Hello Alex,
you can use any DB query tool including command line :)
Can you please do the tests one by one? :))
1) create LDAP mapping with full picture URL (and check what in DB and UI
after LDAP login)
2) since image is empty I guess it is dropped if mapping is commented out
in this case please specify ldap_user_picture_uri=profile.png
(then please check what in DB and in UI after LDAP login)
On Mon, 18 May 2020 at 22:14, Ninnig, Alexander <
[email protected]> wrote:
> OK, I got it figured out.
> I had to grant phpmyadmin priviliges on open4010.
> Now I can browser the om_user-table of open4010.
>
> The LOCAL user (first user after the installation, the admin-account) has
> the line:
> pictureuri varchar(255) [empty dropdown-field] [unchecked
> checkbox] profile.png
> This one displays a user-picture (local account).
>
> My LDAP-user-account has the line:
> pictureuri varchar(255) [empty dropdown-field] [checked
> checkbox] <empty>
> This one displays the questionmark-profilepicture.
>
> I tried to enter "profile.png" and save this (via phpMyAdmin), that's the
> string, phpMyAdmin creates and submits:
> UPDATE `om_user` SET `deleted` = b'0', `forceTimeZoneCheck` = b'0',
> `pictureuri` = 'profile.png', `show_contact_data` = b'1',
> `show_contact_data_to_contacts` = b'0' WHERE `om_user`.`id` = 2;
> This leads to errors in phpMyAdmin, which one can choose to ignore.
> Opening this dataset again show, that pictureuri now hast he value
> profile.png [with an unchecked checkbox, whatever that is].
> Login in OpenMeetings still works, but still no profile-picture.
>
> I probably could enter some sort oft he following string as commandline
> (the rest shouldn't be related to my problem):
> UPDATE `om_user` SET `pictureuri` = 'profile.png' WHERE `om_user`.`id` = 2;
> Actually this one doesn't work, since I did not tell, which database to
> use.
> I would have to add <on 'open4010'.*> or something like that.
>
>
> So I'm still not at the end here.
>
>
> -----Ursprüngliche Nachricht-----
> Von: Ninnig, Alexander <[email protected]>
> Gesendet: Montag, 18. Mai 2020 16:44
> An: [email protected]
> Betreff: AW: OM 4.0.10, AD-Pictures (or: how can I provide pictures for
> LDAP-accounts)
>
> I installed PHPMyAdmin - it works, OpenMeetings also still works, so I
> didn't mess it up.
> But now I don't know the structure oft he open4010-database, so I cannot
> start a query.
>
> Can you suggest a browser that I can use in order to browse (instead of
> having to start queries)?
> Or can you tell me where to look?
> I guess you suggested to look up the users in open4010-database and find
> out which pictures each account uses.
>
>
> Best wishes,
> Alex
>
>
> -----Ursprüngliche Nachricht-----
> Von: Ninnig, Alexander <[email protected]>
> Gesendet: Montag, 18. Mai 2020 16:25
> An: [email protected]
> Betreff: AW: OM 4.0.10, AD-Pictures (or: how can I provide pictures for
> LDAP-accounts)
>
> Sorry, I have to ask, because I haven’t done this so far:
>
> I can check what’s stored in the DB via phpMyAdmin?
>
> Can I install phpMyAdmin without messing with OpenMeetings?
>
> I never looked into MariaDB, so I have to start from the beginning.
>
> Or can you provide me with queries I can use from commandline (sudo mysql
> -u root)?
