A page for users to change their passwords, that isn’t part of the server manager. Most of my users are remote, I don’t want to make them VPN in just to change a password, and I certainly don’t want to expose the server manager to the Internet.
My wish is to integrate Horde Groupware into the Software Center.
It’s on the way but needs some improvement and testing:
I almost posted something ‘smart’ that you can change pw from servermanager, Then I realized I had to read on a bit further and saw the “…that isn’t part of the server manager…” part of your suggestion…
So, yeah it would be nice to have such a feature, but if it isn’t part of server manager, how should it be implemented then? Having a web facing option to change passwords is not my idea of having a safe solution. What would be the problem with VPN into the LAN to reach the server manager?
With a separate page that only allows users (probably excluding admin users) to manage their own accounts. That would be the natural place to put the “download mobileconfig” page for my nethserver-automx module, too. Maybe allow users to change their directory details, if we want to be fancy.
Why not? It’s certainly safer than exposing the entire server manager, which is the only current way to do this. And the server manager is available on the red interface by default. Yes, there’s some exposure there–there’s exposure with every public service. Thus, the admin should be able to decide whether, and where, to make such a page available–as is the case for pretty much every other service.
This is something that pretty much every web service does, and I can’t be the only Neth admin who has primarily remote users.
- It’s an unnecessary complication.
- Most of my users aren’t very tech-savvy, amplifying the above.
- My users have no other reason to be on my home LAN.
- With nothing against my users, I don’t particularly want them on my home LAN.
I just was pointed to a new uploaded video by Zentyal about how to migrate FSMO roles to a Zentyal server.
Zentyal has created a small perl script that does all the magic and makes it fairly easy to migrate from MS DC to Zentyal DC.
Since NethServer also uses Samba4 as AD accountprovider, I thought it shouldn’t be that hard to make this possible for NethServer too.
The Zentyal script is called ad-migrate and you can find it on any Zentyal (5.1) server in /usr/share/zentyal-samba directory.
If you want to know the content of the perl script, have a look at https://ghostbin.com/paste/527cj
Bottomline: could we create such a script for NethServer too? Can we think of other useful admin actions that could use a script, instead of going through some risky, error-prone commands?
Are there already (hidden) scripts that could be used?