Hello Maxim and thank you very much for all your support,
after I did BOTH
1) create LDAP mapping with full picture URL (and check what in DB and
UI after LDAP login)
2) since image is empty I guess it is dropped if mapping is commented
out
in this case please specify ldap_user_picture_uri=profile.png (then
please check what in DB and in UI after LDAP login)
OpenMeetings displays the profile.png-file in the data/upload/profile-folder,
if the AD-attribute containing the full picture URL is NOT SET.
So THAT works.
At first, the other solution (putting the picture-url into the ad-field
<pager>) didn't work.
I checked the database and found out, that the string was cropped, so the URL
was not complete.
I cross-checked AD and found out, that the cropping already happened in the AD
-> the ad-field <pager> is limited... D'OH! *blush*
So I put my profile-picture-URL in the AD-field <info> and changed the
om_ldap.cfg --> NOW THAT WORKS, TOO.
What's really good: If user upload their picture once, it is save das
profile.png in their profile-folder (at least I think that).
So I don't even have to manually copy the pictures into the matching
profile-folders.
So now I have two possibilities, to provide user-pictures for ldap-accounts in
openmeetings 4.0.10:
[summing up for other users]
1. Open your Active Directory: Misuse an empty AD-field (like <info>) and put
an URL to the user-picture in this AD-field (for every user). Be sure to check
that your chosen field is not limitated and therefore crops the URL.
Commandline an your openmeetings-linux-server: cd
/opt/red54010/webapps/openmeetings/data/conf
Commandline on your openmeetings-linux-server: sudo vi om_ldap.cfg
Edit the om_ldap.cfg an your openmeetings-linux-server, so the line contains
the matching AD-field, I use the AD-field <info>, so my line is:
ldap_user_attr_picture=info
Save the om_ldap.cfg on your open-meetings-linux-server (entering :w! and :q!
if using VI)
2. Commandline an your openmeetings-linux-server: cd
/opt/red54010/webapps/openmeetings/data/conf
Commandline on your openmeetings-linux-server: sudo vi om_ldap.cfg
Edit the om_ldap.cfg an your openmeetings-linux-server, change the line to:
ldap_user_picture_uri=profile.png
Save the om_ldap.cfg on your open-meetings-linux-server (entering :w! and :q!
if using VI)
Commandline an your openmeetings-linux-server: cd
/opt/red54010/webapps/openmeetings/data/upload/profiles
Here, you find one folder for each profile, that has logged-in before, the
names of the folders are like "profile_1".
In your openmeetings-webseite, you'll find the profile-numbers under
"Administration" and "Users".
Mount a netshare and put all your user-pictures in this netshare (you can use
these commands (without brackets): <sudo apt install cifs-utils>, <sudo mkdir
/media/netshare>, sudo mount -t cifs -o username=YOURWINDOWSNAME
//YOURSERVER/WINDOWSNETSHARE /media/netshare>).
Copy the files from your netshare into the matching profile-folders, using a
commandline like: sudo cp /media/netshare/jackson_john.png
/opt/red54010/webapps/openmeetings/data/upload/profiles/profile_2/profile.png
- OR - make the user upload their picture ONCE. This should save their
uploaded picture as profile.png in the folder.
You're brilliant. Thank you VERY much!
Best wishes,
Alex
-----Ursprüngliche Nachricht-----
Von: Maxim Solodovnik <solomax...@gmail.com>
Gesendet: Montag, 18. Mai 2020 18:00
An: Openmeetings user-list <user@openmeetings.apache.org>
Betreff: Re: OM 4.0.10, AD-Pictures (or: how can I provide pictures for
LDAP-accounts)
Hello Alex,
you can use any DB query tool including command line :)
Can you please do the tests one by one? :))
1) create LDAP mapping with full picture URL (and check what in DB and UI after
LDAP login)
2) since image is empty I guess it is dropped if mapping is commented out
in this case please specify ldap_user_picture_uri=profile.png (then please
check what in DB and in UI after LDAP login)
On Mon, 18 May 2020 at 22:14, Ninnig, Alexander
<alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de> > wrote:
OK, I got it figured out.
