Today I was talking with @giacomo about removing that method because it was not used
We were wrong!
We could revert the change, however can you explain why you didn’t use bindDN() instead?
Today I was talking with @giacomo about removing that method because it was not used
We were wrong!
We could revert the change, however can you explain why you didn’t use bindDN() instead?
well for now I’m just testing different combination and like you pointed it I use bindDN, but for my future need I initiated it
the work is not finished, and now I have something broken with the authentication
Here you are preparing a PHP template output:
Use single quotes to disable special chars and add a backslash before any ’ (apostrophe).
Do you need to get back bindUser() ?
I have had someting workable with samba4 AD even without specifying the bindDN and the bindPassword for the user administrator. I can change settings with phpldapadmin
But the user admin has still not enough right to do it with phpldapadmin in openldap :-?
I don’t think so, think to modify the perldoc
This action does all the magic, but only for new OpenLDAP installations
Also see
https://github.com/NethServer/nethserver-directory/blob/master/README.rst#administrative-access
available in nethforge-testing ?
it seems so
[root@NS7DEV ~]# ll /etc/e-smith/events/actions/nethserver-directory-createadmins
ls: cannot access /etc/e-smith/events/actions/nethserver-directory-createadmins: No such file or directory
sorry davidep and @giacomo I used bindUser first with dokuwiki and it nicely works, can we continue to use it ???
following the documentation of the ad plugin, we cannot use a ‘normal’ bind name like bindDN
https://www.dokuwiki.org/auth:ad
$conf['auth']['ad']['ad_username'] = 'root';
$conf['auth']['ad']['ad_password'] = 'pass';
Yes, however I want to define clearly what is its return value. If you agree we can define it as follow:
sssd/BindUser
prop is defined and not empty, return its valueuid=ldapservice,dc=directory,dc=nh
, bindUser() returns ldapservice
DOMAIN\sAMAccountName
) and (c) UPN names. If (a), apply case 2, if (b) return sAMAccountName, if (c) return everything before @
./cc @giacomo
I don’t know, I want it workable
Ok I tested the new nethserver-directory with the manual trick of @giacomo, indeed, now my admin user can modify the ldap entries.
There’s an updated nethserver-sssd in testing:
nethserver-sssd-1.0.8-1.86.g221ea64.ns7.noarch.rpm
The bindUser() method implements the heuristics discussed above. Do you want to give it a try?
after the sssd update the user-panel crash with
[1] Call to a member function isReadOnly() on a non-object
See the system log for details.
the installed version is
[root@NS7DEV5 ~]# rpm -qa nethserver-sssd
nethserver-sssd-1.0.8-1.86.g221ea64.ns7.noarch
The full log message at /var/log/httpd-admin/error_log
[Thu Dec 01 18:32:15.556694 2016] [:error] [pid 2248] [client 192.168.12.25:56888] PHP Warning: call_user_func() expects parameter 1 to be a valid callback, no array or string given in /usr/share/nethesis/NethServer/Module/Account/User/UserAdapter.php on line 38, referer: https://ns7dev5:980/en-US/Dashboard
[Thu Dec 01 18:32:15.556739 2016] [:error] [pid 2248] [client 192.168.12.25:56888] PHP Fatal error: Call to a member function isReadOnly() on a non-object in /usr/share/nethesis/NethServer/Module/Account/User/UserAdapter.php on line 59, referer: https://ns7dev5:980/en-US/Dashboard
something wrong
Did you update nethserver-* from testing?
no only nethserver-sssd
yum update --disablerepo=* --enablerepo=nethserver-testing
Updated:
duc.x86_64 0:1.4.2-1.ns7 nethserver-base.noarch 0:3.0.11-1.11.ge1b9cb1.ns7 nethserver-duc.noarch 0:1.4.0-1.1.g03606ff.ns7 nethserver-httpd-admin.noarch 0:2.0.4-1.2.g0bd6b69.ns7
nethserver-letsencrypt.noarch 0:1.1.2-1.2.gbf1d159.ns7 nethserver-lsm.noarch 0:1.2.0-1.6.g4bb992e.ns7
I have now my userpanel
Updated:
duc.x86_64 0:1.4.2-1.ns7
nethserver-base.noarch 0:3.0.11-1.11.ge1b9cb1.ns7
nethserver-duc.noarch 0:1.4.0-1.1.g03606ff.ns7
nethserver-httpd-admin.noarch 0:2.0.4-1.2.g0bd6b69.ns7
nethserver-letsencrypt.noarch 0:1.1.2-1.2.gbf1d159.ns7
nethserver-lsm.noarch 0:1.2.0-1.6.g4bb992e.ns7
[root@NS7DEV5 ~]# rpm -qa nethserver-sssd
nethserver-sssd-1.0.8-1.86.g221ea64.ns7.noarch
[root@NS7DEV5 ~]# rpm -qa nethserver-dc
nethserver-dc-1.0.7-1.13.gfd50618.ns7.x86_64
once this rpm installed I joined the samba ad. at the end I have two users
admin@mydomain.com
administrator@mydomain.com
each user once the password is set can change values with phpldapadmin
No regression with bindUser and dokuwiki
as a side note I love the lost of the default password ‘Nethesis,1234’
No error in log, I created a new user for a test purpose, I can use it in dokuwiki
now the url is ldaps, no more ldap
with nethserver-directory and the nethserver-sssd update
Updated:
duc.x86_64 0:1.4.2-1.ns7
nethserver-base.noarch 0:3.0.11-1.11.ge1b9cb1.ns7
nethserver-duc.noarch 0:1.4.0-1.1.g03606ff.ns7
nethserver-httpd-admin.noarch 0:2.0.4-1.2.g0bd6b69.ns7
nethserver-letsencrypt.noarch 0:1.1.2-1.2.gbf1d159.ns7
nethserver-lsm.noarch 0:1.2.0-1.6.g4bb992e.ns7
nethserver-sssd.noarch 0:1.0.8-1.86.g221ea64.ns7
Installed:
nethserver-directory.noarch 0:3.1.0-1.36.g37499c3.ns7
Dependency Installed:
libtool-ltdl.x86_64 0:2.4.2-21.el7_2
openldap-clients.x86_64 0:2.4.40-9.el7_2
openldap-servers.x86_64 0:2.4.40-9.el7_2
perl-List-MoreUtils.x86_64 0:0.33-9.el
After the installation, only the user admin@domain.com exists, you must set a password
this user can modify values in openldap with phpldapadmin, we can authentify with dokuwiki also either with the user admin or another user created for tests