fusiondirectory-plugins issueshttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues2021-01-03T13:25:18Zhttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/1296FD and IPv62021-01-03T13:25:18ZamichonFD and IPv6Hello,
We plan to deploy IPv6 on our network in the next month. This ticket will be to follow the status of the support, experience we made, ... Somebody has some experience with FD and IPv6 ? How is the status of IPv6 in FD ?
Alexis
...Hello,
We plan to deploy IPv6 on our network in the next month. This ticket will be to follow the status of the support, experience we made, ... Somebody has some experience with FD and IPv6 ? How is the status of IPv6 in FD ?
Alexis
*(from redmine: issue id 1296, created on 2012-09-26)*
* Relations:
* relates #3265
* copied_to #4236
* Changesets:
* Revision da90acfbca2d99db18b573964da95aece179c3f5 by Côme Chilliet on 2015-10-20T12:15:20.000Z:
```
Fixes #1296 Using is_ipv4 where it makes sense
```
* Revision 5e449656aa94edec7c54f4f9bbc9f639054a9e3b by Côme Chilliet on 2015-10-20T12:16:25.000Z:
```
Fixes #1296 Using is_ipv4 where it makes sense
```
* Custom Fields:
* Bug in version: 1.0.8.5
* Support contract: NoneFusionDirectory 1.5Jonathan SwaelensJonathan Swaelenshttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/3479Deployment - Dual Boot Windows/Linux (OPSI/FAI)2019-09-18T20:19:25ZamichonDeployment - Dual Boot Windows/Linux (OPSI/FAI)Bonjour,
Nous souhaitons faire une installation automatique via FAI et opsi d'une salle de TP en dual boot. Quelle est la meilleure façon de procéder au niveau de l'enregistrement dans le plugin systeme et des differentes configurations...Bonjour,
Nous souhaitons faire une installation automatique via FAI et opsi d'une salle de TP en dual boot. Quelle est la meilleure façon de procéder au niveau de l'enregistrement dans le plugin systeme et des differentes configurations ?
Bonne journée (courage)
Alexis
*(from redmine: issue id 3479, created on 2014-11-20)*
* Relations:
* relates #3614
* relates #5313
* copied_to #4108
* copied_to #5463
* Changesets:
* Revision 2fb57de578768ba6e565637deca3b8533ba5f92a by Côme Chilliet on 2017-03-14T13:44:16.000Z:
```
Fixes #3479 First try at Samba tab on workstations
```
* Revision 20a99ef023ac0e976c7be7c35fc980c374212e20 by Côme Chilliet on 2017-03-14T14:16:59.000Z:
```
Fixes #3479 Getting rid of winstation object type
```
FusionDirectory 1.5bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/3909Add certificates for system2022-02-21T21:29:43ZJonathan SwaelensAdd certificates for systemHi,
We should add certificates for system (like EJBCA).
CheersHi,
We should add certificates for system (like EJBCA).
CheersFusionDirectory 1.5https://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/3999Fix cyrus mail group ACL setting2023-02-02T11:41:46ZbmortierFix cyrus mail group ACL settingHello,
GOsa² was having a functionality to create group mailbox for cyrus with acl applied on it, we should test it still work and fixes if not
Cheers
* Relations:
* relates #5315
* Uploads:
* ![Bildschirmfoto_-_11.08.2015_-_16_4...Hello,
GOsa² was having a functionality to create group mailbox for cyrus with acl applied on it, we should test it still work and fixes if not
Cheers
* Relations:
* relates #5315
* Uploads:
* ![Bildschirmfoto_-_11.08.2015_-_16_43_58](/uploads/1363edf523b6624711ed51950757ae7f/Bildschirmfoto_-_11.08.2015_-_16_43_58.png)FusionDirectory 1.5dockx thibaultdockx thibaulthttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/5054Service "Share" on systems: additional fields for samba2019-09-18T20:20:13ZtnierckeService "Share" on systems: additional fields for sambaHi there,
I have seen, that the entire share-config is saved in one |-seperated field in LDAP.
So this should be minor work.
