PASCAL CASSAGNES | 17 Apr 12:40 2014
Picon

Ldap filter and overlay memberof

Hello,

I want to give access to users (technicians) only list machines Samba domain.

For this, I created a profile that displays the machines :

General settings/Server settings
Tree suffix = empty
Access level = Read-only

General settings/Tool settings
Hidde tools = all the hidden tools

General settings/Security settings
Login method = LDAP search
LDAP suffix : dc=mycompany.fr,dc=local
LDAP filter : (&(objectclass=inetOrgPerson)(memberof=cn=LamHosts,ou=applications,dc=mycompany.fr,dc=local))

Account types :
Hosts (LDAP suffix+List attributes)

ACL in slapd.conf:
access to * by group.base="cn=LamHosts,ou=applications,dc=mycompany.fr,dc=local" read


The LDAP filter works if the "groupOfNames" LamHosts contains only one "member" attribute (e.g. member: uid=toto,ou=users,dc=mycompany,dc=local)
In this case, the login works and the user "toto" can clearly see the list of machines.

On the other hand, if I add a new "member" attribute (e.g. member: uid=titi,ou=users,dc=mycompany,dc=local) in the "groupOfNames" LamHosts, titi user (or any other user of the ldap directory) can not connect to the Lam application and the following error message appears : "The Message Given user name matches multiple LDAP entries."

Ldapsearch command with filter on the server console :
ldapsearch -x -D "uid=ldapadmin,ou=sysusers,dc=local" -W -b "dc=mycompany.fr,dc=local" -xLLL "(&(objectclass=inetOrgPerson)(memberof=cn=LamHosts,ou=applications,dc=mycompany.fr,dc=local))" uid
Result :
dn: uid=titi,ou=users,dc=mycompany.fr,dc=local
uid: titi
dn: uid=toto,ou=users,dc=mycompany.fr,dc=local
uid: toto

I continue my research but am taking an idea, track, advice or solution if you know.

Thanks.
Pascal
(Lam Pro 4.5)
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
PASCAL CASSAGNES | 10 Apr 15:17 2014
Picon

Password policy - Symbolic characters

Hi,
In the definition of the political passwords (general settings Lam) what are the symbolic characters allowed? Can I change the list of these characters (remove / add)?
If so where? If not, could it be an evolution of Lam?
Best regards
Pascal
(Lam Pro 4.5)
------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
PASCAL CASSAGNES | 10 Apr 08:35 2014
Picon

Hide tree view

Hi,
Is it possible to hide the tree view functionality as is the case with Schema browser, Multi edit, File upload, PDF editor,...
Thanks,
Pascal
(Lam Pro 4.5)
------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
Elizabeth Jones | 17 Mar 21:36 2014
Picon

lock password field

We are using LAM 3.9 and have found it to be a wonderful tool - but I'm
trying to figure something out and have had no success.  We have several
hundred user accounts that we need to lock, and we can easily do this with
the lock password button in LAM, but doing this for hundreds of user
passwords is really time consuming.  I can't seem to figure out what LDAP
field the lock password button is modifying, or if it is just adding
something like *LK* into the password field in LDAP.  Does anyone know
what lock password is actually doing behind the scenes?

Thanks -

Elizabeth

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/13534_NeoTech
Roland Gruber | 3 Mar 17:10 2014
Picon

LDAP Account Manager 4.5.RC1 with Oracle databases and enhanced password self reset

LDAP Account Manager (LAM) 4.5.RC1 - March 15th, 2014
=====================================================

LAM is a web frontend for managing accounts stored in an LDAP directory.

Announcement:
-------------

This release allows to set fields on tab Personal to read-only. NIS mail
aliases can managed on user tab and there is a new option if referrals
should be followed. The Pro version supports Oracle databases and
organizational roles. The self service now includes a language selection
and password reset supports alternate email addresses.

This is a test version. Please do not install in production environment
and report any bugs till 15th March.

