Loading Display Pictures/Avatars from Red Hat IDM/FreeIPA into GNOME3

Earlier today I covered adding display images or avatars to your Red Hat IDM/FreeIPA users. If you’re interested in storing user images in Red Hat IDM, you can read more how to do it by following my previous article here.

I’ve spent a bit of time this evening working on expanding that new ability into other aspects of my regularly used applications. The former article mentions integration with the ejabberd Instant Messaging service, however this article will be detailing pulling those same display images/avatars and loading them into your everyday GNOME3 session.

This method, albeit not an official method, does work very well on brand new default profiles so any new users you have can benefit from this feature as well.

For a bit of background, GNOME3 populates the the user’s avatar in two methods. One is storing the image in the user’s home directory in a hidden file called “.face”. We will basically be using this method and using ldap to pull the image straight from your Red Hat IDM server and dumping it straight into our image file.

Please note: you will need to have the openldap-clients package installed on your systems in order for this method to work.


In order to pull the image, I have created a new executable script stored in /usr/local/bin/avatar which has the below contents.

server=$(dig -t soa $(hostname --domain) | grep -A1 "ANSWER SECTION:" | grep -v "ANSWER" | cut -f 6 | cut -d. -f1 )
server=$(echo $server | sed "s/$/.$(hostname --domain)/g")
image=$(ldapsearch -LLL -h $server -p 389 -x uid=$(whoami) jpegPhoto -t | grep jpegPhoto| cut -d: -f3)
mv $image $HOME/.face
chmod 644 $HOME/.face
echo "Icon=$HOME/.face" >> /var/lib/AccountsService/users/$(whoami)

Ensure your new script is executable.

chmod 755 /usr/local/bin/avatar

As your every day user won’t know the server names of your Red Hat IDM server’s, I have used a DNS query with dig to find one of the servers. Please be aware, I have only tested this method in an environment that has DNS completely managed by Red Hat IDM.

Now that we have the ground work in place, we need to have GNOME3 pull this script when a user log’s in. To do this, we create a new startup script to reference our above script.

Create the file /usr/share/gnome/autostart/avatar.desktopĀ  with the below contents.

[Desktop Entry]
Name=FreeIPA Avatar
Comment=Load FreeIPA Avatar into Gnome3 session

This is all you need to do on your workstations in order to pull your user’s avatar from Red Hat IDM/FreeIPA. All your user will need to do now is log out and back in again and their display picture will be mapped to the image you have stored in Red Hat IDM/FreeIPA.

This method has been tested on Fedora 19/20.

Below is a screenshot of user avatars which has been pulled from Red Hat IDM as they appear in the GDM Login Manager.

GDM User List


One comment on “Loading Display Pictures/Avatars from Red Hat IDM/FreeIPA into GNOME3

  1. karl September 17, 2015 09:51

    I can not make it work. I could add the jpegPhoto ldap field, I can see it in the output of ipa user-show –all, but ldapsearch does not output it:
    %ldapsearch -LLL -h ipa.quartzbio.com -x uid=karl | grep -i photo
    gives nothing. What could be the problem ?

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>