fusiondirectory-plugins issueshttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues2023-01-26T14:22:02Zhttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6203[Supann-Ex] - Verification of uniqueness, generation of hash based on login I...2023-01-26T14:22:02Zdockx thibault[Supann-Ex] - Verification of uniqueness, generation of hash based on login ID and time.### Requirements
* Filling out the template is required. Any Enhancement request that does not include enough information to be reviewed in a timely manner may be closed at the maintainers' discretion.
* All new code requires tests to e...### Requirements
* Filling out the template is required. Any Enhancement request that does not include enough information to be reviewed in a timely manner may be closed at the maintainers' discretion.
* All new code requires tests to ensure against regressions
## Descriptive title for this enhancement
[Supann-Ex] - Verification of uniqueness, generation of hash based on login ID and time.
### Actual behavior
If the number of users exceed a certain value, we see a huge impact on performances due to the iteration on each individual.
This was performed in order to make sure of the uniqueness between members.
It is now seen as unpractical and a revamp of the solution is required.
The hash must be generated with the ID of the user as well as the time of creation.
### Expected behavior
No need to pass by every entry in LDAP in order to validated uniqueness.
The hash is generated in a way that it is "almost" impossible to replicate.
### Step by step description of new behaviour
1. New hash generation.
2. Better LDAP performances.
### Benefits
Huge benefits in terms of performances.
### Possible Drawbacks
None
### Applicable Issues
https://gitlab.fusiondirectory.org/universite-orleans/mise-en-place-de-fusiondirectory-et-openldap/-/issues/26#note_117328FusionDirectory 1.5dockx thibaultdockx thibaulthttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6190[WebService] - RPCservice - Verification on session timeout, possible unecess...2022-12-07T10:15:13Zdockx thibault[WebService] - RPCservice - Verification on session timeout, possible unecessary refresh.### Requirements
The university of Unamur reported some issue during movement / copy / creation of many users via the use of FD WebService.
It is possible that one part of the issue would be the creation of a new session which would be...### Requirements
The university of Unamur reported some issue during movement / copy / creation of many users via the use of FD WebService.
It is possible that one part of the issue would be the creation of a new session which would be not efficient.
## Descriptive title for this enhancement
[WebService] - RPCservice - Verification on session timeout, possible unecessary refresh.
### Actual behavior
It seems a big delay of around 2 minutes per request process during user modification / creation happens.
Making the overall life cycle process difficult to complete.
### Expected behavior
Delay between such request should be fast.
### Step by step description of new behaviour
A possible tweak of session management and timeout could help fix this behaviour.
### Benefits
Life cycle / user creation - suppression would be processed within a reasonable timeframe.
### Possible Drawbacks
None.
### Applicable IssuesFusionDirectory 1.5dockx thibaultdockx thibaulthttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6179[SupannExt] - Adding elements to the main code_population list2022-12-07T10:25:54Zdockx thibault[SupannExt] - Adding elements to the main code_population list### Requirements
## Descriptive title for this enhancement
[SupannExt] - Adding elements to the main code_population list
### Actual behavior
List is not exhaustive
### Expected behavior
Below elements that would be interesting to ...### Requirements
## Descriptive title for this enhancement
[SupannExt] - Adding elements to the main code_population list
### Actual behavior
List is not exhaustive
### Expected behavior
Below elements that would be interesting to add to the default list of main population code.
'RGPST' 'RGPET' 'RGPFT' 'RGNFC' 'RGNFA' 'RGNE' 'RGNS' 'RGNFD' 'RGNSP' 'RGIS' 'RGIE' 'RGNCC' 'RGNCD' 'RHTC' 'PXR' 'RHJSG' 'RHLE' 'RHLS' 'RHTCE' 'RHMF' 'RHJCF' 'PXSP' 'PXE' 'TER' 'RHTSO' 'PXU' 'PXL'
### Step by step description of new behaviour
Add the above elements to the default list.
### Benefits
More default elements.
### Possible Drawbacks
User interface might feel overcharged
### Applicable Issues
NoneFusionDirectory 1.5dockx thibaultdockx thibault2022-07-25https://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6178[Posix] - Template - TrustMode %askme% set as a service disables the entire t...2023-03-13T14:23:37Zdockx thibault[Posix] - Template - TrustMode %askme% set as a service disables the entire table.### Description
When the option %askme% is set as a service wihin the TrustMode table.
It disables the TrustMode option : %askme%, and render the table completely disable when applied from template.
### Distribution Name and Version
...### Description
When the option %askme% is set as a service wihin the TrustMode table.
It disables the TrustMode option : %askme%, and render the table completely disable when applied from template.
