Can't locate object method "bindUser" via package "NethServer::SSSD"

Today I was talking with @giacomo about removing that method because it was not used :grin:

We were wrong!

We could revert the change, however can you explain why you didn’t use bindDN() instead?

well for now I’m just testing different combination and like you pointed it I use bindDN, but for my future need I initiated it

https://github.com/stephdl/nethserver-phpldapadmin/blob/ns7/root/etc/e-smith/templates/etc/phpldapadmin/config.inc.php/08Settings_of_Ldap_server

the work is not finished, and now I have something broken with the authentication :slight_smile:

Here you are preparing a PHP template output:

https://github.com/stephdl/nethserver-phpldapadmin/blob/ns7/root/etc/e-smith/templates/etc/phpldapadmin/config.inc.php/08Settings_of_Ldap_server#L51

Use single quotes to disable special chars and add a backslash before any ’ (apostrophe).

1 Like

Do you need to get back bindUser() ?

I have had someting workable with samba4 AD even without specifying the bindDN and the bindPassword for the user administrator. I can change settings with phpldapadmin

But the user admin has still not enough right to do it with phpldapadmin in openldap :-?

I don’t think so, think to modify the perldoc :stuck_out_tongue:

1 Like

This action does all the magic, but only for new OpenLDAP installations

https://github.com/NethServer/nethserver-directory/blob/master/root/etc/e-smith/events/actions/nethserver-directory-createadmins

Also see

https://github.com/NethServer/nethserver-directory/blob/master/README.rst#administrative-access

available in nethforge-testing ?

it seems so

[root@NS7DEV ~]# ll /etc/e-smith/events/actions/nethserver-directory-createadmins
ls: cannot access /etc/e-smith/events/actions/nethserver-directory-createadmins: No such file or directory

Yes it’s in nethserver-testing. @giacomo has fixed it today

http://mirror.nethserver.org/nethserver/7.2.1511/testing/x86_64/Packages/nethserver-directory-3.1.0-1.35.g9831c66.ns7.noarch.rpm

1 Like

sorry davidep and @giacomo I used bindUser first with dokuwiki and it nicely works, can we continue to use it ???

following the documentation of the ad plugin, we cannot use a ‘normal’ bind name like bindDN

https://www.dokuwiki.org/auth:ad

  $conf['auth']['ad']['ad_username']        = 'root';
  $conf['auth']['ad']['ad_password']        = 'pass';

Yes, however I want to define clearly what is its return value. If you agree we can define it as follow:

  1. if sssd/BindUser prop is defined and not empty, return its value
  2. if LDAP provider extract the value from the first part of bindDN() return value. For instance if bindDN() returns uid=ldapservice,dc=directory,dc=nh, bindUser() returns ldapservice
  3. if AD provider, check the bindDN() return value syntax. AD allows (a) DN syntax, (b) NT account name (DOMAIN\sAMAccountName) and (c) UPN names. If (a), apply case 2, if (b) return sAMAccountName, if (c) return everything before @.
  4. if neither of the previous cases applies, return an empty string.

/cc @giacomo

I don’t know, I want it workable :slight_smile:

Ok I tested the new nethserver-directory with the manual trick of @giacomo, indeed, now my admin user can modify the ldap entries.

1 Like

There’s an updated nethserver-sssd in testing:

nethserver-sssd-1.0.8-1.86.g221ea64.ns7.noarch.rpm

The bindUser() method implements the heuristics discussed above. Do you want to give it a try?