Full changelog:

https://www.ldap-account-manager.org/lamcms/changelog

Download:

https://www.ldap-account-manager.org/lamcms/releases

Features:
---------

* management of various account types
 * Unix
 * Samba 3/4
 * Kolab 2/3
 * Asterisk
 * Zarafa
 * DHCP
 * SSH keys
* profiles for account creation
* account creation via file upload
* automatic creation/deletion of home directories
* setting quotas
* PDF output for all accounts
* editor for organizational units
* schema browser
* tree view
* multiple configuration files
* multi-language support: Catalan, Chinese (Traditional + Simplified),
  Czech, Dutch, English, French, German, Hungarian, Italian, Japanese,
  Polish, Portuguese, Russian, Slovak, Spanish and Turkish
* support for LDAP+SSL/TLS

Demo installation:
------------------

You can try our demo installation online.

https://www.ldap-account-manager.org/lamcms/liveDemo

Support:
--------

If you find a bug please file a bug report. For questions or
implementing new features please use the mailinglist and feature request
tracker at our homepage https://www.ldap-account-manager.org.

Authors & Copyright:
--------------------

Copyright (C) 2003 - 2014:
Roland Gruber <post@...>

LAM is published under the GNU General Public License.
The complete list of licenses can be found in the copyright file.

------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works. 
Faster operations. Version large binaries.  Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
Doruk Fisek | 20 Feb 12:34 2014
Picon

lam fedora package dependency problem

Hi,

 The Fedora package of LAM has a php dependancy, which results in
Apache and its list of dependencies.

 Instead of a php dependency, a php-common dependency would be much
more logical. Since all php packages depend on it (php-cli, mod_php,
php-fpm, etc).

 Whenever we're using LAM on a Nginx + PHP-FPM setup, we have to
install it with rpm --nodeps because of this dependency.

                   Doruk

--
Özgür Yazılım A.Ş. ~ #
http://www.ozguryazilim.com.tr

------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
_______________________________________________
Lam-public mailing list
Lam-public <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lam-public
franck.rakotonindrainy | 20 Feb 11:05 2014

Samba3 Account, sambaDomainName attribute

Hello Roland,

I have one question or request

In the Samba3 account page of LAM, there is a field sambaDomainName which list all the domains from the ldap directory
In here we have plenty of "domains" some having the same SID (a samba trick to share authentication without all the server join tralala of Windows)
My problem is I create the account, I set the correct Domain but when I come back to modify the user account, the Samba Domain Name shown is not the same as the one originally before.
It seems to me that sambaDomainName attribute is a text field IMHO it should not be recalculated when modifying a user account , the original one should be displayed as it was.

Am I misunderstanding something ?

Best regards.
Franck r.
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
mourik jan heupink | 31 Jan 11:06 2014
Picon

windowsgroups vs unixgroups

Hi,

We're still testing samba3 -> samba4, and we have a question on groups 
in lam:

I have enabled windowsGroup and windowsPosixGroup, and we're using sssd 
for our linux users/groups.

As expected, when not adding the unix extension to a group, the group 
membership is not 'seen' in linux. When adding the unix extension, I am 
also asked to edit members', and by default, there are no members.

However: by just adding the unix extension, linux (through sssd) becomes 
aware of my group PLUS all it's members.

So: why is there a separate 'edit members' for unix groups, that does 
not seem to be neccesary?

It feels like a strange discrepancy: linux sees the group plus all it's 
members, and lam displays it as a group without any unix members.

Regards,
Mourik jan

------------------------------------------------------------------------------
WatchGuard Dimension instantly turns raw network data into actionable 
security intelligence. It gives you real-time visual feedback on key
security issues and trends.  Skip the complicated setup - simply import
a virtual appliance and go from zero to informed in seconds.
http://pubads.g.doubleclick.net/gampad/clk?id=123612991&iu=/4140/ostg.clktrk
Danté Bell | 20 Jan 20:14 2014
Picon

Question about connect to Samba 4 LDAP


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I am currently evaluating OpenChange/SOGo/Samba4 for a client of mine
and really like LAM but I can't figure out how to connect to the Samba
LDAP. NOTE: I can connect to the SOGo ldap running on port 3389 but not
Samba on port 389.

