Profile photo in Nextcloud

v7
nextcloud
openldap

(Andrea Boldrini) #1

NethServer Version: 7.3
Module: Nextcloud 12

Hello to all,

this is my first post in this forum (sorry for my “google english”)
I’m migrating my DMZ server to Nethserver where the main modules will be Nextcloud and email.
The accounts are managed by the OpenLDAP module locally.
The accounts created in Nethserver are available in Nextcloud also.
In Nextcloud I can’t upload a photo profile because the “Picture provided by original account” (original message in Nextcloud).

Is it avaiable a fast way to upload the picture for the user profile in Nextcloud ?
In my research I found only solutions based on LDAP access through external softwares.

Thanks in advance.


(Markus Neuberger) #2

Hello @Andrea_Boldrini,

I only managed it fast with external software :slight_smile: - JXplorer, a multiplatform java client for managing ldap

Connection settings:

On the left side select the user to add a photo.
On the right side click on the property(field right) of “jpegPhoto”, say load and choose your picture(max 96x96 jpg should work). Then OK and apply, that’s it!


(Alessio Fattorini) #3

Looks very smart, @davidep did you know this tool yet?


(Andrea Boldrini) #4

Many thanks @mrmarkuz markus, it works.

I done the test using another software (LdapAdmin by http://www.ldapadmin.org) but probably I done some errors in configuration parameters.
I followed you guide step by step (obviusly I changed the host address) and all it’s right.

@alefattorini : has sens to evaluate the possibility to upload the photo from the Nethserver interface ? Otherwise the possibility by final user to do this upload.

Thanks


(Markus Neuberger) #5

You’re welcome, I am happy that it works for you…

I tried it with ldapadmin (which has a nicer ui imo but only for windows) now and could connect, here are my connection settings:

I also tried it on Nethserver command line and it works but I just managed to link a file, programs like ldapadmin import the jpg to ldap in base64, see https://www.openldap.org/lists/openldap-software/200612/msg00156.html

Created file test.ldif:

dn: uid=markus,ou=People,dc=directory,dc=nh
changetype: modify
replace: jpegPhoto
jpegPhoto:< file:///root/markus.jpg

Imported the ldif to ldap:


(Andrea Boldrini) #6

I ask a “easy” solution because my knowledge about LDAP is very low (like a end user).
Thanks @mrmarkuz for your support and for the explanations (I will use it for expand my LDAP experiences).


(Markus Neuberger) #7

Sorry, I didn’t want to explain it too detailed, just wanted to show that there is a possibility to do it in Nethserver, without external programs…so it would also be possible to set up a button in UI like “Upload profile picture”, which uploads pics to a specific per user location or general location with picname=username and imports them to ldap or AD, with nice side effects like profilepics included in backup.

IM clients like Cisco Jabber etc use the LDAP picture too and in my experience, putting photos to ldap is an admin task, so why shouldn’t Nethserver take care of the profile pics too? On the other hand, isn’t it reinventing the wheel, when it can be done already with existing free software?
What do you think?

You’re welcome, feel free to ask anytime…


(Alessio Fattorini) #8

Thanks for your suggestion, It’s the first time that we receive that request. honestly, it would be useful only if every external software would use it, like: NextCloud, Jabber, Webtop and so on… But that is not the case


(Andrea Boldrini) #9

I’m agree with you. If a Nethserver administrator decide to manage all the accounts centralized (through OpenLDAP or SAMBA AD), would be beautiful to upload one time the avatar (from Nethserver web interface) and find the image in all the modules where requested (NextCloud, Jabber, Webtop, SOGo …).

This is only my personal point of view for my actual Nethserver configuration.
I follow this project only from the last year, but I saw that the Community is very active and competent.
If an idea can help improve this product, I’m happy to contribute to this.

Thanks


(André Wismer) #10

@mrmarkuz

Hi

I’m trying to insert an Image to LDAP, but I can’t get connected. I am using AD on my NethServer, the IP would be 172.25.63.11.