>
> If not, I would install MyPHPAdmin using the following lines and hope that
> I’m able to check what’s stored in the DB:
>
>
>
>
>
> sudo apt update
>
> sudo apt upgrade
>
> sudo apt install -y apache2 apache2-utils
>
> systemctl status apache2
>
> sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT
>
> sudo ufw allow http
>
> sudo chown www-data:www-data /var/www/html/ -R
>
> sudo apt install php7.2 libapache2-mod-php7.2 php7.2-mysql php-common
> php7.2-cli php7.2-common php7.2-json php7.2-opcache php7.2-readline
>
> sudo a2enmod php7.2
>
> sudo systemctl restart apache2
>
> php --version
>
> sudo apt install phpmyadmin [choose apache2]
>
> sudo mysql -u root
>
> show grants for phpmyadmin@localhost;
>
> exit;
>
> sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT
>
> sudo iptables -I INPUT -p tcp --dport 443 -j ACCEPT
>
> sudo ufw allow http
>
> sudo ufw allow https
>
>
>
>
>
> Von: Maxim Solodovnik <[email protected]>
> Gesendet: Montag, 18. Mai 2020 15:10
> An: Openmeetings user-list <[email protected]>
> Betreff: Re: OM 4.0.10, AD-Pictures (or: how can I provide pictures for
> LDAP-accounts)
>
>
>
>
>
>
>
> On Mon, 18 May 2020 at 20:06, Ninnig, Alexander <
> [email protected] <mailto:
> [email protected]> > wrote:
>
> Hello Maxim,
>
> ok, well, so that sounds cool. I wouldn't mind doing that manually.
>
> To get that right:
>
> Option 1 is to use a free AD-attribute (for us, that would be
> "pager") and enter a URL to the user-picture (like <
> https://intranet/people/gallery/alex.jpg>) and edit om_ldap.cfg
> (<ldap_user_attr_picture=pager>)?
> That doesn't get me an "Internal Error", but it doesn't work
> either. Where my profilepicture should be, openmeetings just displays an
> "x" (like when an image is not linked correctly in website).
>
>
>
> Can you check what is stored in the DB?
>
>
>
> In my om_ldap.cfg, there is a parameter called
> <ldap_user_picture_uri>, but as far as I understand this is a picture to
> use for ALL accounts, who don't have a picture provided by the
> ldap-connection.
>
>
>
> Yes, this is correct
>
>
>
>
> Option 2 is to manually copy my userpictures as "profile.png" in
> the right profile-folder. What did you mean by "and comment-out LDAP
> mapping"? Just comment-out the line with the picture?
>
> I did that, I copied the picture into the profile-folder, but it
> is not used, there is just the questionmark-profile-picture.
>
>
>
> Could you check what in the DB?
>
>
>
> I commented-out <ldap_user_attr_picture> and
> <ldap_user_picture_uri>.
> The picture (profile.png) is there (profile-upload-folder, here
> /opt/red54010/webapps/openmeetings/data/upload/profiles/profile_169), but
> it's just not used.
> Is there another string in my on_ldap.conf I would have to
> comment-out?
> Of course I still want to use the om_ldap.cfg and not local
> accounts.
>
> By the way: In my personal account-profile-folder, there already
> was the right image, because I manually uploaded one before via
> openmeetings-website. It's just not used (the profile-picture in my
> profile-folder).
>
> Thanks for your help,
> Alex
>
>
> -----Ursprüngliche Nachricht-----
> Von: Maxim Solodovnik <[email protected] <mailto:
> [email protected]> >
> Gesendet: Montag, 18. Mai 2020 14:19
> An: Openmeetings user-list <[email protected] <mailto:
> [email protected]> >
> Betreff: Re: OM 4.0.10, AD-Pictures (or: how can I provide
> pictures for LDAP-accounts)
>
> There are several options :))
>
> On Mon, 18 May 2020 at 19:09, Ninnig, Alexander <
> [email protected] <mailto:
> [email protected]> <mailto:
> [email protected] <mailto:
> [email protected]> > > wrote:
>
>
> Hello Maxim,
>
> so, I don't have to make more tests - it just will not
> work, right?
>
>
>
> Yes, OM expects to get the URL but get lots of binary data
>
>
>
> Or in other words: I have to wait for a stable version of
> OpenMeetings 5?
> Without being a pain, is there a timeline for the stable
> version of OM5?
>
>
>
> I really hope it will be next version
> ETA depends on issues reported and their severity :(
>
>
>
>
>
> Or is there another way to provide pictures for
> ldap-accounts?
>
>
>
> 1) I can backport the fix to 4.0.x
> 2) you can
> 1. create field in LDAP with full URL to the picture
> OR
> 2*. (haven't tested it) you can put pictures as
> "/webapps/openmeetings/data/upload/profiles/profile_XXXXX/profile.png" for
> each of your users (and comment-out LDAP mapping)
>
>
>
> I wouldn't even doing this manually, but those pictures
> always get deleted with the next login (since they don't come with the
> ldap-query).
