diff --git a/lumi2/__init__.py b/lumi2/__init__.py
index d615a31..f9f63c3 100644
--- a/lumi2/__init__.py
+++ b/lumi2/__init__.py
@@ -24,6 +24,7 @@ def create_app(test_config=None):
         LDAP_GROUPS_OU='ou=groups,dc=example,dc=com',
         LDAP_USER_OBJECT_CLASS='inetOrgPerson',
         LDAP_GROUP_OBJECT_CLASS='groupOfUniqueNames',
+        MAX_CONTENT_LENGTH=8_000_000,
     )
 
     if test_config is None:
diff --git a/lumi2/templates/usermanager/user_detail.html b/lumi2/templates/usermanager/user_detail.html
index 36d059b..87e298a 100644
--- a/lumi2/templates/usermanager/user_detail.html
+++ b/lumi2/templates/usermanager/user_detail.html
@@ -14,6 +14,8 @@
     <input name="display_name" id="display_name" placeholder="{{ user.display_name }}">
     <label for="password">Password</label>
     <input name="password" id="password" type="password" placeholder="********">
+    <label for="picture">Picture</label>
+    <input name="picture" id="picture" type="file" accept="image/jpeg">
     <input type="submit" value="Update">
 </form>
 {% endblock content %}
diff --git a/lumi2/usermanager.py b/lumi2/usermanager.py
index 98d7d61..1781752 100644
--- a/lumi2/usermanager.py
+++ b/lumi2/usermanager.py
@@ -1,8 +1,12 @@
 """Views for lumi2."""
 
+from pathlib import Path
+from tempfile import TemporaryDirectory
+
 from flask import (
     Blueprint, render_template, abort, request, flash
 )
+from PIL import Image, UnidentifiedImageError
 
 import lumi2.ldap as ldap
 from lumi2.usermodel import User, Group
@@ -22,6 +26,14 @@ def index():
 def user_detail(username: str):
     """Detail view for a specific User."""
 
+    def _file_extension_is_valid(filename: str):
+        allowed_extensions = ["jpg", "jpeg"]
+        if '.' not in filename:
+            return False
+        if filename.rsplit('.', 1)[1].lower() not in allowed_extensions:
+            return False
+        return True
+
     try:
         conn = ldap.get_connection()
     except Exception:
@@ -65,9 +77,33 @@ def user_detail(username: str):
         if request.form['password']:
             user.password_hash = User.generate_password_hash(request.form['password'])
 
+        picture_updated = False
+        if 'picture' in request.files:
+            file = request.files['picture']
+            if len(file.filename):
+                if _file_extension_is_valid(file.filename):
+                    with TemporaryDirectory() as tempdir:
+                        path_to_file = Path(tempdir) / "upload.jpg"
+                        file.save(path_to_file)
+                        try:
+                            picture = Image.open(path_to_file, formats=['JPEG'])
+                            user.picture = picture
+                            picture_updated = True
+                        except UnidentifiedImageError:
+                            flash(
+                                "There was a problem with the provided picture " \
+                                "(it may be corrupted)."
+                            )
+                            form_is_valid = False
+                else:
+                    flash("Invalid file extension for picture.")
+                    form_is_valid = False
+
         if form_is_valid:
             ldap.update_user(conn, user)
             flash("User information was updated!")           
+            if picture_updated:
+                ldap.get_user(conn, user.username)._generate_static_images(force=True)
 
     conn.unbind()
     return render_template('usermanager/user_detail.html', user=user)