However, I run into a certificate problem when I try to connect. Connecting to a normal LDAP - even using certificates isn’t a problem. However, this is the NethServer AD…

I have PHPLDAPAdmin installed on my NethServer, that shows me the following Users URI:
CN=Users,DC=ad,DC=zg,DC=anwi,DC=ch

So for ID i’d use something like:
UID=admin,CN=Users,DC=ad,DC=zg,DC=anwi,DC=ch

But the certificate poses a problem. I can try to import the certificate as much as I want, but LDAPAdmin doesn’t like my certificate. Is a reboot needed - this is running on Windows7…?

Any suggestions?

Thx
Andy


(Markus Neuberger) #11

Hi @Andy_Wismer,

did you try software like jxplorer or ldapadmin?


(André Wismer) #12

Hi

Tried both, but I couldn’t get jxplorer to run (Since the SF repo was flagged with a download error I didn’t try that one too hard.

I know LDAPAdmin from other experiences (NetWare, Apple OSX Server, others…) and can easily connect say to my Mac Server’s LDAP. But not NethServers AD…

The NethServer does provide the appropriate “DC=ad,DC=zg,DC=anwi,DC=ch” which i need - despite the certificate warning, but no further connections are allowed. The error seems to say something about a wrong password - but the PW is for Admin, and I’ve verified that several times.

PS: Unfortunately the PHPLDAPAdmin doesn’t have an easy way to add the jpegPhoto attribute - or maybe I need to try Kamikaze mode…

My connection detalis in LDAPAdmin:


(Markus Neuberger) #13

You are right, it’s a cert problem. Your connection config seems to be correct. I tried it with both ldapadmin and jxplorer and I get same error with ldapadmin and jxplorer shows

But trying without SSL on port 389 gives me

what leads me to this workaround:

I’d disable tls auth in samba container, setting the pictures and enable strong auth again…just to make it work for now but there should be a better solution.


(André Wismer) #14

Good idea - Had to use a similiar workaround years ago for a telephone system but forget about that!

However: principally LDAPAdmin (Or any other LDAP tool) should accept TLS (The option’s there) BUT: It doesn’t work.

(-> When writing “It doesn’t work” I always thiink about implications of it = information tech - doesn’t work… :wink: )

Thx for the fast response!

Andy


(André Wismer) #15

@mrmarkuz

Hi

Tried the Workaround - but still no luck…

Finally got the right Version for Mac & Windows of the JXplorer - it does work. Except in our discussed Nethserver case… ;-(

Error message with turned off TLS:

javax.naming.CommunicationException: simple bind failed: 172.25.63.11:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Server Certificate: server certificate could not be verified, and the CA certificate is missing from the certificate chain. raw error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

My AD Conf ( /var/lib/machines/nsdc/etc/samba/smb.conf ):

Global parameters

[global]
netbios name = NSDC-AWZG-28AB4
realm = AD.ZG.ANWI.CH
workgroup = ANWI
dns forwarder = 127.0.0.1
server role = active directory domain controller
include = /etc/samba/smb.conf.include
ldap server require strong auth = no

[netlogon]
path = /var/lib/samba/sysvol/ad.zg.anwi.ch/scripts
read only = No

[sysvol]
path = /var/lib/samba/sysvol
read only = No



(Marc) #16

It worked for me enabling kamikaze mode and log in as admin:

  • select a user
  • Add new Attribute
  • select jpegPhoto from dropdown list
  • choose file
  • Update Object

Any way to add custom entries to the public addressbook?
(André Wismer) #17

@dnutan

Hi Marc

My PHPLDAPAdmin shows up in german - even if I log in as root / english in NethServer…

I only have an option to add a “Sub-Entry” (=Untereintrag), not add in any Attributes.

If I choose that, it wants a whole selection of stuff…

This seems to want to add a new Entry, not Attribute…

Can you send a screenshot WHERE you clicked to add an Attribute?

Thx
Andy


(Marc) #18

It’s where you get a php error (maybe untranslated string):


(André Wismer) #19

@dnutan

Thanks, your screenshot helped. Even emptying the caches didn’t help firefox. So I used Safari (I’m on a Mac) - that worked, showing English - and the Add Attribute Field.

Maybe a translation fluke - a firefox feature (Or was that bug?) - or some caching issue on my firefox profile?

Well, Image uploaded, that works !

Thanks

Andy


(Rob Bosch) #20

This is quite a nice answer. It gives a bit of insight in how Open LDAP provider works and how to add content to ldap elements.
thnx for the lesson… :wink: