzUnRBp11uYalm6JOWuc0QlNN41sd7TLmy0uRwjNSqLEx0r6IY21MkLZSGgnOlTW62tB4gJAG7xAJOto1lbQQHUh0VU1JOzzfvLOybbUhtRS8hxzNvoqmuTKi6SsArVpSEJkmefRuXemmXHC0UtVScpV1lU6yUk1T81KRmZNMf9N2s/SmbCUlaGVMpXb/ALSa6+WutI3FP8mlhLIMuoN8A2nMkWub/wBO+EbAM3JcjSm0pIUTpAkzNlsAVlBW6hBN8tM1O8jyijm61xwEjl610Zj+k5PVoF2dx9pfO0SUVBSd31/KIoiiaxp95H7wiuWml/PjzivihvQnMuIaASmq1HX+I9t/pWLSIVqTIIyL2hyqcPPRI5Dy7RELSZhfpmPdXg4UJWlWqFVUEngQk/L1hltXnCuaJr0B6NS+FuYM0rZvF15a84ClNpUn4RtMpyDUnUk2EZyWemTAw2QcRiTmFTF5ScZM3KAuBzIpNnmkOdvW7T9YdANL/hQBClNpRlUGwodXaK0uEnhxFIUTBuLyjaMqUJRVpzIrLYDLqn6DWlqawkg88ZqRozMzxpWemVlJXuqJqpe6DqimUIV86a6ExuN9IFYG3q7XPqqhJ62vGGPy4RTTSuUXkrIwGJRzKFZT/Pv52in1ZC1Mk/s7vIob2VWn!
> 0F4pdNq+afNEIzVCRaDQ8Glruew1i1JPpK/ira9O0/N/SIuuOxWTU1/9vRiYQvwaTnn1/w
> B22RVc5VnMT2UAPfSFbTA61VheJKyuLl1EOLCAUbwzEdXKDXu4QDx+SbTXQvGVsPKkJyY90KaIyzSFN0roM4smvAGxF4rbEzn6TPPsS7U2r/m4XNIXYpKXGl7q0pKeCkHMeAPOEazqvM7EukM2hLWUryOlNyq6hQUUrKfh4XFaUhOZFAmMTiJaUmpt9RcCEKUco3lAnfHHf+EZteJgUeZdefGM9KXcRnS8hBblkrytNKUCpCeBVlCUlVLUTRKeqkUqT9E648nvzMs00ClVVvV2nNI/J1rwirwMinG1J4U9dsXa4TBNrylJvw19acuMDwxr7w6XdcWSnOclzl19fSOWGSHz+9oiu6ONj+n8RCHkJS696oKC7y1K1UKkcNB64xGXRhNKcThbz1AFZ0oBzCu/1iATU003erWp1EL19kJI6VnX2F5mXFtKoRmQopNDqLHjpSNYE0dgvtQnGNkiZYZmWW1hVB+6cqE5RvJBFr2KbxmZ4oTaM/tm6OvtTHveDOOuTM1LKWmrakhiXG6MyqFS1aKTRKaXBtSK34v2igYbjSMRwecS0lbbRdcCG17wbY6+yz/K2TlQTSqdYo7VySZ+yk7tPd0qACUst5hxAy5kkgU13eApFVKCXiOHMz0ouSeWZdp5BClV6qfgUa36+U5b1vWkcrPl558410bncODG3S1lcTZTdxmRYpV/GetUcNI+ibqZYuv11+nr8wyOY7zSFCtK9tPxy5RmtWoSewyt0m/r13RZxZFQ/wB5aVbN3iG3hRLlLgJShSndVHsHyjzhCTAPdUELPKsWiCwT1+daH1+YWdNQOybuHrZFDNbF8JzJSQM5RTJmUnKaJoVipGmU1qOQrpZYUg1obHiDr43jVhOdI88lIYWb0N9O31pANSbm6Ays03hsyjKoIfaWb6VFrV5j6GkfPuT2UO1547WxNmU7TerU9X4bmtrfiKdBeTeEYpM4c8WVuJzUyml1lI6thXIez!
je!
