we used to have gravatar support once but it was dropped in 2018 as it didn’t meet FIPS requirements. We still have limited support for getting user avatars to Foreman. In a nutshell, user must use LDAP as external auth source. Foreman can then fetch jpegPhoto binary data, stores it on FS and can serve such images. Well, that worked until recently, we’re now missing ProxyPass definition in our apache config (one-liner to fix). If we fix it and user sets that up, as a reward, they can see user avatar in the Administer → Users list page. We don’t display it anywhere else. I’d personally say that
this is not overly useful and we would have to add the picture to more places like: top right menu, audits list, host detail page (owner)
it would be only useful if people could upload the picture directly without necessity to use LDAP for it
if we have this for users, we should also add it for user groups since they can also be host owner
if we allow to do this through WebUI, we should also make this possible through API, CLI and possibly foreman ansible modules
That’s quite some work and I’m afraid we don’t have resources for the improvements listed above. If there’s someone willing to work on this, please respond. If we keep this as is, it’s additional code to maintain and source of problems for some environments (the avatar filename is based on SHA1 hash).
Therefore I propose to drop this functionality. Let’s have a poll on this, we’ll close it in a month from now.
Feel free to drop the avatar functionality
Please keep it as it is, it’s valuable
0voters
Please also share any further details below in comments. Thank you!
I really like the feature in larger environments as I am bad at names but good with faces, so it makes it easier for me to address the correct person. I am also happy with the “get it from LDAP” feature as this is how I feel it should be in a professional environment. In our active directory everyone’s picture is stored which gets taken on the first day and enforced as avatar where this feature is available. I have seen similar policies at some customers, others allow the upload of any picture from the client.
So from your list of improvements I would only like to see the first, others are not necessary (at least immediately) as I see this as a totally different feature.
We ended up creating a plugin to do the avatar retrieval and storage using Rake tasks at Linköping University - because it turns out that lots of us are also much better with faces than with names.
For us, points 2-4 wouldn’t offer any real benefit, but the changes listed in point 1 would make using Foreman easier for several of our admins.
As it seems this is useful for some users (poll not closed yet, vote if you haven’t!), would it make sense to take this functionality and merge it to your plugin? I saw it is a bit liu.se specific, but also adds nice functionality. I think there would be a better chance of having more people contributing to that functionality if it’s at single place.
I also hear what you both are saying about the suggested new functionality. Adding just 1 is probably useful for all users currently using the LDAP feature. 2-4 is more for adding full avatar support, even for people not using it today.
Extracting the full avatar capability into a plugin certainly sounds like it could be one solution - hopefully leaving the placeholder silhouette in the UI (since that leaves a good place in DOM to replace with the actual avatar), shouldn’t be too difficult for us to retool onto a general-purpose avatar plugin as well as some Linköping University -specific code to automatically download our employee avatars like we do at the moment.
Sorry, it took me some time to restore the old reproducer where I had the fix applied. I can confirm, it is indeed what Dirk proposes. While I think we can merge the fix, I don’t think this feature is high priority. Given it was broken for such long time. I think we should drop it whenever we encounter any maintenance effort in this codebase.