I had to grant phpmyadmin priviliges on open4010.
Now I can browser the om_user-table of open4010.
The LOCAL user (first user after the installation, the admin-account)
has the line:
pictureuri varchar(255) [empty dropdown-field] [unchecked
checkbox] profile.png
This one displays a user-picture (local account).
My LDAP-user-account has the line:
pictureuri varchar(255) [empty dropdown-field] [checked
checkbox] <empty>
This one displays the questionmark-profilepicture.
I tried to enter "profile.png" and save this (via phpMyAdmin), that's
the string, phpMyAdmin creates and submits:
UPDATE `om_user` SET `deleted` = b'0', `forceTimeZoneCheck` = b'0',
`pictureuri` = 'profile.png', `show_contact_data` = b'1',
`show_contact_data_to_contacts` = b'0' WHERE `om_user`.`id` = 2;
This leads to errors in phpMyAdmin, which one can choose to ignore.
Opening this dataset again show, that pictureuri now hast he value
profile.png [with an unchecked checkbox, whatever that is].
Login in OpenMeetings still works, but still no profile-picture.
I probably could enter some sort oft he following string as commandline
(the rest shouldn't be related to my problem):
UPDATE `om_user` SET `pictureuri` = 'profile.png' WHERE `om_user`.`id`
= 2;
Actually this one doesn't work, since I did not tell, which database to
use.
I would have to add <on 'open4010'.*> or something like that.
So I'm still not at the end here.
-----Ursprüngliche Nachricht-----
Von: Ninnig, Alexander <alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de> >
Gesendet: Montag, 18. Mai 2020 16:44
An: user@openmeetings.apache.org <mailto:user@openmeetings.apache.org>
Betreff: AW: OM 4.0.10, AD-Pictures (or: how can I provide pictures for
LDAP-accounts)
I installed PHPMyAdmin - it works, OpenMeetings also still works, so I
didn't mess it up.
But now I don't know the structure oft he open4010-database, so I
cannot start a query.
Can you suggest a browser that I can use in order to browse (instead of
having to start queries)?
Or can you tell me where to look?
I guess you suggested to look up the users in open4010-database and
find out which pictures each account uses.
Best wishes,
Alex
-----Ursprüngliche Nachricht-----
Von: Ninnig, Alexander <alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de> >
Gesendet: Montag, 18. Mai 2020 16:25
An: user@openmeetings.apache.org <mailto:user@openmeetings.apache.org>
Betreff: AW: OM 4.0.10, AD-Pictures (or: how can I provide pictures for
LDAP-accounts)
Sorry, I have to ask, because I haven’t done this so far:
I can check what’s stored in the DB via phpMyAdmin?
Can I install phpMyAdmin without messing with OpenMeetings?
I never looked into MariaDB, so I have to start from the beginning.
Or can you provide me with queries I can use from commandline (sudo
mysql -u root)?
If not, I would install MyPHPAdmin using the following lines and hope
that I’m able to check what’s stored in the DB:
sudo apt update
sudo apt upgrade
sudo apt install -y apache2 apache2-utils
systemctl status apache2
sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT
sudo ufw allow http
sudo chown www-data:www-data /var/www/html/ -R
sudo apt install php7.2 libapache2-mod-php7.2 php7.2-mysql php-common
php7.2-cli php7.2-common php7.2-json php7.2-opcache php7.2-readline
sudo a2enmod php7.2
sudo systemctl restart apache2
php --version
sudo apt install phpmyadmin [choose apache2]
sudo mysql -u root
show grants for phpmyadmin@localhost;
exit;
sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT -p tcp --dport 443 -j ACCEPT
sudo ufw allow http
sudo ufw allow https
Von: Maxim Solodovnik <solomax...@gmail.com
<mailto:solomax...@gmail.com> >
Gesendet: Montag, 18. Mai 2020 15:10
An: Openmeetings user-list <user@openmeetings.apache.org
<mailto:user@openmeetings.apache.org> >
Betreff: Re: OM 4.0.10, AD-Pictures (or: how can I provide pictures for
LDAP-accounts)
On Mon, 18 May 2020 at 20:06, Ninnig, Alexander
<alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de>
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de> > > wrote:
Hello Maxim,
ok, well, so that sounds cool. I wouldn't mind doing that
manually.
