Stef | 17 Jul 21:39 2014
Picon

CAS authentication

Hi all :)

A couple of days ago, I started to CASify LAM with the help of Jasig phpCAS.
To CASify it, I needed to implement auhtzid management : LAM uses
cn=reader to read LDAP directory, and "auth as" the CAS user when
modifying something.

It's not very difficult to develop this, but it needs some improvements
in mainconfig management, in login.php, in the LDap class ... a little
bit everywhere in fact ; this is the more difficult : understand the
existing mechanism without breaking everything ... and making it
reusable for somebody else ! ^^

If somebody is interested in the result, when available maybe next week,
I'll be glad to share it.
If somebody has already CASified, I'll be glad to compare our
implementations ;)

Bye !

--
Steph

------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
(Continue reading)

Stef | 11 Jul 11:51 2014
Picon

hide tool SchemaBrowser / config file check forgotten ?

Hi there :)

Is it me, or the schema browser is always shown ?

line 175 in ldap-account-manager-4.6/templates/main_header.php, would'nt be something like this first line ?

if (!$_SESSION['config']->getToolSettings()['tool_hide_toolSchemaBrowser'] === true) {

// existing code

if ($_SESSION['config']->get_Suffix('tree') != "") {

?>
            <li>
                <a href="<?php echo $headerPrefix; ?>tree/treeViewContainer.php"><img class="align-middle" height="16" width="16" alt="tree" src="<?php echo $headerPrefix; ?>../graphics/process.png">&nbsp;<?php echo _("Tree view") ?></a>
            </li>
            <?php
            }

}

 

--
Stéphane
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
Vasiliy P. Melnik | 9 Jul 12:58 2014
Picon

sample config's names

Hi Rolland.

please rename sample config's files,  If it's possible
config.cfg.sample
lam.conf.sample

In freebsd porters hanbook I have new directive for sample files, 

<at> sample , but file names should be ended with .sample

------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
Paolo Giustiniani | 4 Jul 09:43 2014
Picon

About binder user

Hello,
i would add a new user for bind.

It's possibile?
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
Dr.Peer-Joachim Koch | 27 Jun 12:24 2014
Picon

pager attribute

Hi,

a long time ago we have started to use the PAGER entry for some internal 
use.
However I can not find PAGER attribute (inetOrgPerson). How can we add 
this ?

-- 
Mit freundlichem Gruß
     Peer-Joachim Koch
_________________________________________________________
Max-Planck-Institut für Biogeochemie
Dr. Peer-Joachim Koch
Hans-Knöll Str.10            Telefon: ++49 3641 57-6705
D-07745 Jena                 Telefax: ++49 3641 57-7705

Attachment (pkoch.vcf): text/x-vcard, 454 bytes
Attachment (smime.p7s): application/pkcs7-signature, 6273 bytes
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
Paolo Giustiniani | 26 Jun 17:44 2014
Picon

Set bind discovery

Hello,
i would set bind discovery to auth.

It's possibile?
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
Stef | 25 Jun 19:14 2014
Picon

Cross DN edit when using several server instance

Hi :)

I've just discovered lam, seems to be great for my need : i've configured several server instance pointing to the same LDAP server, in order to lock users into their nested branch (like a jail).
That way, users from an instance can't put the mess in other branches :)

 

  • server instance A, to manage only ou=a,ou=mycompagny,ou=fr
  • server instance B, to manage only ou=b,ou=mycompagny,ou=fr
  • etc.

 

Users can log in their instance if their user/pwd is correctly set in uid=%USER%,ou=people,ou=a,ou=mycompagny,ou=fr

but.... in templates/account/edit.php, there's no check about the dn asked to be edited : editing the URL let people edit objects that aren't in the subtree to which they belong !

I suggest adding something like this at line 57 :

// Logged user DN
$userData = $_SESSION['ldap']->decrypt_login();
$loggedUserDNSuffix=extractDNSuffix($userData[0]);

//DN to edit ; note DN GET parameter is given between quotes, see userlink.php
$editUserDNSuffix=extractDNSuffix(str_replace("'", '', $_GET['DN']));

if ("$editUserDNSuffix" != "$loggedUserDNSuffix") {
  logNewMessage(LOG_ERR, "User logged ($userData[0]) tried to access other account DN Suffix: " . $editUserDNSuffix);
  StatusMessage("ERROR","Edit forbidden","You can only edit user that share the same DN than yours", NULL, false);
  die();
}

What do you think about this ?

