Hello,
Can someone please help me to add a picture to the freeipa user, i did the following steps:
1- Create a new file with ldif extension: $vi test.ldif 2- copy the following lines: dn: cn=schema changetype: modify add: attributeTypes attributeTypes: ( 2.25.28639311321113238241701611583088740684.14.2.2 NAME 'UsersPicture' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Extending FreeIPA' )
dn: cn=schema changetype: modify add: objectclasses objectclasses: ( 2.25.28639311321113238241701611583088740684.14.2.1 (Not sure if it should be the same than attribute and change 2 by 1 at the end) NAME 'customPerson' SUP person STRUCTURAL MAY ( UsersPicture ) X-ORIGIN 'Extending FreeIPA' )
3- Get kerberos ticket: $kinit admin 4- add the attribute and objectclass to the ldap with the following command (joined webpage About the IDM client tools): $ldapmodify -D "cn=Directory Manager" -W -p 389 -h ipaserver.example.com -f test.ldif -v 5- Restart freeipa server: $ipactl restart 6- ipa config-mod --addattr=ipaUserObjectClasses=object_class_name_added_above 7- Add the attribute to a user $ ipa user-mod ttest1 --addattr=UsersPicture=path_to_the_picture 8- Verify if the user has the new attribute: $ipa user-show --all loginname | grep UsersPicture $userspictures: L2hvbw....uanBn
How to add this attribute to the GUI users to check if the picture is working ?
Thanks,
On Fri, 08 Feb 2019, Rufa Rufa via FreeIPA-users wrote:
Hello,
Can someone please help me to add a picture to the freeipa user, i did the following steps:
first, you don't need to add any additional attributes. jpegPhoto attribute is already in a default 389-ds set of LDAP schemes, since it is part of RFC 2798 for inetOrgPerson object class. It is a binary attribute, so the data is stored in LDAP rather than specifying an external path.
Since any IPA user has inetOrgPerson object class set by default, just adding jpegPhoto to the list of attributes returned by default would make it visible via IPA API. But it is a binary data, so to get ability to add it from a file needs a change in a client-side API override to replace binary data with a file-based object. Finally, to get it displayed in the Web UI you need to create a JavaScript plugin.
I'd suggest you too look into sample plugins I did that demonstrate how all this can be done, for example, with https://github.com/abbra/freeipa-userstatus-plugin/tree/master/plugin you can get a base setup.
All you need to do is to create a definition of a photo-based parameter:
------------------------------------------------ from ipaserver.plugins.user import user from ipalib.parameters import Bytes from ipalib import _
user.takes_params += ( Bytes('jpegphoto', cli_name='photo', label=_('User photo'), ), )
user.default_attributes.append('jpegphoto') -----------------------------------------------
This is a basic setup for a server-side plugin (that would be a plugin/ipaserver/plugins/userphoto.py in the terms of the structure defined in my sample plugins it the plugin is called 'userphoto').
To be able to supply a file through the client (ipa user-mod foo --photo=/some/path/to/file.jpg), you need to override a client side to say that you accept file instead of Bytes. I copied the following from freeipa-desktop-profile plugin which does the same for FleetCommander integration (https://github.com/abbra/freeipa-desktop-profile):
------------------------------------------------ from ipaclient.frontend import MethodOverride from ipalib.parameters import File from ipalib.plugable import Registry
register = Registry()
@register(override=True, no_fail=True) class baseuser_add(MethodOverride): def get_options(self): for opt in super(baseuser_add, self).get_options(): if opt.name == 'jpegphoto' and self.env.interactive: opt = opt.clone_retype(opt.name, File) yield opt
@register(override=True, no_fail=True) class baseuser_mod(MethodOverride): def get_options(self): for opt in super(baseuser_mod, self).get_options(): if opt.name == 'jpegphoto' and self.env.interactive: opt = opt.clone_retype(opt.name, File) yield opt ------------------------------------------------
That should go into plugin/ipaclient/plugins/userphoto.py
Finally, for Web UI, you need to just add a div that has your photo displayed, pretty much like userstatus sample plugin adds its own UI elements into the misc section.
See https://github.com/abbra/freeipa-userstatus-plugin/blob/master/plugin/ui/use... for details on that. We push a radio box there but you'd need to create a class derived from IPA.field that shows a picture and also provides an input field to upload a jpeg file. See Web UI API at https://pvoborni.fedorapeople.org/api/#!/api/IPA.field and you need to learn a bit more from the FreeIPA source code in freeipa/install/ui/src/freeipa/
If you are interested in getting this work done, make sure to subscribe to freeipa-devel@ and discuss it there.
freeipa-users@lists.fedorahosted.org