To get that right:
Option 1 is to use a free AD-attribute (for us, that would be
"pager") and enter a URL to the user-picture (like
<https://intranet/people/gallery/alex.jpg>) and edit om_ldap.cfg
(<ldap_user_attr_picture=pager>)?
That doesn't get me an "Internal Error", but it doesn't work
either. Where my profilepicture should be, openmeetings just displays an "x"
(like when an image is not linked correctly in website).
Can you check what is stored in the DB?
In my om_ldap.cfg, there is a parameter called
<ldap_user_picture_uri>, but as far as I understand this is a picture to use
for ALL accounts, who don't have a picture provided by the ldap-connection.
Yes, this is correct
Option 2 is to manually copy my userpictures as "profile.png"
in the right profile-folder. What did you mean by "and comment-out LDAP
mapping"? Just comment-out the line with the picture?
I did that, I copied the picture into the profile-folder, but
it is not used, there is just the questionmark-profile-picture.
Could you check what in the DB?
I commented-out <ldap_user_attr_picture> and
<ldap_user_picture_uri>.
The picture (profile.png) is there (profile-upload-folder, here
/opt/red54010/webapps/openmeetings/data/upload/profiles/profile_169), but it's
just not used.
Is there another string in my on_ldap.conf I would have to
comment-out?
Of course I still want to use the om_ldap.cfg and not local
accounts.
By the way: In my personal account-profile-folder, there
already was the right image, because I manually uploaded one before via
openmeetings-website. It's just not used (the profile-picture in my
profile-folder).
Thanks for your help,
Alex
-----Ursprüngliche Nachricht-----
Von: Maxim Solodovnik <solomax...@gmail.com
<mailto:solomax...@gmail.com> <mailto:solomax...@gmail.com
<mailto:solomax...@gmail.com> > >
Gesendet: Montag, 18. Mai 2020 14:19
An: Openmeetings user-list <user@openmeetings.apache.org
<mailto:user@openmeetings.apache.org> <mailto:user@openmeetings.apache.org
<mailto:user@openmeetings.apache.org> > >
Betreff: Re: OM 4.0.10, AD-Pictures (or: how can I provide
pictures for LDAP-accounts)
There are several options :))
On Mon, 18 May 2020 at 19:09, Ninnig, Alexander
<alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de>
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de> >
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de>
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de> > > > wrote:
Hello Maxim,
so, I don't have to make more tests - it just will not
work, right?
Yes, OM expects to get the URL but get lots of binary data
Or in other words: I have to wait for a stable version
of OpenMeetings 5?
Without being a pain, is there a timeline for the
stable version of OM5?
I really hope it will be next version
ETA depends on issues reported and their severity :(
Or is there another way to provide pictures for
ldap-accounts?
1) I can backport the fix to 4.0.x
2) you can
1. create field in LDAP with full URL to the picture
OR
2*. (haven't tested it) you can put pictures as
"/webapps/openmeetings/data/upload/profiles/profile_XXXXX/profile.png" for each
of your users (and comment-out LDAP mapping)
I wouldn't even doing this manually, but those pictures
always get deleted with the next login (since they don't come with the
ldap-query).
Could I change ldap-accounts to local accounts?
But if I did, people would have to use different
accounts again, which is also not really cool.
Damn, I thought I could make that work.
What's weird is, that my error is not the same as in
the link you provided.
My error says: "Data truncation: Data too long for
column 'pictureuri' at row 1"
The link you provided shows the error: "
ERR_13215_VALUE_EXPECT_STRING The value is expected to be a String".
