OK, I got it figured out. I had to grant phpmyadmin priviliges on open4010. Now I can browser the om_user-table of open4010.
The LOCAL user (first user after the installation, the admin-account) has the line: pictureuri varchar(255) [empty dropdown-field] [unchecked checkbox] profile.png This one displays a user-picture (local account). My LDAP-user-account has the line: pictureuri varchar(255) [empty dropdown-field] [checked checkbox] <empty> This one displays the questionmark-profilepicture. I tried to enter "profile.png" and save this (via phpMyAdmin), that's the string, phpMyAdmin creates and submits: UPDATE `om_user` SET `deleted` = b'0', `forceTimeZoneCheck` = b'0', `pictureuri` = 'profile.png', `show_contact_data` = b'1', `show_contact_data_to_contacts` = b'0' WHERE `om_user`.`id` = 2; This leads to errors in phpMyAdmin, which one can choose to ignore. Opening this dataset again show, that pictureuri now hast he value profile.png [with an unchecked checkbox, whatever that is]. Login in OpenMeetings still works, but still no profile-picture. I probably could enter some sort oft he following string as commandline (the rest shouldn't be related to my problem): UPDATE `om_user` SET `pictureuri` = 'profile.png' WHERE `om_user`.`id` = 2; Actually this one doesn't work, since I did not tell, which database to use. I would have to add <on 'open4010'.*> or something like that. So I'm still not at the end here. -----Ursprüngliche Nachricht----- Von: Ninnig, Alexander <alexander.nin...@rechnungshof.rlp.de> Gesendet: Montag, 18. Mai 2020 16:44 An: user@openmeetings.apache.org Betreff: AW: OM 4.0.10, AD-Pictures (or: how can I provide pictures for LDAP-accounts) I installed PHPMyAdmin - it works, OpenMeetings also still works, so I didn't mess it up. But now I don't know the structure oft he open4010-database, so I cannot start a query. Can you suggest a browser that I can use in order to browse (instead of having to start queries)? Or can you tell me where to look? I guess you suggested to look up the users in open4010-database and find out which pictures each account uses. Best wishes, Alex -----Ursprüngliche Nachricht----- Von: Ninnig, Alexander <alexander.nin...@rechnungshof.rlp.de> Gesendet: Montag, 18. Mai 2020 16:25 An: user@openmeetings.apache.org Betreff: AW: OM 4.0.10, AD-Pictures (or: how can I provide pictures for LDAP-accounts) Sorry, I have to ask, because I haven’t done this so far: I can check what’s stored in the DB via phpMyAdmin? Can I install phpMyAdmin without messing with OpenMeetings? I never looked into MariaDB, so I have to start from the beginning. Or can you provide me with queries I can use from commandline (sudo mysql -u root)? If not, I would install MyPHPAdmin using the following lines and hope that I’m able to check what’s stored in the DB: sudo apt update sudo apt upgrade sudo apt install -y apache2 apache2-utils systemctl status apache2 sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT sudo ufw allow http sudo chown www-data:www-data /var/www/html/ -R sudo apt install php7.2 libapache2-mod-php7.2 php7.2-mysql php-common php7.2-cli php7.2-common php7.2-json php7.2-opcache php7.2-readline sudo a2enmod php7.2 sudo systemctl restart apache2 php --version sudo apt install phpmyadmin [choose apache2] sudo mysql -u root show grants for phpmyadmin@localhost; exit; sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT sudo iptables -I INPUT -p tcp --dport 443 -j ACCEPT sudo ufw allow http sudo ufw allow https Von: Maxim Solodovnik <solomax...@gmail.com> Gesendet: Montag, 18. Mai 2020 15:10 An: Openmeetings user-list <user@openmeetings.apache.org> Betreff: Re: OM 4.0.10, AD-Pictures (or: how can I provide pictures for LDAP-accounts) On Mon, 18 May 2020 at 20:06, Ninnig, Alexander <alexander.nin...@rechnungshof.rlp.de <mailto:alexander.nin...@rechnungshof.rlp.de> > wrote: Hello Maxim, ok, well, so that sounds cool. I wouldn't mind doing that manually. To get that right: Option 1 is to use a free AD-attribute (for us, that would be "pager") and enter a URL to the user-picture (like <https://intranet/people/gallery/alex.jpg>) and edit om_ldap.cfg (<ldap_user_attr_picture=pager>)? That doesn't get me an "Internal Error", but it doesn't work either. Where my profilepicture should be, openmeetings just displays an "x" (like when an image is not linked correctly in website). Can you check what is stored in the DB? In my om_ldap.cfg, there is a parameter called <ldap_user_picture_uri>, but as far as I understand this is a picture to use for ALL accounts, who don't have a picture provided by the ldap-connection. Yes, this is correct Option 2 is to manually copy my userpictures as "profile.png" in the right profile-folder. What did you mean by "and comment-out LDAP mapping"? Just comment-out the line with the picture? I did that, I