> Could I change ldap-accounts to local accounts?
> But if I did, people would have to use different accounts
> again, which is also not really cool.
> Damn, I thought I could make that work.
>
>
> What's weird is, that my error is not the same as in the
> link you provided.
> My error says: "Data truncation: Data too long for column
> 'pictureuri' at row 1"
> The link you provided shows the error: "
> ERR_13215_VALUE_EXPECT_STRING The value is expected to be a String".
>
> Best wishes,
> Alex
>
> -----Ursprüngliche Nachricht-----
> Von: Maxim Solodovnik <[email protected] <mailto:
> [email protected]> <mailto:[email protected] <mailto:
> [email protected]> > >
> Gesendet: Montag, 18. Mai 2020 13:52
> An: Openmeetings user-list <[email protected]
> <mailto:[email protected]> <mailto:
> [email protected] <mailto:[email protected]> > >
> Betreff: Re: OM 4.0.10, AD-Pictures (or: how can I provide
> pictures for LDAP-accounts)
>
> Hello Alex,
>
> this was implemented for M4
> https://issues.apache.org/jira/browse/OPENMEETINGS-2262 <
> https://issues.apache.org/jira/browse/OPENMEETINGS-2262>
> But wasn't backported to 4.0.x ....
>
> On Mon, 18 May 2020 at 17:41, Ninnig, Alexander <
> [email protected] <mailto:
> [email protected]> <mailto:
> [email protected] <mailto:
> [email protected]> > <mailto:
> [email protected] <mailto:
> [email protected]> <mailto:
> [email protected] <mailto:
> [email protected]> > > > wrote:
>
>
> Hello,
>
> Another Update:
>
> I also tried the AD-attribute <photo>.
> And I also used a software instead of PowerShell
> (CodeTwo Active Directory Photos 1.32 - this software also checks the
> imagefiles for allowed maximum size).
> Still - doesn't work ("Internal Error").
>
> By the way (this might actually be an important
> information):
> One DOESN'T get "Internal Error" if there is no
> AD-Photo provided.
> So all users with no picture stored in AD can
> login.
> The second I save
> <ldap_user_attr_picture=thumbnailPhoto> or
> <ldap_user_attr_picture=jpegPhoto> or <ldap_user_attr_picture=photo> AND
> try to login with a an LDAP-user-account, that has an image stored in AD, I
> get "Internal Error".
>
>
>
> I'm beginning to think, that openmeetings cannot
> read pictures from AD (octet string).
> Has anyone managed to use AD-stored-photos OR
> found a way to provide LDAP-accounts with photos?
>
> Best wishes,
> Alex
>
>
> -----Ursprüngliche Nachricht-----
> Von: Ninnig, Alexander <
> [email protected] <mailto:
> [email protected]> <mailto:
> [email protected] <mailto:
> [email protected]> > <mailto:
> [email protected] <mailto:
> [email protected]> <mailto:
> [email protected] <mailto:
> [email protected]> > > >
> Gesendet: Montag, 18. Mai 2020 12:03
> An: [email protected] <mailto:
> [email protected]> <mailto:[email protected]
> <mailto:[email protected]> > <mailto:
> [email protected] <mailto:[email protected]>
> <mailto:[email protected] <mailto:[email protected]>
> > >
> Betreff: AW: OM 4.0.10, AD-Pictures (or: how can I
> provide pictures for LDAP-accounts)
>
> Hello,
>
> update on my question.
>
> CHECKING ANOTHER AD-ATTRIBUTE
> ---------------------------------------------------
>
> I just checked the AD-attribute <jpegPhoto>, which
> also can be used to store pictures in Active Directory
> (<ldap_user_attr_picture=jpegPhoto>). Doesn't work either ("Internal
> Error").
>
>
> CHECKING THE PICTUREFILES
> --------------------------------------------------
>
> After that, I checked my picture-files (to make
> sure, there is nothing wrong with them) and I created two picturefiles
> "from scratch", meaning, I copied my picture into Windows Paint and saved
> it as .png and as .jpg and even as .bmp.
