this is my first post in this forum (sorry for my “google english”)
I’m migrating my DMZ server to Nethserver where the main modules will be Nextcloud and email.
The accounts are managed by the OpenLDAP module locally.
The accounts created in Nethserver are available in Nextcloud also.
In Nextcloud I can’t upload a photo profile because the “Picture provided by original account” (original message in Nextcloud).
Is it avaiable a fast way to upload the picture for the user profile in Nextcloud ?
In my research I found only solutions based on LDAP access through external softwares.
I only managed it fast with external software - JXplorer, a multiplatform java client for managing ldap
Connection settings:
On the left side select the user to add a photo.
On the right side click on the property(field right) of “jpegPhoto”, say load and choose your picture(max 96x96 jpg should work). Then OK and apply, that’s it!
I done the test using another software (LdapAdmin by http://www.ldapadmin.org) but probably I done some errors in configuration parameters.
I followed you guide step by step (obviusly I changed the host address) and all it’s right.
@alefattorini : has sens to evaluate the possibility to upload the photo from the Nethserver interface ? Otherwise the possibility by final user to do this upload.
I tried it with ldapadmin (which has a nicer ui imo but only for windows) now and could connect, here are my connection settings:
I also tried it on Nethserver command line and it works but I just managed to link a file, programs like ldapadmin import the jpg to ldap in base64, see using jpegPhoto
I ask a “easy” solution because my knowledge about LDAP is very low (like a end user).
Thanks @mrmarkuz for your support and for the explanations (I will use it for expand my LDAP experiences).
Sorry, I didn’t want to explain it too detailed, just wanted to show that there is a possibility to do it in Nethserver, without external programs…so it would also be possible to set up a button in UI like “Upload profile picture”, which uploads pics to a specific per user location or general location with picname=username and imports them to ldap or AD, with nice side effects like profilepics included in backup.
IM clients like Cisco Jabber etc use the LDAP picture too and in my experience, putting photos to ldap is an admin task, so why shouldn’t Nethserver take care of the profile pics too? On the other hand, isn’t it reinventing the wheel, when it can be done already with existing free software?
What do you think?
Thanks for your suggestion, It’s the first time that we receive that request. honestly, it would be useful only if every external software would use it, like: NextCloud, Jabber, Webtop and so on… But that is not the case
I’m agree with you. If a Nethserver administrator decide to manage all the accounts centralized (through OpenLDAP or SAMBA AD), would be beautiful to upload one time the avatar (from Nethserver web interface) and find the image in all the modules where requested (NextCloud, Jabber, Webtop, SOGo …).
This is only my personal point of view for my actual Nethserver configuration.
I follow this project only from the last year, but I saw that the Community is very active and competent.
If an idea can help improve this product, I’m happy to contribute to this.
I’m trying to insert an Image to LDAP, but I can’t get connected. I am using AD on my NethServer, the IP would be 172.25.63.11.
However, I run into a certificate problem when I try to connect. Connecting to a normal LDAP - even using certificates isn’t a problem. However, this is the NethServer AD…
I have PHPLDAPAdmin installed on my NethServer, that shows me the following Users URI:
CN=Users,DC=ad,DC=zg,DC=anwi,DC=ch
So for ID i’d use something like:
UID=admin,CN=Users,DC=ad,DC=zg,DC=anwi,DC=ch
But the certificate poses a problem. I can try to import the certificate as much as I want, but LDAPAdmin doesn’t like my certificate. Is a reboot needed - this is running on Windows7…?
Tried both, but I couldn’t get jxplorer to run (Since the SF repo was flagged with a download error I didn’t try that one too hard.
I know LDAPAdmin from other experiences (NetWare, Apple OSX Server, others…) and can easily connect say to my Mac Server’s LDAP. But not NethServers AD…
The NethServer does provide the appropriate “DC=ad,DC=zg,DC=anwi,DC=ch” which i need - despite the certificate warning, but no further connections are allowed. The error seems to say something about a wrong password - but the PW is for Admin, and I’ve verified that several times.
PS: Unfortunately the PHPLDAPAdmin doesn’t have an easy way to add the jpegPhoto attribute - or maybe I need to try Kamikaze mode…
You are right, it’s a cert problem. Your connection config seems to be correct. I tried it with both ldapadmin and jxplorer and I get same error with ldapadmin and jxplorer shows
But trying without SSL on port 389 gives me
what leads me to this workaround:
I’d disable tls auth in samba container, setting the pictures and enable strong auth again…just to make it work for now but there should be a better solution.
Finally got the right Version for Mac & Windows of the JXplorer - it does work. Except in our discussed Nethserver case… ;-(
Error message with turned off TLS:
javax.naming.CommunicationException: simple bind failed: 172.25.63.11:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Server Certificate: server certificate could not be verified, and the CA certificate is missing from the certificate chain. raw error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
My AD Conf ( /var/lib/machines/nsdc/etc/samba/smb.conf ):
Global parameters
[global]
netbios name = NSDC-AWZG-28AB4
realm = AD.ZG.ANWI.CH
workgroup = ANWI
dns forwarder = 127.0.0.1
server role = active directory domain controller
include = /etc/samba/smb.conf.include
ldap server require strong auth = no
[netlogon]
path = /var/lib/samba/sysvol/ad.zg.anwi.ch/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
Thanks, your screenshot helped. Even emptying the caches didn’t help firefox. So I used Safari (I’m on a Mac) - that worked, showing English - and the Add Attribute Field.
Maybe a translation fluke - a firefox feature (Or was that bug?) - or some caching issue on my firefox profile?