copied the picture into the profile-folder, but it is not used, there is just the questionmark-profile-picture. Could you check what in the DB? I commented-out <ldap_user_attr_picture> and <ldap_user_picture_uri>. The picture (profile.png) is there (profile-upload-folder, here /opt/red54010/webapps/openmeetings/data/upload/profiles/profile_169), but it's just not used. Is there another string in my on_ldap.conf I would have to comment-out? Of course I still want to use the om_ldap.cfg and not local accounts. By the way: In my personal account-profile-folder, there already was the right image, because I manually uploaded one before via openmeetings-website. It's just not used (the profile-picture in my profile-folder). Thanks for your help, Alex -----Ursprüngliche Nachricht----- Von: Maxim Solodovnik <solomax...@gmail.com <mailto:solomax...@gmail.com> > Gesendet: Montag, 18. Mai 2020 14:19 An: Openmeetings user-list <user@openmeetings.apache.org <mailto:user@openmeetings.apache.org> > Betreff: Re: OM 4.0.10, AD-Pictures (or: how can I provide pictures for LDAP-accounts) There are several options :)) On Mon, 18 May 2020 at 19:09, Ninnig, Alexander <alexander.nin...@rechnungshof.rlp.de <mailto:alexander.nin...@rechnungshof.rlp.de> <mailto:alexander.nin...@rechnungshof.rlp.de <mailto:alexander.nin...@rechnungshof.rlp.de> > > wrote: Hello Maxim, so, I don't have to make more tests - it just will not work, right? Yes, OM expects to get the URL but get lots of binary data Or in other words: I have to wait for a stable version of OpenMeetings 5? Without being a pain, is there a timeline for the stable version of OM5? I really hope it will be next version ETA depends on issues reported and their severity :( Or is there another way to provide pictures for ldap-accounts? 1) I can backport the fix to 4.0.x 2) you can 1. create field in LDAP with full URL to the picture OR 2*. (haven't tested it) you can put pictures as "/webapps/openmeetings/data/upload/profiles/profile_XXXXX/profile.png" for each of your users (and comment-out LDAP mapping) I wouldn't even doing this manually, but those pictures always get deleted with the next login (since they don't come with the ldap-query). Could I change ldap-accounts to local accounts? But if I did, people would have to use different accounts again, which is also not really cool. Damn, I thought I could make that work. What's weird is, that my error is not the same as in the link you provided. My error says: "Data truncation: Data too long for column 'pictureuri' at row 1" The link you provided shows the error: " ERR_13215_VALUE_EXPECT_STRING The value is expected to be a String". Best wishes, Alex -----Ursprüngliche Nachricht----- Von: Maxim Solodovnik <solomax...@gmail.com <mailto:solomax...@gmail.com> <mailto:solomax...@gmail.com <mailto:solomax...@gmail.com> > > Gesendet: Montag, 18. Mai 2020 13:52 An: Openmeetings user-list <user@openmeetings.apache.org <mailto:user@openmeetings.apache.org> <mailto:user@openmeetings.apache.org <mailto:user@openmeetings.apache.org> > > Betreff: Re: OM 4.0.10, AD-Pictures (or: how can I provide pictures for LDAP-accounts) Hello Alex, this was implemented for M4 https://issues.apache.org/jira/browse/OPENMEETINGS-2262 <https://issues.apache.org/jira/browse/OPENMEETINGS-2262> But wasn't backported to 4.0.x .... On Mon, 18 May 2020 at 17:41, Ninnig, Alexander <alexander.nin...@rechnungshof.rlp.de <mailto:alexander.nin...@rechnungshof.rlp.de> <mailto:alexander.nin...@rechnungshof.rlp.de <mailto:alexander.nin...@rechnungshof.rlp.de> > <mailto:alexander.nin...@rechnungshof.rlp.de <mailto:alexander.nin...@rechnungshof.rlp.de> <mailto:alexander.nin...@rechnungshof.rlp.de <mailto:alexander.nin...@rechnungshof.rlp.de> > > > wrote: Hello, Another Update: I also tried the AD-attribute <photo>. And I also used a software instead of PowerShell (CodeTwo Active Directory Photos 1.32 - this software also checks the imagefiles for allowed maximum size). Still - doesn't work ("Internal Error"). By the way (this might actually be an important information): One DOESN'T get "Internal Error" if there is no AD-Photo provided. So all users with no picture stored in AD can login. The second I save <ldap_user_attr_picture=thumbnailPhoto> or <ldap_user_attr_picture=jpegPhoto> or <ldap_user_attr_picture=photo> AND try to login with a an LDAP-user-account, that has an image stored in AD, I get "Internal Error". I'm beginning to think, that openmeetings cannot read pictures from AD (octet string). Has anyone managed to use AD-stored-photos OR found a way to provide LDAP-accounts with photos? Best wishes, Alex -----Ursprüngliche Nachricht----- Von: Ninnig, Alexander <alexander.nin...@rechnungshof.rlp.de <mailto:alexander.nin...@rechnungshof.rlp.de> <mailto:alexander.nin...@rechnungshof.rlp.de <mailto:alexander.nin...