### Distribution Name and Version
Bullseye
### FusionDirectory Version
1.4-dev
### Plugin with the defect
Poisx
### PHP version used
7.4
### Origin of php packages
Distribution Repositories
### Steps to Reproduce
Create a template
Select posix TAB
Choose %askme% from TrustMode options
Choose %askme% from TrustMode services options.
**Expected behavior:**
Option %askme% should remains set on both attribute.
If only one %askme% attribute is set, it should be automatically set as a service or trustmode options as well.
**Actual behavior:**
%askme% options disappear as trustmode option when service is set as %askme%
**Reproduces how often:**
100%
### Additional Information
noneFusionDirectory 1.5dockx thibaultdockx thibaulthttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/5786Argonaut task doesn't use ACL based on branch2022-02-21T21:40:25ZJonathan SwaelensArgonaut task doesn't use ACL based on branch## Descriptive title for this enhancement
Argonaut task doesn't use ACL based on branch
### Actual behavior
Argonaut task need an ACL on the root so that user could use scheduling
### Expected behavior
Add ACL on a branch and the us...## Descriptive title for this enhancement
Argonaut task doesn't use ACL based on branch
### Actual behavior
Argonaut task need an ACL on the root so that user could use scheduling
### Expected behavior
Add ACL on a branch and the user may directly use scheduling. They not need Argonaut task right on root
### Step by step description of new behaviour
1. Add acl on a branch
2. Tick a system and launch a scheduling
3. Have the right to make the scheduling
### Benefits
More easy to manage the ACL because we not need to remember that Argonaut task need ACL on root
### Possible Drawbacks
None
### Applicable Issues
Always when we use the Argonaut tasksFusionDirectory 1.5dockx thibaultdockx thibaulthttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/5771Allow to use WebService as another user (aka sudo webservice)2021-08-25T18:54:23ZcoudotAllow to use WebService as another user (aka sudo webservice)## Allow to use WebService as another user (aka sudo webservice)
### Actual behavior
To use WebService, you must login as a FD user (with user and password). This requires for an application to own the user password to be able to call ...## Allow to use WebService as another user (aka sudo webservice)
### Actual behavior
To use WebService, you must login as a FD user (with user and password). This requires for an application to own the user password to be able to call FD webservice, which is not always possible (using SSO) and can also be a security issue.
### Expected behavior
We should have an option allowing to authenticate to webservice with a technical account and pass the identity of the user for whom we need to call the webservice, in order to benefit from FD ACL model.
### Step by step description of new behaviour
* Protect the WebService endpoint with AuthBasic, for example in Apache:
```apache
<Location /fusiondirectory/jsonrpc.php>
AuthType basic
AuthName "FD WebServices"
AuthBasicProvider ldap
AuthLDAPURL "ldap://ldap-server1 ldap-server2/ou=dsa,dc=example,dc=com?cn?one?"
AuthLDAPBindDN cn=fusiondirectory,ou=dsa,dc=example,dc=com
AuthLDAPBindPassword secret
Require ldap-user account1 account2
</Location>
```
* Have an option to be able to call LOGIN WebService without the user password. Here is a proof of concept patch:
```php
# diff /usr/share/fusiondirectory/html/jsonrpc.php /usr/share/fusiondirectory/html/jsonrpc.php.orig
93,99c93
< $conf_allow_nopasswd = 1; // TODO create configuration parameter
< if ( $pwd === NULL and $conf_allow_nopasswd ) {
< $ui = ldap_get_user($user);
< $ui->loadACL();
< } else {
< $ui = ldap_login_user($user, $pwd);
< }
---
> $ui = ldap_login_user($user, $pwd);
```
### Benefits
It would allow a better integration in Web applications using the WebServices.
Let me know if you are interested by a Pull Request for this feature.FusionDirectory 1.5bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/5449CSV Import - Option Warn with report on duplicate uid or Fail with report on ...2022-02-21T21:03:24ZGhost UserCSV Import - Option Warn with report on duplicate uid or Fail with report on duplicate uidOn import, a person would be able to choose *Warn on duplicate entry*, to let the import proceed with warnings on records which failed because of an already existing uid. At the completion of the import they would be able to see a list o...On import, a person would be able to choose *Warn on duplicate entry*, to let the import proceed with warnings on records which failed because of an already existing uid. At the completion of the import they would be able to see a list or export the list as a csv of records not imported in order to address the ldap entry if it requires altering.
If the user chose to *Fail on duplicate entry*, they would have access to a report of those records not imported, or, it would explicitly show for which record the import failed. This way the user would be able to make note of the problem record, continue the import, until the next fail repeat.
There is also room for a more advanced Interactive option to allow the user choose what to do with the record in conflict.FusionDirectory 1.5dockx thibaultdockx thibaulthttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/5054Service "Share" on systems: additional fields for samba2019-09-18T20:20:13ZtnierckeService "Share" on systems: additional fields for sambaHi there,
I have seen, that the entire share-config is saved in one |-seperated field in LDAP.
