NethServer-SavaPage module

education
savapage
cups
v7

(Markus Neuberger) #41

Thanks for testing!

You are right, for now only local LDAP.is working. It will be included in the next update.

Ok so I’d use the user source that is provided by NethServer and some mail settings as default. Which currency or locale to use as default? Should we also enable Mail/Web Print or some converters?


(Rob Bosch) #42

thnx for confirming. i will have local ldap a go.
hmm… default settings for a globall community … i don’t know it would be a good idea to go with defaults?
Isn’t there a way to get those settings from NethServer? Or create several defaults and based on set locale in NethServer a SavaPage default is generated?

For instance: If the Organization Contacts (in the configuration section of the admin interface) gets a small extension with Country(code), we could generate a list with all currencies for each country and get the info from there?

When loggin in SavaPage, there are already several locales/translations available:

  • German
  • English
  • French
  • Spanish
  • Russian
  • Dutch

On the other hand, IMHO it wouldn’t be that bad if SavaPage remains with the need of some configuration. After all, it is a VERY complicated and extensive application that will need additional configuration for anyone that wants to use it anyway. There are so many scenarios thinkable that it is impossible to get them all covered through initial install.
After initial configuration the way users are allowed to print has to be determined. If they need to pay per print and how the payment is handled. There are so many different options…
If there is no easy option to add the initial configuration to the installer, maybe we should settle with a clear instruction how to do the initial configuration… Personally I wouldn’t have too much problems with that.


(Rob Bosch) #43

Just checked extra what post install things need configuration:
https://www.savapage.org/docs/manual/ch-install-configure.html

  • Set Locale (Options → Advanced → Locale)
  • Set Currency Code (Options → Financial)
  • Set User Source (Options → User Source)
  • Set Mail Options (Options → Mail)

When these things are set, you get the confirmation in Dashboard:


(Markus Neuberger) #44

Yes, we also could use the NethServer timezone settings, I’ll have to check how to get currency.

I think this are just the web interface translations.


(Rob Bosch) #45

That would be awesome!

Your are correct…

BTW, just thinking about user setup. If the NS instance has not joined LDAP or AD and no local LDAP or AD is configured, SavaPage should be configured with local users only. Of course this can be changed later if the NS instance with SavaPage joins LDAP or AD domain.


(Markus Neuberger) #46

Thanks, I did not cover this case but it’s on my todo list now.


(Rob Bosch) #47

More work for you @mrmarkuz :smiley:
Rijk has done some work on the savapage-cfg command option.

https://issues.savapage.org/view.php?id=909
and already added it to the manual:
https://www.savapage.org/docs/manual/app-tools.html#cli-get-config-property
https://www.savapage.org/docs/manual/app-tools.html#cli-set-config-property
https://www.savapage.org/docs/manual/app-tools-savapage-db.html#app-tools-savapage-db-config-set
https://www.savapage.org/docs/manual/app-tools-savapage-db.html

A new snapshot is available:
https://www.savapage.org/download/snapshots/ (you need the file created 26th dec)

Great to see 2 communities work together like this…


(Rijk Ravestein) #48

Hi Markus,

As Rob just posted, I added options to savapage-cmd and savapage-db to set config items.

Depending at what stage of the installation you want to add the items, you must use one of the two.

savapage-cmd is preferred, because it is swift. But, since it uses JSON-RPC, savapage server must already be running. savapage-db can be run stand-alone, when savapage server is not started. However, since each invocation establishes database connectivity over and over, performance is not that great for a simple row update (it takes approx. 4 seconds).

Good luck! Please let me know if you have any questions.


(Rob Bosch) #49

May I introduce to our community @rijkr : The developer of SavaPage. I am very glad he joined up here to have an even closer contact with the NethServer community and get us to the best print management experience possible in our NethServer ecosystem.

Thank you Rijk, for your effort and help so far!


(Markus Neuberger) #50

Just amazing!