>
>
PVQZIxqZnVs7CZStNrVuAtH0rXvoQKxqIdZ/fQR+YvYMG2Jm1/X356RksXmu7bYWqp3e45vXKJvLtElXiDr9vXjAEUlGFuqTVrLn0BSKG/CmvZw74lqJVYzgUxL7zjZRU9WoVl+x8DeNBFi6kSw4nIF/FdKuBH9OMEky4LG/mO0SUGzid7LfiOzsMFTEbM4h0/v5dqb69VJ3XTX4idd3UDjfnHig2lcK6IqcrNpxiSbzJ6iUubuSquugbylUSkVIANbgQPtIZ99CsBwyaWw6zLuIZZTmWZpCMyngpWRLZBNGEINVlQqtzUmgEUtpQN/FHkhKmWUhDZOW2gbQNaAdZRuAm1KxnSKs/ZDjeHmdWCkrNGW/iv/iLpe/WANLX7II41s5PrwfBlTrq2jMNNIb2ahurzJra9/1WrAvt5gtOJIx33lx1lLS20hwFHWr2Chr+njwNou8AZG6SyDzD1es2bJUBbuPaI0VZMi5MsBUmqqn165xltafEMtqScwzDy8IYL4ImJ4oF0oPKo/29c4GGsJPFdm6pYGWoNALivj308ogWUU3OPPLJIBCjavD1qbQ4kIXcEbcw8hvP7xRK05wAA6NUtqBoUOJsDa8EiQdJiUngnMlKcq60roUkcKH7EGHphY6JJKRZffSClKa3K6qSP9Ir9hSAkm+sC6N4kmRztvzS2PlzNTCECmpS6gkV4EKqBYxn7SRELypeWZO1ogAZ1ZhQkfpT8A1A58IroAKTDOmGHTGIu59xtkgt2zld76WTQaVoAKxdTVwFdLvaMVTbgk6+76ZaApqOVPtUQ/WjzPE103xKZa2My8641ly5TfdHUrx3e+LaKDhhjGHWQQ2VJSrUCw8PD6wXEn4vGH1JUCapX1greHj56xHHDo2m6Sbnjbh2/wDyI+etZqMU1+HXTKfWnoRZEJDzqk1Kan7fiHCaksTqnu0ht4SNSinFoQK31KeA4m3Lx0gIbTeAYRvJIFUFKRU!
> kZKdxIPfxpFfMgKf2lYThSGG1hoNvZqbRISlZ/UpI30cgQSDeHaWRY4l1vB2rayeHI+HnF
> 1JvGl5Hp5ictJpl2iU9auc7t/0mp+appGexDqS2IYnic0twvzCiFa0NE05ISPMmsaGCuFwiWFSkKOU+ufnDqK5ZlkVABoDbs8IW1ISpw6VpvZxX4hlPlTWA6i4NyDal7NKq/JXd+nG/ZHdLrBWCPilGVGulN6p+kc1N/9k=
>
>
krbpwdpolicyreference:
> cn=global_policy,cn=EXAMPLE.COM,cn=kerberos,dc=example,dc=com
> mepmanagedentry: cn=bbanner,cn=groups,cn=accounts,dc=example,dc=com
> objectclass: top, person, organizationalperson, inetorgperson, inetuser,
> posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject, ipasshuser,
> ipaSshGroupOfPubKeys, mepOriginEntry [root at ds01 ~]#
>
>
> Any ideas? I think getting this working via ipa user-mod would be a better
> option as I don't like having people using the Directory manager account
> when they don't need to.
First, not that users do not need to use DM account. Even when using
ldapmodify they can bind as their regular user and change their own
attribute. You would just probably need to add appropriate selfservice
permission (ipa help selfservice).
As for the attribute change, you indeed need to bass the BASE64 contents of
the file as the --setattr or --addattr options expects just a raw value on
the input.
This should be working:
# wget
https://www.dalemacartney.com/wp-content/uploads/2013/12/ejabberd_avatar.png
# ipa user-mod tuser1 --setattr="jpegphoto=`base64 ejabberd_avatar.png -w 0`"
I did not test it on ejabberd, but the value was there.
Alternatively, you could also extend the User object in FreeIPA and add new
attribute definition:
# cat /usr/lib/python2.6/site-packages/ipalib/plugins/user-jpegphoto.py
from ipalib.plugins.user import user
from ipalib.parameters import Bytes
from ipalib.text import _
/usr/lib/python2.6/site-packages/ipalib/plugins/user-jpegphoto.py
user.takes_params += (
Bytes('jpegphoto?',
label=_('JPEG Photo'),
),
)
# service httpd reload
# ipa user-mod tuser1 --jpegphoto=`base64 ejabberd_avatar.png -w 0`
but it does not add that much added value. Ideally, it would be great if you
could define a File type attribute and have it be encoded automatically. But
in my tests, it did not work out of the box, the framework could not handle
binary values. That may be an idea for improvement of the framework.
Martin
More information about the Freeipa-users
mailing list