>
> I imported the jpg using powershell:
> Import-Module ActiveDirectory
> $photo = [byte[]](Get-Content
> C:\Thumbs\myself.jpg -Encoding byte)
> Set-ADUser Alex -Replace
> @{jpegPhoto=$photo}
> Set-ADUser Alex -Replace
> @{thumbnailPhoto=$photo}
> Still: "Internal Error" when trying to login.
>
> Then I used the png using powershell:
> Import-Module ActiveDirectory
> $photo = [byte[]](Get-Content
> C:\Thumbs\myself.png -Encoding byte)
> Set-ADUser Alex -Replace
> @{jpegPhoto=$photo}
> Set-ADUser Alex -Replace
> @{thumbnailPhoto=$photo}
> Still: "Internal Error" when trying to login.
>
> Then I used the bmp using powershell:
> Import-Module ActiveDirectory
> $photo = [byte[]](Get-Content
> C:\Thumbs\myself.png -Encoding byte)
> Set-ADUser Alex -Replace
> @{jpegPhoto=$photo}
> Set-ADUser Alex -Replace
> @{thumbnailPhoto=$photo} Last command led to an error, since
> <thumbnailPhoto> doens't accept bitmap.
> Still: "Internal Error" when trying to login.
>
> My picturefiles are 200x200 pixel and pretty small
> (png 64 kb, jpg 13 kb, bmp 118 kb).
> I could work on the picturefiles, if I knew what
> to change (like compression or dpi).
> But without any hints, it's like a needle in a
> haystack.
> And I don't know if the files are the problem or
> the AD-attribute or the way, the pictures are stored in AD.
>
>
> Does anyone have an idea?
>
> Best wishes,
> Alex
>
> -----Ursprüngliche Nachricht-----
> Von: Ninnig, Alexander <
> [email protected] <mailto:
> [email protected]> <mailto:
> [email protected] <mailto:
> [email protected]> > <mailto:
> [email protected] <mailto:
> [email protected]> <mailto:
> [email protected] <mailto:
> [email protected]> > > >
> Gesendet: Montag, 18. Mai 2020 10:40
> An: [email protected] <mailto:
> [email protected]> <mailto:[email protected]
> <mailto:[email protected]> > <mailto:
> [email protected] <mailto:[email protected]>
> <mailto:[email protected] <mailto:[email protected]>
> > >
> Betreff: OM 4.0.10, AD-Pictures (or: how can I
> provide pictures for LDAP-accounts)
>
> Hello,
>
> we are using OpenMeetings 4.0.10 in our productive
> environment.
>
> LDAP-Configuration (om_ldap.cfg) works fine,
> except for getting thumbnails/pictures stored in Active Directory.
> If I uncomment the line
> <ldap_user_attr_picture=thumbnailPhoto> and save the config-file, I cannot
> login anymore with my Active-Directory-account - OpenMeetings shows an
> internal error instead.
>
> The only AD-account with a picture stored is my
> own (so far). The AD-attribute ist thumbnailPhoto, so that is correct.
> Outlook displays my picture, so that works, too.
>
> I wouldn't really need AD-stored photos, but I
> would like my user-accounts to have pictures, so one doesn't just see a lot
> of questionmarks-profilepictures, when starting a conference without webcam.
> If I use the LDAP-connection, I can provide a
> picture for my account, but this picture is discarded the next time I log
> in.
> So the ldap-connection configured doesn't let me
> change openmeetings-accounts permantenly - which is logical, since they are
> ldap-accounts.
>
> I just need a way to provide accounts with
> pictures.
> I wouldn't mind configuring them manually.
>
> Does anyone know how to provide user-pictures for
> ldap-accounts?
>
> Have a nice day and an even better week, Alex
>
> PS: If this already has been discussed and there
> is an answer I haven't found by myself, I apologize. In that case, can you
> just send my the link tot he previous discussion?
>
>
>
>
> --
>
> Best regards,
> Maxim
>
>
>
>
> --
>
> Best regards,
> Maxim
>
>
>
>
>
>
> --
>
> Best regards,
> Maxim
>
>
--
Best regards,
Maxim
