Local LDAP UI add missing attribute

andreas · June 28, 2019, 8:18pm

Hello,

I am trying to add OpenProject to Nethserver.

Unfortunately there is at least one LDAP atttrubute missing inside Netherver: givenName. The LDAP access from OpenProject works, but it cant find the givenName. (It asks to input Name and Surname but the notification field is blocking the UI; different problem…

Is there an easy way to add this parameter to Nethserver GUI?
I already modified /etc/e-smith/events/actions/nethserver-directory-user-create
/etc/e-smith/events/actions/nethserver-directory-user-modify
with this information:

…
my $userGivenName = shift;

# Now create the user account. --surname triggers inetOrgPerson
# schema in ldapEntry and is required for nethserver-directory to
# work.
system(
“/usr/sbin/luseradd”,
‘-g’, ‘locals’,
‘-n’,
‘-M’,
‘–surname’, $userName,
’–givenname’, $userGivenName,
‘-d’, $homeDirPrefix . $userName,
“-k”, “/etc/skel/”,
“-s”, $shell,
‘–commonname=’ . $name ,
‘–gecos=’ . $gecos,
$userName
) == 0 or die “Failed to create user account $userName.\n”;

Can anyone advice on how to get the input field for givenName into account creation and modify parts of the GUI?

Best,
Andy

dnutan · July 1, 2019, 3:25pm

@dev_team, do you have some advice for Andy?

davidep · July 1, 2019, 4:08pm

Hello Andreas, and welcome to NethServer community!

If Nethgui does not set the attributes as expected it is safe to edit the LDAP attributes with any LDAP management software as long as the schema is preserved. For instance:

andreas · July 1, 2019, 4:50pm

Hello Marc and Davide,

thank you both for your reply!

Until now, I helped myself by adding the missing entries for GivenName using the shell:
sh# ldapmodify -x -D uid=admin,ou=People,dc=directory,dc=nh -w ‘TopSecret2019’

dn: uid=Testuser,ou=People,dc=directory,dc=nh
changetype: modify
replace: givenName
givenName: Testname

I think that an additional LDAP management software on Nethserver is ok on a development machine but not on end user installations.

I would like to add the GivenName field (or any other) to the WebUI. Could you tell me where the page is stored or generated?

Thank you so much,
Andreas

stephdl · July 1, 2019, 8:44pm

First keep in mind that your changes will be removed with any update from nethserver-sssd

then now take a look to /usr/share/nethesis/NethServer/Module/Account/User.php and files inside /usr/share/nethesis/NethServer/Module/Account/User/

Please come back with your questions

andreas · July 1, 2019, 10:29pm

Hi Stéphane,
thank you so much, you pointed me into the right direction.

I was able to get a new input field in (Users and Groups) by modifying /usr/share/nethesis/NethServer/Template/User/Modify.php:
$basicInfo = $view->panel()
->setAttribute(‘title’, $T(‘BasicInfo_Title’))
->insert($view->literal($username))
->insert($view->textInput(‘gecos’))
->insert($view->textInput(‘givenname’))

Now I need help finding where the LDAP information is read in and how to pass it into the new input field.

Do you know where to edit the adaptor?

Thanks,
Andy

davidep · July 2, 2019, 7:44am

Why? I think it’s far better than adding PHP code and maintaining a private fork!

You can also install the LDAP management software on a different system, like your personal laptop, and connect it remotely to your server.

The Users and Group page has limited features because it has to work with both AD and LDAP accounts provider. Its goal is to list users and groups. If the accounts provider is local it allows also to create/delete them; however fine LDAP attribute editing is out of its scope.

stephdl · July 2, 2019, 3:20pm

when you save the settings, you trigger an event, these events can be found at

[root@prometheus ~]# ll /etc/e-smith/events/user-*
/etc/e-smith/events/user-cleanup:
total 0
lrwxrwxrwx 1 root root 42 Jun 21 08:33 S10nethserver-mail-account-cleanup -> ../actions/nethserver-mail-account-cleanup
lrwxrwxrwx 1 root root 44 Mar 22 08:28 S10nethserver-sssd-user-home-cleanup -> ../actions/nethserver-sssd-user-home-cleanup

/etc/e-smith/events/user-create:
total 0
lrwxrwxrwx 1 root root 36 Jun  4 22:08 S40nethserver-dc-user-create -> ../actions/nethserver-dc-user-create
lrwxrwxrwx 1 root root 33 Jun  4 22:08 S50nethserver-dc-sync-upn -> ../actions/nethserver-dc-sync-upn
lrwxrwxrwx 1 root root 38 Mar 22 08:28 S90nethserver-sssd-clear-cache -> ../actions/nethserver-sssd-clear-cache
drwxr-xr-x 2 root root 23 Sep 16  2018 services2adjust

/etc/e-smith/events/user-delete:
total 0
lrwxrwxrwx 1 root root 36 Jun  4 22:08 S40nethserver-dc-user-delete -> ../actions/nethserver-dc-user-delete
lrwxrwxrwx 1 root root 65 Oct  5  2018 S60nethserver-delegation_delete_user_delegations_database -> ../actions/nethserver-delegation_delete_user_delegations_database
lrwxrwxrwx 1 root root 38 Sep 16  2018 S80nethserver-sogo-delete-user -> ../actions/nethserver-sogo-delete-user
lrwxrwxrwx 1 root root 38 Mar 22 08:28 S90nethserver-sssd-clear-cache -> ../actions/nethserver-sssd-clear-cache
lrwxrwxrwx 1 root root 39 Mar 22 08:28 S90nethserver-sssd-data-cleanup -> ../actions/nethserver-sssd-data-cleanup
drwxr-xr-x 2 root root 23 Sep 16  2018 services2adjust
drwxr-xr-x 3 root root 17 Nov 24  2017 templates2expand

/etc/e-smith/events/user-lock:
total 0
lrwxrwxrwx 1 root root 34 Jun  4 22:08 S15nethserver-dc-user-lock -> ../actions/nethserver-dc-user-lock
lrwxrwxrwx 1 root root 38 Mar 22 08:28 S90nethserver-sssd-clear-cache -> ../actions/nethserver-sssd-clear-cache

/etc/e-smith/events/user-modify:
total 0
lrwxrwxrwx 1 root root 36 Jun  4 22:08 S40nethserver-dc-user-modify -> ../actions/nethserver-dc-user-modify
lrwxrwxrwx 1 root root 38 Mar 22 08:28 S90nethserver-sssd-clear-cache -> ../actions/nethserver-sssd-clear-cache
drwxr-xr-x 2 root root 23 Sep 16  2018 services2adjust

/etc/e-smith/events/user-unlock:
total 0
lrwxrwxrwx 1 root root 36 Jun  4 22:08 S15nethserver-dc-user-unlock -> ../actions/nethserver-dc-user-unlock
lrwxrwxrwx 1 root root 38 Mar 22 08:28 S90nethserver-sssd-clear-cache -> ../actions/nethserver-sssd-clear-cache

I love this thread

for example /etc/e-smith/events/user-modify/S40nethserver-dc-user-modify is symbolic link to /etc/e-smith/events/actions/nethserver-dc-user-modify

FYI I use SAMBA AD

andreas · July 3, 2019, 10:25am

Hey Stéphane,

thanks for posting the needed information
In contrast to what was said about the limiting of the Users and Groups Provider to stay compatible between AD and LDAP I think that a subset of (InetOrg)Person Attributes is the same for both worlds and should be included not just in a private fork.

I will later dump the attributes of a User from a 2016 AD and create an overlapping attribute list.

I have to work with all kinds of Directories on a daily basis. Artificially closing a directory (or any other feature) down cripples its usage and interoperability. Simon Peter has done a wonderful presentation about these kinds of problems: Linux Desktop Platform Issues

this thread as well