 

--
Stéphane
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
Elizabeth Jones | 20 Jun 17:49 2014
Picon

enforcing ldap security rules

Is there anything I can do in LAM to enforce our internal 389DS password
security settings? I just enabled the settings on our LDAP this week, but
when I have tried changing user passwords using LAM the settings are not
being enforced.  If I change the passwords directly on the LDAP then they
are enforced.

thanks -

EJ

------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
Cledat, Romain E | 13 Jun 20:25 2014
Picon

PDF reports

Hello,

Is it possible to get LAM to generate a PDF report where it would print attributes of users in a group. In other words, I have a groupOfNames that has members. I would like to generate a report where I print details about those members (not just details about the groupOfNames). 

The corresponding LDAP search is something like:
"(memberOf=cn=Whatever,ou=Role,dc=machine,dc=site,dc=com)" uid cn o

Thanks,
Romain



Attachment (smime.p7s): application/pkcs7-signature, 816 bytes
------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
Vince Streif | 2 Jun 17:50 2014
Picon

Oddity (and fix) for "Groups of names"

Ran into an oddity with "Groups of names" in LAM Pro 4.5. When I enable 
the "Groups of names" account type, lam generates blocks of code like 
the following for each of the members (I added line breaks to improve 
clarity):

<br>
<a href="../account/edit.php?type=gon&amp;DN='
<a

href="../account/edit.php?type=user&amp;DN='uid=streif,ou=People,ou=REDCap,ou=Applications,dc=smphit,dc=wisc,dc=edu'">streif 
 > People > REDCap > Applications > smphit > wisc > edu
</a>'">
<a href="../account/edit.php?type=user&amp;DN='uid=streif > People > 
REDCap > Applications > smphit > wisc > edu'">streif > People > REDCap > 
Applications > smphit > wisc > edu
</a>
</a>

Looks like the code in types/gon.inc is processing each entry multiple 
times and creating some really confused html.  Not quite sure what was 
intended there, but it works much better for me if I modify the code so 
it only processes a single entry once.  i.e.

 >diff gon.inc.orig  gon.inc.new
257c257
<                         if (!isAccountTypeHidden($type)) {
---
 >                         if (!isAccountTypeHidden($type) && !$replaced) {

Then the html produced looks like the following:

<br>
<a

href="../account/edit.php?type=user&amp;DN='uid=streif,ou=People,ou=REDCap,ou=Applications,dc=smphit,dc=wisc,dc=edu'">streif 
 > People > REDCap > Applications > smphit > wisc > edu
</a>

Could either this (or a more appropriate patch) be added to the code?

Thanks,

--

-- 
Vince Streif
SMPH Information Technology
Univ of Wisconsin - Madison
4276 Health Sciences Learning Center
750 Highland Avenue
Madison, WI 53705

streif@...
608-262-7230

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their 
applications. Written by three acclaimed leaders in the field, 
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
Bunjes Friedemann | 2 Jun 08:32 2014
Picon

RESOLVED: editing user profile not working

Hi,

a reboot of the machine running the lamdaemon.pl solved the problem.
The pam authentication somehow was in an unclear state.

Best,

Friedemann

--

Hi,

we have the following lamdaemon/sudo problem on debian wheezy:

$ sudo /usr/share/ldap-account-manager/lib/lamdaemon.pl
sudo: PERM_ROOT: setresuid(0, 0, 0): Operation not permitted

The LAM lamdaemon test fails with the same error message.

Any help is appreciated.

Best,

Friedemann

-- 
Dr. rer. nat. Friedemann Bunjes
EDV Entwicklung und Koordination 
Hertie-Institut für Klinische Hirnforschung
Zentrum für Neurologie
Universitätsklinikum Tübingen
Otfried-Müller-Str. 25
72076 Tübingen
Tel. +49-7071-29-81999
Fax +49-7071-29-25010

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their 
applications. Written by three acclaimed leaders in the field, 
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public

Gmane