Best wishes,
Alex
-----Ursprüngliche Nachricht-----
Von: Maxim Solodovnik <solomax...@gmail.com
<mailto:solomax...@gmail.com> <mailto:solomax...@gmail.com
<mailto:solomax...@gmail.com> > <mailto:solomax...@gmail.com
<mailto:solomax...@gmail.com> <mailto:solomax...@gmail.com
<mailto:solomax...@gmail.com> > > >
Gesendet: Montag, 18. Mai 2020 13:52
An: Openmeetings user-list
<user@openmeetings.apache.org <mailto:user@openmeetings.apache.org>
<mailto:user@openmeetings.apache.org <mailto:user@openmeetings.apache.org> >
<mailto:user@openmeetings.apache.org <mailto:user@openmeetings.apache.org>
<mailto:user@openmeetings.apache.org <mailto:user@openmeetings.apache.org> > > >
Betreff: Re: OM 4.0.10, AD-Pictures (or: how can I
provide pictures for LDAP-accounts)
Hello Alex,
this was implemented for M4
https://issues.apache.org/jira/browse/OPENMEETINGS-2262
<https://issues.apache.org/jira/browse/OPENMEETINGS-2262>
But wasn't backported to 4.0.x ....
On Mon, 18 May 2020 at 17:41, Ninnig, Alexander
<alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de>
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de> >
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de>
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de> > >
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de>
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de> >
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de>
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de> > > > > wrote:
Hello,
Another Update:
I also tried the AD-attribute <photo>.
And I also used a software instead of
PowerShell (CodeTwo Active Directory Photos 1.32 - this software also checks
the imagefiles for allowed maximum size).
Still - doesn't work ("Internal Error").
By the way (this might actually be an important
information):
One DOESN'T get "Internal Error" if there is no
AD-Photo provided.
So all users with no picture stored in AD can
login.
The second I save
<ldap_user_attr_picture=thumbnailPhoto> or <ldap_user_attr_picture=jpegPhoto>
or <ldap_user_attr_picture=photo> AND try to login with a an LDAP-user-account,
that has an image stored in AD, I get "Internal Error".
I'm beginning to think, that openmeetings
cannot read pictures from AD (octet string).
Has anyone managed to use AD-stored-photos OR
found a way to provide LDAP-accounts with photos?
Best wishes,
Alex
-----Ursprüngliche Nachricht-----
Von: Ninnig, Alexander
<alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de>
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de> >
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de>
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de> > >
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de>
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de> >
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de>
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de> > > > >
Gesendet: Montag, 18. Mai 2020 12:03
An: user@openmeetings.apache.org
<mailto:user@openmeetings.apache.org> <mailto:user@openmeetings.apache.org
<mailto:user@openmeetings.apache.org> > <mailto:user@openmeetings.apache.org
<mailto:user@openmeetings.apache.org> <mailto:user@openmeetings.apache.org
<mailto:user@openmeetings.apache.org> > > <mailto:user@openmeetings.apache.org
<mailto:user@openmeetings.apache.org> <mailto:user@openmeetings.apache.org
<mailto:user@openmeetings.apache.org> > <mailto:user@openmeetings.apache.org
<mailto:user@openmeetings.apache.org> <mailto:user@openmeetings.apache.org
<mailto:user@openmeetings.apache.org> > > >
Betreff: AW: OM 4.0.10, AD-Pictures (or: how
can I provide pictures for LDAP-accounts)
Hello,
update on my question.
CHECKING ANOTHER AD-ATTRIBUTE
---------------------------------------------------
I just checked the AD-attribute <jpegPhoto>,
which also can be used to store pictures in Active Directory
(<ldap_user_attr_picture=jpegPhoto>). Doesn't work either ("Internal Error").
CHECKING THE PICTUREFILES
--------------------------------------------------
After that, I checked my picture-files (to make
sure, there is nothing wrong with them) and I created two picturefiles "from
scratch", meaning, I copied my picture into Windows Paint and saved it as .png
and as .jpg and even as .bmp.
