Syntax to push LDAP JPEGPhoto entry via dscl

[TheMacTech]

I want to push a jpeg picture of a user in his LDAP entry using DSCL.

The jpeg is saved in the LDAP entry in a hex dump format. I am able to retrieve a picture using:

dscl . read /LDAPv3/127.0.0.1/Users/username JPEGPhoto | xxd -r -p > filename.jpg

but if I try to push a jpg using:

dscl -u 'diradmin' -P 'password' /LDAPv3/127.0.0.1/ -create /Users/username JPEGPhoto `xxd -p ~/Desktop/Photo.jpg`

I do get a hex dump in the JPEGPhoto entry, but it must improperly formatted as it doesn't show the picture in workgroup manager or the directory utility.

Anyone know the proper way to get a user's picture in his LDAP entry via terminal?

Thanks

Manuel

[jtownsend]

dscl cannot edit binary attributes, even though it does display their values as hex.

There are two ways you could do this. One is using ldapmodify, which uses LDIF format and you can pass binary data through LDIF. There may also be a way to refer to an external file, but to get the base64 you can use the openssl command line tool.

The other is using dsimport... you can put a prefix of base64: on an attribute type and it will treat the data in the file as base64, or you can use externalbinary: and put a filename to a JPEG file in the import file, then the actual data comes from the JPEG file.

Here's an example import file, using this technique:

[aaron]

Humorously enough, I needed this command just this week. I also discovered some unintended consequences when using the example above. It seems dsimport is too smart and does more than we want it to. Specifically, when used with my 10.5.8 Open Directory server, the above command will assign a new User ID (UniqueID) and GUID (GeneratedUID) to the user. It also erases alternate short names (RecordName).

The solution is to import more information. The minimum necessary fields for me were something like this: