Unfortunately there is at least one LDAP atttrubute missing inside Netherver: givenName. The LDAP access from OpenProject works, but it cant find the givenName. (It asks to input Name and Surname but the notification field is blocking the UI; different problem…
Is there an easy way to add this parameter to Nethserver GUI?
I already modified /etc/e-smith/events/actions/nethserver-directory-user-create
/etc/e-smith/events/actions/nethserver-directory-user-modify
with this information:
… my $userGivenName = shift;
# Now create the user account. --surname triggers inetOrgPerson
# schema in ldapEntry and is required for nethserver-directory to
# work.
system(
“/usr/sbin/luseradd”,
‘-g’, ‘locals’,
‘-n’,
‘-M’,
‘–surname’, $userName, ’–givenname’, $userGivenName,
‘-d’, $homeDirPrefix . $userName,
“-k”, “/etc/skel/”,
“-s”, $shell,
‘–commonname=’ . $name ,
‘–gecos=’ . $gecos,
$userName
) == 0 or die “Failed to create user account $userName.\n”;
Can anyone advice on how to get the input field for givenName into account creation and modify parts of the GUI?
Hello Andreas, and welcome to NethServer community!
If Nethgui does not set the attributes as expected it is safe to edit the LDAP attributes with any LDAP management software as long as the schema is preserved. For instance:
Until now, I helped myself by adding the missing entries for GivenName using the shell:
sh# ldapmodify -x -D uid=admin,ou=People,dc=directory,dc=nh -w ‘TopSecret2019’
Hi Stéphane,
thank you so much, you pointed me into the right direction.
I was able to get a new input field in (Users and Groups) by modifying /usr/share/nethesis/NethServer/Template/User/Modify.php:
$basicInfo = $view->panel()
->setAttribute(‘title’, $T(‘BasicInfo_Title’))
->insert($view->literal($username))
->insert($view->textInput(‘gecos’)) ->insert($view->textInput(‘givenname’))
Now I need help finding where the LDAP information is read in and how to pass it into the new input field.
Why? I think it’s far better than adding PHP code and maintaining a private fork!
You can also install the LDAP management software on a different system, like your personal laptop, and connect it remotely to your server.
The Users and Group page has limited features because it has to work with both AD and LDAP accounts provider. Its goal is to list users and groups. If the accounts provider is local it allows also to create/delete them; however fine LDAP attribute editing is out of its scope.
thanks for posting the needed information
In contrast to what was said about the limiting of the Users and Groups Provider to stay compatible between AD and LDAP I think that a subset of (InetOrg)Person Attributes is the same for both worlds and should be included not just in a private fork.
I will later dump the attributes of a User from a 2016 AD and create an overlapping attribute list.
I have to work with all kinds of Directories on a daily basis. Artificially closing a directory (or any other feature) down cripples its usage and interoperability. Simon Peter has done a wonderful presentation about these kinds of problems: Linux Desktop Platform Issues