kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity

Avatars in LDAP #233

New Issue
Closed
opened 2020-11-05 11:51:01 +00:00 by raucao · 2 comments
raucao commented 2020-11-05 11:51:01 +00:00
Owner
Copy Link

Possible, but requires a different object class for users (inetOrgPerson):

https://tools.ietf.org/html/rfc2798#section-2.6

Possible, but requires a different object class for users (`inetOrgPerson`): https://tools.ietf.org/html/rfc2798#section-2.6
raucao added the
idea
 label 2020-11-05 11:51:01 +00:00
raucao added the
service
accounts
 label 2020-12-09 13:05:43 +00:00
raucao self-assigned this 2025-05-30 13:30:48 +00:00
greg was assigned by raucao 2025-05-30 13:30:48 +00:00
raucao commented 2025-05-31 11:41:53 +00:00
Author
Owner
Copy Link

@greg and I went on a legit wild goose chase for this one.

Long story short: when someone first logs in to Gitea, and they have an avatar set in Akkounts/LDAP, then the avatar (and display name) will be imported from there automatically. Avatars have also been imported for all existing accounts now.

However, if someone logs in to Gitea, does not set an avatar, and then uploads one in akkounts, then it will not be pushed to Gitea, for 2 reasons:

  1. There's currently no admin API for updating avatars from akkounts
  2. We had to turn off the regular LDAP sync task, which would update avatars, so that it doesn't automatically create publicly visible accounts for users who never logged in.

We have also run a query to set the visibility of all users who never logged in to Gitea to "private". Users can change this themselves if they want to. We can also use a similar query later to determine who will have the service enabled already or not.

@greg and I went on a legit wild goose chase for this one. Long story short: when someone first logs in to Gitea, and they have an avatar set in Akkounts/LDAP, then the avatar (and display name) will be imported from there automatically. Avatars have also been imported for all existing accounts now. However, if someone logs in to Gitea, does not set an avatar, and then uploads one in akkounts, then it will not be pushed to Gitea, for 2 reasons: 1. There's currently no admin API for updating avatars from akkounts 2. We had to turn off the regular LDAP sync task, which would update avatars, so that it doesn't automatically create publicly visible accounts for users who never logged in. We have also run a query to set the visibility of all users who never logged in to Gitea to "private". Users can change this themselves if they want to. We can also use a similar query later to determine who will have the service enabled already or not.
raucao commented 2025-05-31 11:44:47 +00:00
Author
Owner
Copy Link

Closing this, because it is all finished on the akkounts side, where avatars are now stored properly in the LDAP directory, as well as updated for ejabberd accounts (if they don't have one set yet).

Closing this, because it is all finished on the akkounts side, where avatars are now stored properly in the LDAP directory, as well as updated for ejabberd accounts (if they don't have one set yet).
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
service
accounts
Kosmos Accounts
service
discourse
Kosmos Community Forums
service
drone-ci
Kosmos Drone CI
service
email
mail.kosmos.org
service
garage
S3-compatible object storage
service
gitea
Kosmos Gitea
service
ipfs
Kosmos IPFS
service
mastodon
kosmos.social
service
postgres
Database cluster
service
remotestorage
Portable data storage for the Web
service
wiki
Kosmos Wiki
service
xmpp
Kosmos Chat
bug
Something is not working
design
Graphic/visual design
dev environment
Config, builds, CI, deployment, etc.
docs
Documentation
duplicate
This issue or pull request already exists
enhancement
Improving existing functionality
feature
New functionality
good first issue
Dive in, and start contributing
idea
Something to consider
invalid
Not a bug
kredits-1
Small contribution
kredits-2
Medium contribution
kredits-3
Large contribution
on hold
Currently not actionable
ops
Manual IT ops activities
question
Looking for an answer
release
major
release
minor
release
patch
security
All your base are belong to us
ui/ux
User interface, process design, etc.
wontfix
This won't be fixed
No Label
service
accounts
idea
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
bkero bumi fsmanuel galfert greg hueso raucao slvrbckt
No Assignees raucao greg
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: kosmos/chef#233
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?