I am currently working on an argonaut-module for (re-)writing the samba-share definition
(Sections in smb.conf...Hi there,
I have seen, that the entire share-config is saved in one |-seperated field in LDAP.
So this should be minor work.
I am currently working on an argonaut-module for (re-)writing the samba-share definition
(Sections in smb.conf). To assign groups with read-only and write-access I do need 2 more
fields (seperated by |) in the share definition.
Also an option to hide the share would be nice.
This is what I suggest:
- add a field "Samba write group(s)": comma seperated list of samba-groups with write access
- add a field "Samba read group(s)": comma seperated list of samba-groups with read access
- add a checkbox "Samba hidden": '1' if the share should be hidden, '0' otherwise
the entire schema of the contents for "goExportEntry" could be:
name|description|fs-type|encoding|path|options|samba-write-groups|samba-read-groups|samba-hidden
*(from redmine: issue id 5054, created on 2016-08-08)*
* Custom Fields:
* Bug in version: 1.0.14
* Support contract: NoneFusionDirectory 1.5bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/5449CSV Import - Option Warn with report on duplicate uid or Fail with report on ...2022-02-21T21:03:24ZGhost UserCSV Import - Option Warn with report on duplicate uid or Fail with report on duplicate uidOn import, a person would be able to choose *Warn on duplicate entry*, to let the import proceed with warnings on records which failed because of an already existing uid. At the completion of the import they would be able to see a list o...On import, a person would be able to choose *Warn on duplicate entry*, to let the import proceed with warnings on records which failed because of an already existing uid. At the completion of the import they would be able to see a list or export the list as a csv of records not imported in order to address the ldap entry if it requires altering.
If the user chose to *Fail on duplicate entry*, they would have access to a report of those records not imported, or, it would explicitly show for which record the import failed. This way the user would be able to make note of the problem record, continue the import, until the next fail repeat.
There is also room for a more advanced Interactive option to allow the user choose what to do with the record in conflict.FusionDirectory 1.5dockx thibaultdockx thibaulthttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/5597DHCP - no warning when adding a network range in both subnet and pool2022-09-30T18:44:19ZjbecotDHCP - no warning when adding a network range in both subnet and pool### Description
If I set a range in a subnet, and then add a pool which serves the same subnet, no splash error is displayed
### Distribution Name and Version
<!-- Required -->
<!-- Debian, Centos -->
### FusionDirectory Version
1.1...### Description
If I set a range in a subnet, and then add a pool which serves the same subnet, no splash error is displayed
### Distribution Name and Version
<!-- Required -->
<!-- Debian, Centos -->
### FusionDirectory Version
1.1
### Plugin with the defect
plugin-dhcp
### PHP version used
5.6
### Origin of php packages
<!-- Required -->
<!-- Distribution packages, Out of distribution -->
### Steps to Reproduce
<!-- Required -->
1. [First Step]
2. [Second Step]
3. [and so on...]
**Expected behavior:**
Get an error popup saying the pool is already used
**Actual behavior:**
If I set a range in a subnet, and then add a pool which serves the same subnet, no splash error is displayed
Then ISC dhcp won't start complaining for a duplicate address for every address in the range.
**Reproduces how often:**
100%
### Additional Information
<!-- optional -->
<!-- Any additional information, configuration or data that might be necessary to reproduce the issue. -->FusionDirectory 1.5bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/5736fai log should be handled by argonaut server2022-02-21T21:45:04Zbmortierfai log should be handled by argonaut server## Descriptive title for this enhancement
Manage fai log with argonaut-server
### Actual behavior
Actually the fai log is directly read by FusionDirectory and need to be send to a central fai server to be read.
Due to that the opsi a...## Descriptive title for this enhancement
Manage fai log with argonaut-server
### Actual behavior
Actually the fai log is directly read by FusionDirectory and need to be send to a central fai server to be read.
Due to that the opsi and fai workflow are very different.
### Expected behavior
Manage fai log with argonaut-server, it means rewriting the fai log tab to ask argonaut-server for the log.