I imported the jpg using powershell:
Import-Module ActiveDirectory
$photo = [byte[]](Get-Content
C:\Thumbs\myself.jpg -Encoding byte)
Set-ADUser Alex -Replace
@{jpegPhoto=$photo}
Set-ADUser Alex -Replace
@{thumbnailPhoto=$photo}
Still: "Internal Error" when trying to login.
Then I used the png using powershell:
Import-Module ActiveDirectory
$photo = [byte[]](Get-Content
C:\Thumbs\myself.png -Encoding byte)
Set-ADUser Alex -Replace
@{jpegPhoto=$photo}
Set-ADUser Alex -Replace
@{thumbnailPhoto=$photo}
Still: "Internal Error" when trying to login.
Then I used the bmp using powershell:
Import-Module ActiveDirectory
$photo = [byte[]](Get-Content
C:\Thumbs\myself.png -Encoding byte)
Set-ADUser Alex -Replace
@{jpegPhoto=$photo}
Set-ADUser Alex -Replace
@{thumbnailPhoto=$photo} Last command led to an error, since <thumbnailPhoto>
doens't accept bitmap.
Still: "Internal Error" when trying to login.
My picturefiles are 200x200 pixel and pretty
small (png 64 kb, jpg 13 kb, bmp 118 kb).
I could work on the picturefiles, if I knew
what to change (like compression or dpi).
But without any hints, it's like a needle in a
haystack.
And I don't know if the files are the problem
or the AD-attribute or the way, the pictures are stored in AD.
Does anyone have an idea?
Best wishes,
Alex
-----Ursprüngliche Nachricht-----
Von: Ninnig, Alexander
<alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de>
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de> >
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de>
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de> > >
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de>
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de> >
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de>
<mailto:alexander.nin...@rechnungshof.rlp.de
<mailto:alexander.nin...@rechnungshof.rlp.de> > > > >
Gesendet: Montag, 18. Mai 2020 10:40
An: user@openmeetings.apache.org
<mailto:user@openmeetings.apache.org> <mailto:user@openmeetings.apache.org
<mailto:user@openmeetings.apache.org> > <mailto:user@openmeetings.apache.org
<mailto:user@openmeetings.apache.org> <mailto:user@openmeetings.apache.org
<mailto:user@openmeetings.apache.org> > > <mailto:user@openmeetings.apache.org
<mailto:user@openmeetings.apache.org> <mailto:user@openmeetings.apache.org
<mailto:user@openmeetings.apache.org> > <mailto:user@openmeetings.apache.org
<mailto:user@openmeetings.apache.org> <mailto:user@openmeetings.apache.org
<mailto:user@openmeetings.apache.org> > > >
Betreff: OM 4.0.10, AD-Pictures (or: how can I
provide pictures for LDAP-accounts)
Hello,
we are using OpenMeetings 4.0.10 in our
productive environment.
LDAP-Configuration (om_ldap.cfg) works fine,
except for getting thumbnails/pictures stored in Active Directory.
If I uncomment the line
<ldap_user_attr_picture=thumbnailPhoto> and save the config-file, I cannot
login anymore with my Active-Directory-account - OpenMeetings shows an internal
error instead.
The only AD-account with a picture stored is my
own (so far). The AD-attribute ist thumbnailPhoto, so that is correct. Outlook
displays my picture, so that works, too.
I wouldn't really need AD-stored photos, but I
would like my user-accounts to have pictures, so one doesn't just see a lot of
questionmarks-profilepictures, when starting a conference without webcam.
If I use the LDAP-connection, I can provide a
picture for my account, but this picture is discarded the next time I log in.
So the ldap-connection configured doesn't let
me change openmeetings-accounts permantenly - which is logical, since they are
ldap-accounts.
I just need a way to provide accounts with
pictures.
I wouldn't mind configuring them manually.
Does anyone know how to provide user-pictures
for ldap-accounts?
Have a nice day and an even better week, Alex
PS: If this already has been discussed and
there is an answer I haven't found by myself, I apologize. In that case, can
you just send my the link tot he previous discussion?
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
--
Best regards,
Maxim
