They all use the machine account AFAIK. But creating a savapage AD user shouldn’t be a problem, at least a warning notice to create one could be enough for now.
This is already in discussion in some threads because an AD user has advantages ie for remote join. But this would affect the whole app stack and is a kind of a big change.
The savapage-cmd --sync-users-and-groups is working from shell but it isn’t in my install script. I have to start it a second time to sync the users but this issue may have nothing to do with savapage.
When testing I noticed that savapage-cmd --sync-users-and-groups outputs “null” in any case, no matter if the sync worked. @rijkr, could you change it to output the same text as in web interface?
I allowed access for the items you mentioned. You can set “financial.global.currency-code” just once. If you want to change it afterwards you need the ./savapage-cmd --change-base-currency option.
The “null” output was not intended, and is fixed now. No output is given, with exit code 0 (zero), to indicate the sync was started successfully in the background. Since the sync proceeds in the background after ./savapage-cmd returns, no feedback can be given. If you definitely need to know in your install script when/how the background sync finished, an additional savapage-cmd option is needed.
Because my account was on hold, I couldn’t tell you this yesterday …
I added config item auth.ldap.use-ssl.trust-self-signed. 0000912: Add option to trust self-signed certificate for LDAPS - SavaPage Issue Tracker . Since it defaults to N you need to set it to Y before starting the sync: ./savapage-cmd --set-config-property --name "auth.ldap.use-ssl.trust-self-signed" --value Y
Testing the latest itteration of the nethserver-savapage module:
Test with Local AD:
Install went flawlessly! Great work
First screen after logging in to SavaPage admin user. All is configured and ready to use. Do take care of changing savapage admin user (important!)
Prompted with change admin password and ready for use after logging in with admin user.
LDAP users are synced. LDAP admin is not filled in. BTW, I connected to remote LDAP with cn=ldapservice,dc=directory,dc=nh and remote bind credentials.
That would be nice, because it would be a challenge to add a savaaduser to a remote (Samba4) AD account provider right? Probably the same for a remote LDAP account provider.
In this case it’s like we would need a user to create a user, so it won’t make sense.
For remote it has to be done manually, you have to enter username/password of an allowed user when binding NS to remote LDAP/AD except of anonymous bind is allowed. For savapage we just use the credentials given at NS account provider setup.
I managed to test all scenario’s (local AD, local LDAP, remote AD and remote LDAP) successfully. Would that mean that NethServer-SavaPage module is ready for nethforge-testing repo?
/edit: just to be complete, I also tested on NS with no accountprovider installed: flawless!
/edit2: stretched the test a bit further: After installing SavaPage on a NS7 without account provider, I installed Samba4 AD accountprovider. SavaPage automagically switches from local accounts to Samba4 AD account provider. After that, I deinstalled Samba4 AD account provider and installed LDAP account prvider. Again, SavaPage was configured automagically with LDAP settings.
Can’t say anything else but: GREAT WORK @mrmarkuz!
You have noticed that SavaPage is under constant development. @rijkr is doing a great job adding generic features in a way that specific wishes are implemented.
So it will be necessary to update the package regularly. @rijkr: how can we make this a steady process? I mean, there are quite some new releases in the form of snapshots, but as soon as a major release has come out, we should get notified in some way so the module can be adapted.
You are right abouyt the ldap service user instead of a dedicated savaaduser. Especially with remote AD environments it is not expected to have access in creating a new user in AD.
About printing: this is IMO a next level configuration of SavaPage and does not belong in the module. This module should give a basic install that meets the first install needs. After that savapage needs a LOT of configuring. It is a very complex application with a lot of parameters. IMO we should not tinker with it. The admin that is installing SavaPage has to dive into configuration with the (official) SavaPage manual in his hands. Only then SavaPage can work and perform to its full potential.
@robb , you are right, a lot of scenario’s are supported. If practice shows there are common scenario’s for the NethServer community, we can rethink on how to give these scenario’s a kick-start by configuration.
Above that, the technicalities of getting printers to work as expected, especially staple, punch, fold and booklet finishings, can be “challenging”. Although SavaPage PPD Extensions offers ample possibilities to bend the PPD specifics of every printer into a simple printer setting dialog, this tailoring is not for the novice. If support is needed in that area I can assist. The good news is, that once PPD Extensions for printer type/models are known and published, they can be reused by everyone. To get an idea of the challenge, have a look at Appendix K. PPD Extensions