This will also mean that we need to develop a fai log module for argonaut-client
### Step by step description of new behaviour
<!-- Required -->
1. Got to the fai log tab
2. ask for the kind of log you like to see
3. FusionDirectory will ask argonaut-server to fetch the corresponding log
### Benefits
easier workflow, everything will got trough argonaut-server and clients
### Possible Drawbacks
Difficult to write for fai as the concept is based on files and logs
### Applicable Issues
Deployment andFusionDirectory 1.5https://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/5771Allow to use WebService as another user (aka sudo webservice)2021-08-25T18:54:23ZcoudotAllow to use WebService as another user (aka sudo webservice)## Allow to use WebService as another user (aka sudo webservice)
### Actual behavior
To use WebService, you must login as a FD user (with user and password). This requires for an application to own the user password to be able to call ...## Allow to use WebService as another user (aka sudo webservice)
### Actual behavior
To use WebService, you must login as a FD user (with user and password). This requires for an application to own the user password to be able to call FD webservice, which is not always possible (using SSO) and can also be a security issue.
### Expected behavior
We should have an option allowing to authenticate to webservice with a technical account and pass the identity of the user for whom we need to call the webservice, in order to benefit from FD ACL model.
### Step by step description of new behaviour
* Protect the WebService endpoint with AuthBasic, for example in Apache:
```apache
<Location /fusiondirectory/jsonrpc.php>
AuthType basic
AuthName "FD WebServices"
AuthBasicProvider ldap
AuthLDAPURL "ldap://ldap-server1 ldap-server2/ou=dsa,dc=example,dc=com?cn?one?"
AuthLDAPBindDN cn=fusiondirectory,ou=dsa,dc=example,dc=com
AuthLDAPBindPassword secret
Require ldap-user account1 account2
</Location>
```
* Have an option to be able to call LOGIN WebService without the user password. Here is a proof of concept patch:
```php
# diff /usr/share/fusiondirectory/html/jsonrpc.php /usr/share/fusiondirectory/html/jsonrpc.php.orig
93,99c93
< $conf_allow_nopasswd = 1; // TODO create configuration parameter
< if ( $pwd === NULL and $conf_allow_nopasswd ) {
< $ui = ldap_get_user($user);
< $ui->loadACL();
< } else {
< $ui = ldap_login_user($user, $pwd);
< }
---
> $ui = ldap_login_user($user, $pwd);
```
### Benefits
It would allow a better integration in Web applications using the WebServices.
Let me know if you are interested by a Pull Request for this feature.FusionDirectory 1.5bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/5786Argonaut task doesn't use ACL based on branch2022-02-21T21:40:25ZJonathan SwaelensArgonaut task doesn't use ACL based on branch## Descriptive title for this enhancement
Argonaut task doesn't use ACL based on branch
### Actual behavior
Argonaut task need an ACL on the root so that user could use scheduling
### Expected behavior
Add ACL on a branch and the us...## Descriptive title for this enhancement
Argonaut task doesn't use ACL based on branch
### Actual behavior
Argonaut task need an ACL on the root so that user could use scheduling
### Expected behavior
Add ACL on a branch and the user may directly use scheduling. They not need Argonaut task right on root
### Step by step description of new behaviour
1. Add acl on a branch
2. Tick a system and launch a scheduling
3. Have the right to make the scheduling
### Benefits
More easy to manage the ACL because we not need to remember that Argonaut task need ACL on root
### Possible Drawbacks
None
### Applicable Issues
Always when we use the Argonaut tasksFusionDirectory 1.5dockx thibaultdockx thibaulthttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6068Auto Fill SupannType for supann Composite Attribute2022-02-21T21:41:21ZagallavardinAuto Fill SupannType for supann Composite Attribute### Requirements
Supann Plugin installed
## Descriptive title for this enhancement
When adding information in fdSupannRelationEntite ( supann extension) or supannRoleEntite( user's supann tab) the type and supannCodeEntite of one enti...### Requirements
Supann Plugin installed
## Descriptive title for this enhancement
When adding information in fdSupannRelationEntite ( supann extension) or supannRoleEntite( user's supann tab) the type and supannCodeEntite of one entity is mandatory
### Actual behavior
Type and label has been set manually and separatly. In my mind supannCodeEntite and type MUST be coherent and corresponding of the type stored in the structure selected
Have to confirm with the Supann guide.