Thanks for your work! The added options will help a lot.


(Markus Neuberger) #51

I tested the new options of both commands and they work as expected! Thanks again :+1:
But one thing is that NethServer uses a binary password with a lenght of about 170 chars for the machine account for AD join.
It seems that savapage-cmd/db can not save this binary password correctly. Do you have an idea how we could make it work?

A simple password works:

[root@testserver ~]# savapage-cmd --set-config-property --name auth.ldap.admin-password --value testpassword123! [root@testserver ~]# savapage-cmd --get-config-property --name auth.ldap.admin-password testpassword123!

Binary password:

[root@testserver ~]# savapage-cmd --set-config-property --name auth.ldap.admin-password --value="澝낍睘갮낽ꂧ恝禟ꆅ⠺泀Lꌾ﬉뢶끊꿁뀇磐ʁ㌋ꘂ딇ꋷꀟ㿕멄琉ꨨì뢤㝅ꙶ榡窈㹎﷍㢶洉ꍸ⧒㒄㐈歇牲됨更)뇪..." [root@testserver ~]# savapage-cmd --get-config-property --name auth.ldap.admin-password ??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????


(Rijk Ravestein) #52

Thanks for pointing this out! This issue is fixed by https://issues.savapage.org/view.php?id=910
and a new snapshot is available.


(Markus Neuberger) #53

Thanks for your quick response and fix!
Savapage-cmd now outputs the correct binary password. :clap:
But I still get an error 52e which means “invalid credentials” when testing the AD:

[test] Starting user synchronization...
[test] User synchronization error: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1].

Could it be that the $ char in the admin dn DOMAIN\TESTSERVER$ is the problem as DOMAIN\admin works?

Settings:

Testing:


(Rijk Ravestein) #54

I did not find anything on the ‘$’ character as such. Since “DOMAIN\admin” works as expected, I assume the config item password is correctly stored and passed to the LDAP server.

But, is DN syntax of “DOMAIN\xxxx” correct in all cases? I have not seen this syntax before. Organizations I know always use syntax with DC= and CN= snippets, e.g. like this:

Base DN : DC=datraverse,DC=local
Admin DN: CN=Administrator,CN=Users,DC=datraverse,DC=local

See https://www.savapage.org/docs/manual/ch-webapp-admin-options.html#ch-webapp-admin-options-user-source-ldap


(Markus Neuberger) #55

Usually DN and Logon name works and it does work with DOMAIN\admin so maybe machine account bind is not supported. I also tried it with machine DN but no success so far. I’ll test some more in the evening…


(Alessio Fattorini) #56

Hi @rijkr great to see you here and thank you @robb for inviting him. That’s definitely a huge opportunity to improve our products and work together


(Rijk Ravestein) #57

Hi @alefattorini, it’s great to be close to the community like this, and get firsthand feedback about how SavaPage acts in the NethServer ecosystem. I hope that our joint efforts will bring both products forward.


(Markus Neuberger) #58

Update:

yum install http://markusneuberger.at/download/nethserver-savapage-0.0.1-5.ns7.x86_64.rpm
  • Added password store process with savapage-cmd - thanks to @rijkr
  • Added no user source when no AD/LDAP is installed - thanks to @robb
  • Added simple defaults to get a ready to use savapage instead of having to do some setup steps
  • Added remote LDAP host

I tried to join to AD with machine account in different variations but without success. We may use a savapage AD user for getting around this issue.

Is there a possibility to sync the users from AD/LDAP via command line so I could sync them immediately after savapage is installed?


(Rijk Ravestein) #59

Are there any other 3rd party applications accessing AD? If yes, what (admin) user do they use to access AD? If SavaPage is the first to access AD, may be a general purpose admin AD user with read-only access is the way to go, so future applications can use that same id.


(Rijk Ravestein) #60

A new snapshot is available with https://issues.savapage.org/view.php?id=911
./savapage-cmd --sync-users-and-groups