So this should be minor work.
I am currently working on an argonaut-module for (re-)writing the samba-share definition
(Sections in smb.conf...Hi there,
I have seen, that the entire share-config is saved in one |-seperated field in LDAP.
So this should be minor work.
I am currently working on an argonaut-module for (re-)writing the samba-share definition
(Sections in smb.conf). To assign groups with read-only and write-access I do need 2 more
fields (seperated by |) in the share definition.
Also an option to hide the share would be nice.
This is what I suggest:
- add a field "Samba write group(s)": comma seperated list of samba-groups with write access
- add a field "Samba read group(s)": comma seperated list of samba-groups with read access
- add a checkbox "Samba hidden": '1' if the share should be hidden, '0' otherwise
the entire schema of the contents for "goExportEntry" could be:
name|description|fs-type|encoding|path|options|samba-write-groups|samba-read-groups|samba-hidden
*(from redmine: issue id 5054, created on 2016-08-08)*
* Custom Fields:
* Bug in version: 1.0.14
* Support contract: NoneFusionDirectory 1.5bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/3999Fix cyrus mail group ACL setting2023-02-02T11:41:46ZbmortierFix cyrus mail group ACL settingHello,
GOsa² was having a functionality to create group mailbox for cyrus with acl applied on it, we should test it still work and fixes if not
Cheers
* Relations:
* relates #5315
* Uploads:
* ![Bildschirmfoto_-_11.08.2015_-_16_4...Hello,
GOsa² was having a functionality to create group mailbox for cyrus with acl applied on it, we should test it still work and fixes if not
Cheers
* Relations:
* relates #5315
* Uploads:
* ![Bildschirmfoto_-_11.08.2015_-_16_43_58](/uploads/1363edf523b6624711ed51950757ae7f/Bildschirmfoto_-_11.08.2015_-_16_43_58.png)FusionDirectory 1.5dockx thibaultdockx thibaulthttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/3909Add certificates for system2022-02-21T21:29:43ZJonathan SwaelensAdd certificates for systemHi,
We should add certificates for system (like EJBCA).
CheersHi,
We should add certificates for system (like EJBCA).
CheersFusionDirectory 1.5https://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/3479Deployment - Dual Boot Windows/Linux (OPSI/FAI)2019-09-18T20:19:25ZamichonDeployment - Dual Boot Windows/Linux (OPSI/FAI)Bonjour,
Nous souhaitons faire une installation automatique via FAI et opsi d'une salle de TP en dual boot. Quelle est la meilleure façon de procéder au niveau de l'enregistrement dans le plugin systeme et des differentes configurations...Bonjour,
Nous souhaitons faire une installation automatique via FAI et opsi d'une salle de TP en dual boot. Quelle est la meilleure façon de procéder au niveau de l'enregistrement dans le plugin systeme et des differentes configurations ?
Bonne journée (courage)
Alexis
*(from redmine: issue id 3479, created on 2014-11-20)*
* Relations:
* relates #3614
* relates #5313
* copied_to #4108
* copied_to #5463
* Changesets:
* Revision 2fb57de578768ba6e565637deca3b8533ba5f92a by Côme Chilliet on 2017-03-14T13:44:16.000Z:
```
Fixes #3479 First try at Samba tab on workstations
```
* Revision 20a99ef023ac0e976c7be7c35fc980c374212e20 by Côme Chilliet on 2017-03-14T14:16:59.000Z:
```
Fixes #3479 Getting rid of winstation object type
```
FusionDirectory 1.5bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/1296FD and IPv62021-01-03T13:25:18ZamichonFD and IPv6Hello,
We plan to deploy IPv6 on our network in the next month. This ticket will be to follow the status of the support, experience we made, ... Somebody has some experience with FD and IPv6 ? How is the status of IPv6 in FD ?
Alexis
...Hello,
We plan to deploy IPv6 on our network in the next month. This ticket will be to follow the status of the support, experience we made, ... Somebody has some experience with FD and IPv6 ? How is the status of IPv6 in FD ?
Alexis
*(from redmine: issue id 1296, created on 2012-09-26)*
* Relations:
* relates #3265
* copied_to #4236
* Changesets:
* Revision da90acfbca2d99db18b573964da95aece179c3f5 by Côme Chilliet on 2015-10-20T12:15:20.000Z:
```
Fixes #1296 Using is_ipv4 where it makes sense
```
* Revision 5e449656aa94edec7c54f4f9bbc9f639054a9e3b by Côme Chilliet on 2015-10-20T12:16:25.000Z:
```
Fixes #1296 Using is_ipv4 where it makes sense
```
* Custom Fields:
* Bug in version: 1.0.8.5
* Support contract: NoneFusionDirectory 1.5Jonathan SwaelensJonathan Swaelens