### Expected behavior
Type of structure on "role" in user screen and "Relation" in Supann-ext tab should be set up automatically by choosing the structure)
### Step by step description of new behaviour
supann structure contain an entity with
* supannCodeEntite = COMPANY
* supannTypeEntite = {ACME}C001
Ex for user supann Role
1. choose a role ( ex RESP of supann referential)
2. choose the entity COMPANY
3. save
The supannRoleEntity field should contains : [role={SUPANN}RESP][type={ACME}C001][code=COMPANY]
### Benefits
Supann information more coherent on user screen and supann-ext
### Possible Drawbacks
no drawbacks in my mindFusionDirectory 1.5https://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/5962Support Header authentication in webservice2021-05-27T13:58:41ZcoudotSupport Header authentication in webserviceLemonLDAP::NG can protect a WebService by sending to it a header with the user identity. Is could be great that FD webservice can use this header as authentication, just like it is done for the web application.LemonLDAP::NG can protect a WebService by sending to it a header with the user identity. Is could be great that FD webservice can use this header as authentication, just like it is done for the web application.FusionDirectory 1.5bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6023If mailbox creation failed at user creation, you get stuck2022-12-07T10:40:06ZJonathan SwaelensIf mailbox creation failed at user creation, you get stuck### Description
I was trying to create a user with a mailbox (on cyrus). The mailbox creation failed but when I wanted apply again FusionDirectory told me that an user with my uid already exist.
### Distribution Name and Version
Debia...### Description
I was trying to create a user with a mailbox (on cyrus). The mailbox creation failed but when I wanted apply again FusionDirectory told me that an user with my uid already exist.
### Distribution Name and Version
Debian Buster
### FusionDirectory Version
1.4
### Plugin with the defect
mail
### PHP version used
7
### Origin of php packages
Distribution
### Steps to Reproduce
1. Set fdMailAttribute on mail and disable cyrus unix style
2. Create an user with a mail on cyrus server
3. If you try to apply again after the mailbox creation error it will say the uid already exist
**Expected behavior:**
Not create the user if the mailbox creation fail
**Actual behavior:**
It create the user same if the mailbox creation fail
**Reproduces how often:**
100%FusionDirectory 1.5Jonathan SwaelensJonathan Swaelens2019-12-18https://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6045Adapt plugins to deletion workflow2022-02-21T21:17:54ZCôme ChillietAdapt plugins to deletion workflowSee fd#6091
Should fix errors when deleting an account with SupAnn CMS tab.See fd#6091
Should fix errors when deleting an account with SupAnn CMS tab.FusionDirectory 1.5dockx thibaultdockx thibaulthttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6047A better way of managing SupAnn lists2022-10-25T08:12:49ZbmortierA better way of managing SupAnn lists## Descriptive title for this enhancement
<!-- required -->
designing a better way to manage supann list
### Actual behavior
<!-- What actually happens -->
Actually we read list from disk and those list a created from the bcn
* act...## Descriptive title for this enhancement
<!-- required -->
designing a better way to manage supann list
### Actual behavior
<!-- What actually happens -->
Actually we read list from disk and those list a created from the bcn
* activite_CNU
* activite_REFERENS
* affiliation
* corps_NCORPS
* diplome_SISE
* discipline_SISE
* entite_SUPANN
* etablissement_SUPANN
* eturegimeinscription_SISE
* role_SUPANN
* typediplome_SISE
most of the time the people are not happy with the list because :
* They are huge an not very usefull for their specific cases
* they cannot remove entries in the file because it will be erased on next upgrade
* If the file where not erased but backuped, it still will need manual editing of the file who his cumbersome
### Expected behavior
<!-- What you expect to happen-->
Have to possibility to store lists in the fusiondirectory backend tab supann to replace the lists sroted on disk
### Step by step description of new behaviour
<!-- Required -->
1. Look into his backend to know if a list is filled in the configuration backend
2. If this list is filled it would just use the data from the configuration backend on would not charge the file form disk
we could to that at startup maybe with a flag telling the plugin which list should be taken from disk and wich not
