The password of the AD/LDAP user named admin.
You can set it in the Domain and Users page in NS8 UI.
tested with an ad, but the openldap should be good
tested with openldap ok
tested with AD ok
use the password of ldap
Thank you @mrmarkuz
You managed to get me to solve the problem. Unfortunately, in the case of the NS8, unlike the NS7, I constantly find that the descriptions are not accurate and detailed. That is why those asking for help and those helping often talk to each other.
I tested the login on the LAM demo page and there the admin can log in with the lam password.
However, there is no default admin user in NS8 AD/LADAP, instead there is only administrator. On the NS8 LAM website, the username cannot be overwritten with administrator instead of admin, so you cannot log in either with admin (because it does not exist in LDAP) or with administrator because admin cannot be overwritten…
The only correct solution is to create the admin user as a member of the Domain Admins group and give him a password on the Domain an Users page on the NS8 UI before installing the LAM or logging in for the first time. Thus, we can successfully enter the LAM with the admin that appears on the LAM website and the set password.
It would help a lot if everyone could strive to describe the information, descriptions, and howtos as precisely as possible so that what is described can be reproduced in every case. This would really help those familiar with the NS8, but otherwise it could scare away interested parties.
Fortunately, I’m like a dog, I chew on the bone until something comes out…
You can setup any Domain user to be selectable in the user dropdown field by editing the LAM server profile, in the “List of valid users”.
It seems also possible to use LDAP search by changing the “login method” but I never tested it.
I think this is really an important skill for solving issues.
Use the text area in the ns8 settings to allow the users, it will write the relevant configuration in the lam settings, it is simpler
The wiki of nethserver should be documented on this module, we should make screnshots and explanations. Please go ahead
I tried to fix some bugs in the UI, the textarea is workable, and it reflects the changes to the lam configuration, however it is a one way, allowed users must be done in the UI of cluster admin
i push the version 8.9
released as lam1.0.3
I have prepared a description of the installation of LAM to help everyone as much as possible. Many thanks to @stephdl and @mrmarkuz for their help with the solution and the release of the new LAM version.
Install NS8 LDAP Account Manager
Instead of the phpLDAPAdmin used under NS7, it is possible to manage LDAP user accounts under NS8 by installing the ns8-lam module. This should not be installed locally on the server, but run as a module as a pod.
The ns8-lam module can be installed from the Software center, the Lam app must be found and installed. After installation, the Software center is available under Installed applications.
By clicking on Instances, the app appears,
where clicking Open app opens the application interface, where you can check its status and make the necessary settings. Select Settings on the left.
Here you must enter the FQDN of the LAM according to the previously created domain, in our example it should be mylam.domain.lan.
You must also enter the name of the LDAP domain that we created earlier under Domain and users, in our example it is ad.domain.lan.
In the Allowed LDAP user list, enter the name of the user for logging in to the LAM portal. This user must be a member of the Domain Admins group under Domain and users on the NS8 UI. By default, the administrator user is displayed here, but no password has been set for it.
IMPORTANT However, you should know that the default user for logging into the LAM portal is admin, but such a user does not exist and thus cannot be a member of the Domain Admins group under Domain and users on the NS8 UI. This way you cannot log in to LAM.
There are two possible solutions to this problem. According to one, we create an admin user for the Domain Admins group under Domain and users on the NS8 UI and give it a password. With this, you can immediately log in to LAM.
Another option is to set a password for the administrator user under Domain and users on the NS8 UI, but we will still not be able to log in with this, because the only authorized user on the LAM portal is admin. However, on the LAM portal, there is a LAM configuration link at the top right, clicking on which will bring up an additional menu group, where a new login window will open by selecting Edit server profiles. The password of the LAM user must be entered here, which by default (if it has not been changed) is the term “lam”. This is worth changing.
Once logged in, you can add an additional user valid for login under the Sever setting at the List of valid users. The user must be entered according to the LDAP rules, in this case the administrator user must be entered in a new line in the following form:
CN=administrator,CN=Users,DC=ad,DC=domain,DC=lan
All additional users must be entered in a separate line, but as I wrote, the users entered here must be members of the Domain Admins group under Domain and users on the NS8 UI.
Thank you very much for your helpfulness steph, I was not disappointed in you again. You also helped me a lot with the NS7, thanks for that.
I see you released a new version of lam and updated the wiki as well. I trust that it will be easier for others to navigate the new solutions. Therefore, I also prepared a description of the installation of lam and published it here, I hope it will be useful.
However, I see that lam does not behave the same as phpLDAPAdmin. I can’t find LDAP records such as the userPrincipalName. Moreover, it does not show the email address of the users, which is automatically created when the user is created and registered in the LDAP.
Do you know anything about what causes them?
Thanks for your help.
there is no mail address in nethserver ldap
userPrincipalName is only for AD
I think you can trick what field you want to show in the lam settings
it is EOL I think no updates since years this is why I went to LAM
maybe it could be nice to write some informations to the wiki, we could share on it if you want
let me think on it, a bit busy ATM, but I can find some time move further
The lam 1.0.3 update was released and I updated it. Since then I can’t login to lam.
What did the update overwrite? Should I uninstall and reinstall with settings?
You have three login in LAM, which one is not working
the third, the second, the first ?
Sorry, I was imprecise…
I created the admin user before the update and he successfully entered the LAM before the update. Login is definitely not working now:
The admin is listed under Server profile: lam, General settings, Server setting List of valid users and its password is also set.
I can log in to the LAM configuration, but the password has been reset to the default lam instead of the password I entered earlier…
After updating to lam 1.0.3, I cannot log in to LAM with the admin user, neither with the password I entered before the update, nor with the default lam password.
I can only log in to the LAM configuration with the default lam password, not with the password set before the update.
I don’t understand what happened with the update? What can I do to solve this problem?
Thank you for your help.
do not know your ldap server is not reachable
you can remove lam and try to configure it again
Will this have to be uninstalled, reinstalled and configured every time I update in the future?
I can log in to SOGo (ad/ladp authenticates the user), the ladap server is available…
Maybe this shouldn’t be the case after the update, does anyone else have the problem?
Thank you for your help.