@rechnungshof.rlp.de> > <mailto:alexander.nin...@rechnungshof.rlp.de <mailto:alexander.nin...@rechnungshof.rlp.de> <mailto:alexander.nin...@rechnungshof.rlp.de <mailto:alexander.nin...@rechnungshof.rlp.de> > > > Gesendet: Montag, 18. Mai 2020 12:03 An: user@openmeetings.apache.org <mailto:user@openmeetings.apache.org> <mailto:user@openmeetings.apache.org <mailto:user@openmeetings.apache.org> > <mailto:user@openmeetings.apache.org <mailto:user@openmeetings.apache.org> <mailto:user@openmeetings.apache.org <mailto:user@openmeetings.apache.org> > > Betreff: AW: OM 4.0.10, AD-Pictures (or: how can I provide pictures for LDAP-accounts) Hello, update on my question. CHECKING ANOTHER AD-ATTRIBUTE --------------------------------------------------- I just checked the AD-attribute <jpegPhoto>, which also can be used to store pictures in Active Directory (<ldap_user_attr_picture=jpegPhoto>). Doesn't work either ("Internal Error"). CHECKING THE PICTUREFILES -------------------------------------------------- After that, I checked my picture-files (to make sure, there is nothing wrong with them) and I created two picturefiles "from scratch", meaning, I copied my picture into Windows Paint and saved it as .png and as .jpg and even as .bmp. I imported the jpg using powershell: Import-Module ActiveDirectory $photo = [byte[]](Get-Content C:\Thumbs\myself.jpg -Encoding byte) Set-ADUser Alex -Replace @{jpegPhoto=$photo} Set-ADUser Alex -Replace @{thumbnailPhoto=$photo} Still: "Internal Error" when trying to login. Then I used the png using powershell: Import-Module ActiveDirectory $photo = [byte[]](Get-Content C:\Thumbs\myself.png -Encoding byte) Set-ADUser Alex -Replace @{jpegPhoto=$photo} Set-ADUser Alex -Replace @{thumbnailPhoto=$photo} Still: "Internal Error" when trying to login. Then I used the bmp using powershell: Import-Module ActiveDirectory $photo = [byte[]](Get-Content C:\Thumbs\myself.png -Encoding byte) Set-ADUser Alex -Replace @{jpegPhoto=$photo} Set-ADUser Alex -Replace @{thumbnailPhoto=$photo} Last command led to an error, since <thumbnailPhoto> doens't accept bitmap. Still: "Internal Error" when trying to login. My picturefiles are 200x200 pixel and pretty small (png 64 kb, jpg 13 kb, bmp 118 kb). I could work on the picturefiles, if I knew what to change (like compression or dpi). But without any hints, it's like a needle in a haystack. And I don't know if the files are the problem or the AD-attribute or the way, the pictures are stored in AD. Does anyone have an idea? Best wishes, Alex -----Ursprüngliche Nachricht----- Von: Ninnig, Alexander <alexander.nin...@rechnungshof.rlp.de <mailto:alexander.nin...@rechnungshof.rlp.de> <mailto:alexander.nin...@rechnungshof.rlp.de <mailto:alexander.nin...@rechnungshof.rlp.de> > <mailto:alexander.nin...@rechnungshof.rlp.de <mailto:alexander.nin...@rechnungshof.rlp.de> <mailto:alexander.nin...@rechnungshof.rlp.de <mailto:alexander.nin...@rechnungshof.rlp.de> > > > Gesendet: Montag, 18. Mai 2020 10:40 An: user@openmeetings.apache.org <mailto:user@openmeetings.apache.org> <mailto:user@openmeetings.apache.org <mailto:user@openmeetings.apache.org> > <mailto:user@openmeetings.apache.org <mailto:user@openmeetings.apache.org> <mailto:user@openmeetings.apache.org <mailto:user@openmeetings.apache.org> > > Betreff: OM 4.0.10, AD-Pictures (or: how can I provide pictures for LDAP-accounts) Hello, we are using OpenMeetings 4.0.10 in our productive environment. LDAP-Configuration (om_ldap.cfg) works fine, except for getting thumbnails/pictures stored in Active Directory. If I uncomment the line <ldap_user_attr_picture=thumbnailPhoto> and save the config-file, I cannot login anymore with my Active-Directory-account - OpenMeetings shows an internal error instead. The only AD-account with a picture stored is my own (so far). The AD-attribute ist thumbnailPhoto, so that is correct. Outlook displays my picture, so that works, too. I wouldn't really need AD-stored photos, but I would like my user-accounts to have pictures, so one doesn't just see a lot of questionmarks-profilepictures, when starting a conference without webcam. If I use the LDAP-connection, I can provide a picture for my account, but this picture is discarded the next time I log in. So the ldap-connection configured doesn't let me change openmeetings-accounts permantenly - which is logical, since they are ldap-accounts. I just need a way to provide accounts with pictures. I wouldn't mind configuring them manually. Does anyone know how to provide user-pictures for ldap-accounts? Have a nice day and an even better week, Alex PS: If this already has been discussed and there is an answer I haven't found by myself, I apologize. In that case, can you just send my the link tot he previous discussion? -- Best regards, Maxim -- Best regards, Maxim -- Best regards, Maxim