1 Like

after the sssd update the user-panel crash with

[1] Call to a member function isReadOnly() on a non-object

See the system log for details.

the installed version is

[root@NS7DEV5 ~]# rpm -qa nethserver-sssd
nethserver-sssd-1.0.8-1.86.g221ea64.ns7.noarch

The full log message at /var/log/httpd-admin/error_log

[Thu Dec 01 18:32:15.556694 2016] [:error] [pid 2248] [client 192.168.12.25:56888] PHP Warning:  call_user_func() expects parameter 1 to be a valid callback, no array or string given in /usr/share/nethesis/NethServer/Module/Account/User/UserAdapter.php on line 38, referer: https://ns7dev5:980/en-US/Dashboard
[Thu Dec 01 18:32:15.556739 2016] [:error] [pid 2248] [client 192.168.12.25:56888] PHP Fatal error:  Call to a member function isReadOnly() on a non-object in /usr/share/nethesis/NethServer/Module/Account/User/UserAdapter.php on line 59, referer: https://ns7dev5:980/en-US/Dashboard

something wrong :slight_smile:

Did you update nethserver-* from testing?

no only nethserver-sssd

yum update --disablerepo=* --enablerepo=nethserver-testing
Updated:
  duc.x86_64 0:1.4.2-1.ns7                               nethserver-base.noarch 0:3.0.11-1.11.ge1b9cb1.ns7 nethserver-duc.noarch 0:1.4.0-1.1.g03606ff.ns7 nethserver-httpd-admin.noarch 0:2.0.4-1.2.g0bd6b69.ns7
  nethserver-letsencrypt.noarch 0:1.1.2-1.2.gbf1d159.ns7 nethserver-lsm.noarch 0:1.2.0-1.6.g4bb992e.ns7   

I have now my userpanel

2 Likes

Updated:
duc.x86_64 0:1.4.2-1.ns7
nethserver-base.noarch 0:3.0.11-1.11.ge1b9cb1.ns7
nethserver-duc.noarch 0:1.4.0-1.1.g03606ff.ns7
nethserver-httpd-admin.noarch 0:2.0.4-1.2.g0bd6b69.ns7
nethserver-letsencrypt.noarch 0:1.1.2-1.2.gbf1d159.ns7
nethserver-lsm.noarch 0:1.2.0-1.6.g4bb992e.ns7

[root@NS7DEV5 ~]# rpm -qa nethserver-sssd
nethserver-sssd-1.0.8-1.86.g221ea64.ns7.noarch
[root@NS7DEV5 ~]# rpm -qa nethserver-dc
nethserver-dc-1.0.7-1.13.gfd50618.ns7.x86_64

once this rpm installed I joined the samba ad. at the end I have two users

admin@mydomain.com
administrator@mydomain.com

each user once the password is set can change values with phpldapadmin

No regression with bindUser and dokuwiki

as a side note I love the lost of the default password ‘Nethesis,1234’

No error in log, I created a new user for a test purpose, I can use it in dokuwiki

now the url is ldaps, no more ldap :slight_smile:

2 Likes

with nethserver-directory and the nethserver-sssd update

Updated:
  duc.x86_64 0:1.4.2-1.ns7                               
nethserver-base.noarch 0:3.0.11-1.11.ge1b9cb1.ns7 
nethserver-duc.noarch 0:1.4.0-1.1.g03606ff.ns7   
nethserver-httpd-admin.noarch 0:2.0.4-1.2.g0bd6b69.ns7
  nethserver-letsencrypt.noarch 0:1.1.2-1.2.gbf1d159.ns7 
nethserver-lsm.noarch 0:1.2.0-1.6.g4bb992e.ns7    
nethserver-sssd.noarch 0:1.0.8-1.86.g221ea64.ns7


Installed:
  nethserver-directory.noarch 0:3.1.0-1.36.g37499c3.ns7                                                                                                                                                            
Dependency Installed:
  libtool-ltdl.x86_64 0:2.4.2-21.el7_2             
openldap-clients.x86_64 0:2.4.40-9.el7_2             
openldap-servers.x86_64 0:2.4.40-9.el7_2             
perl-List-MoreUtils.x86_64 0:0.33-9.el

After the installation, only the user admin@domain.com exists, you must set a password

this user can modify values in openldap with phpldapadmin, we can authentify with dokuwiki also either with the user admin or another user created for tests

2 Likes