Here's how I connect via linux command line, using ldapsearch as an example:

ldapsearch -I -LLL -h 192.168.4.110 -p 389 -b "dc=SFPI-TEST,dc=LOCAL" -D
cn=Administrator,cn=users,dc=sfpi-test,dc=local
SASL/NTLM authentication started
SASL Interaction
Default: root
Please enter your authentication name: root
Please enter your password:
SASL username: root
SASL SSF: 0
How can I specify a similar connection in LAM?

I've tried setting "Activate TLS" to "Yes" but I get an error from Samba

ldapsrv_starttls_postprocess_done: accept_tls_loop:
tstream_tls_accept_recv() - 38:Function not implemented =>
NT_STATUS_INVALID_SYSTEM_SERVICETerminating connection -
'ldapsrv_call_postprocess_done: call->postprocess_recv() -
NT_STATUS_INVALID_SYSTEM_SERVICE'

If I don't specify Activate TLS then I get a User Not Found displayed:

dreplsrv_notify_schedule(5) scheduled for: Mon Jan 20 14:12:38 2014 EST
dreplsrv_notify_schedule(5) scheduled for: Mon Jan 20 14:12:43 2014 EST
auth_check_password_send: Checking password for unmapped user []\[] <at> [(null)]
auth_check_password_send: mapped user is: []\[] <at> [(null)]
[0000] 7B 44 66 D3 CE 97 DC 24                            {Df....$
auth_check_password_recv: anonymous authentication for user [NT
AUTHORITY\ANONYMOUS LOGON] succeeded
ldb_request SUB dn=cn=Administrator,cn=users,dc=sfpi-test,dc=local
filter=(uid=root)
Terminating connection - 'ldapsrv_call_loop:
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
imessaging: cleaning up /usr/local/samba/private/smbd.tmp/msg/msg.10952.78
single_terminate: reason[ldapsrv_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED]

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBAgAGBQJS3XWmAAoJEBD3tmcdd5Sfsh8H/05ui8wtjbEUtCEVkriBaMPl
fMY9i6E005RMTwWI8/A18U3j2QdEYRxukNInbYrFonioBXL8G9pPNoNXhiRjqfoi
qIl0g+FPFAtHZT8vhyouK03FJCeZVvQUZJ+7cXdNIR8liSvDGfRqxWA2oqZNY0ot
XDyvykvmQTCjKd9n+gUKCrjPM3Gm2pgSjjAbKgQvihvbRVScUmjJBOauQSCTPLWK
CIzFN6Dm8dwWDssSFzIfSLO2TGLmiFDUAquUUJS7RehTYkJ67J2gGnsTUnc9vWxK
5IPzwmT0QkKoqRJc6NGpXwdxrOBKN60AolT5NhK4cKa+IwvNNQfqVWiPiDfUtzk=
=xWX2
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
PASCAL CASSAGNES | 17 Jan 13:39 2014
Picon

Creating PDF files for host machines

Hi,
When I select multiple hosts to create their pdf file, the value of the uid number is the same in all pdf files created. It is same for the host name (uid) in the upper left.
Best regards,
Pascal
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public
PASCAL CASSAGNES | 17 Jan 08:44 2014
Picon

Add a photo to a user account

Hello,
In Lam Pro application 4.4., I can not add an image (jpegPhoto) when I create or modify a user account.
I select an image file (jpg or jpeg) to load. The selected file name appears in Lam well but when I click on the button add photo,  "Please upload a .jpg/.jpeg" message appears and the name of the previously selected file is replace by "any selected file". If instead i click the back button no image is displayed. If I click again on the button to add a photo, the image file that I had previously selected no longer appears.
(openSUSE 12.2 - Apache 2.2 - PHP 5.3.15 or openSUSE 13.1 - Apache 2.4.6 - PHP 5.4.20)
Yet I have no problem to assign an image (jpg or jpeg) directly to the attribute jpegPhoto in the LDAP (with Apache Directory Studio LDAP Browser for example).
I do not see any error message in the Lam, Apache or PHP log files

Thank you in advance for your help
Best regards,
Pascal
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
Lam-public mailing list
Lam-public@...
https://lists.sourceforge.net/lists/listinfo/lam-public

Gmane