or
we could just flag the list in the configuration backend as used or not used and stored that in seesion so the plugin now where to look for data
### Benefits
<!-- optional -->
<!-- What benefits will be realized by the code change? -->
* Better usability for users
* Better configurability because those list have lots of variations in each location
### Possible Drawbacks
<!-- optional -->
<!-- What are the possible side-effects or negative impacts of the code change? -->
need to think ou to split the supann tab in configuration to not getting huge
### Applicable Issues
full discussion in french https://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/wikis/meeting-supann-list-2020-04-30
<!-- optional -->
<!-- Enter any applicable Issues here -->FusionDirectory 1.5dockx thibaultdockx thibaulthttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6051IMAP error when activating mail tab on group with dovecot plugin2022-12-07T10:43:27Zemmanuel thetasIMAP error when activating mail tab on group with dovecot plugin### Description
error message when I activate mail on a posix group :
... : Can not authenticate to IMAP server: [CLOSED] IMAP connection broken (authenticate)
### Distribution Name and Version
Centos7
### FusionDirectory Version
...### Description
error message when I activate mail on a posix group :
... : Can not authenticate to IMAP server: [CLOSED] IMAP connection broken (authenticate)
### Distribution Name and Version
Centos7
### FusionDirectory Version
1.3-fixes
### Plugin with the defect
dovecot
### PHP version used
7.1
### Origin of php packages
from https://integration.fusiondirectory.org/repos/fixes-releases/rpm/rhel/7/fusiondirectory-13-fixes/RPMS/
### Steps to Reproduce
1. configure dovecot services on mail server (in system settings)
2. activate mail on posix group with mail address and mail server
3. validate data
=> error!
**Expected behavior:**
<!-- What you expect to happen-->
nothing. I don't want an imap connexion with mail group, only for mail user
<!-- What actually happens -->
Imap connection, so error, for mail group
<!-- What percentage of the time does it reproduce?-->
100%
### Additional Information
I use dovecot module for user mail quota.FusionDirectory 1.5bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6055Add a basic kerberos plugin2022-12-07T10:34:10ZCôme ChillietAdd a basic kerberos pluginFor now, just show the fields as text fields, so that kerberos information on users is not lost by FD.
https://gitlab.opensides.be/telecomsudparis/Migration-FusionDirectory-OpenLDAP/-/issues/111For now, just show the fields as text fields, so that kerberos information on users is not lost by FD.
https://gitlab.opensides.be/telecomsudparis/Migration-FusionDirectory-OpenLDAP/-/issues/111FusionDirectory 1.5dockx thibaultdockx thibaulthttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6078check the new api from PARTAGE to see what we need to implement to support al...2022-11-25T10:13:32Zbmortiercheck the new api from PARTAGE to see what we need to implement to support all the new functionalitiesHello,
PARTAGE from RENATER updated their api and added several new interesting functionalities :
* make a list of what we support actually and where in FusionDirectory
* look at the api and conceptualize how to implement the various f...Hello,
PARTAGE from RENATER updated their api and added several new interesting functionalities :
* make a list of what we support actually and where in FusionDirectory
* look at the api and conceptualize how to implement the various functionnalities in Fusiondirectory
I will ask for a test account on PARTAGE but we should start without it
[API_PARTAGE_2.4.pdf](/uploads/37b48ab07d350bec77d221b4efd58b1d/API_BSS_Documentation.pdf)FusionDirectory 1.5dockx thibaultdockx thibaulthttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6081Do not record empty memberUid within mixedgroups2023-02-02T11:25:07ZDanjean VincentDo not record empty memberUid within mixedgroups### Description
I'm using fusiondirectory 1.3 through Debian package (locally recompiled for buster).
I'm using the mixedgroups plugin.
When I create a mixedgroup with one user and several (sub-)groups, I got an error about duplicate (...### Description
I'm using fusiondirectory 1.3 through Debian package (locally recompiled for buster).
I'm using the mixedgroups plugin.
When I create a mixedgroup with one user and several (sub-)groups, I got an error about duplicate (empty) memberUid.
Indeed, this is due to the fact that the plugin gets a 'uid' attribute for all its entries, even for (sub-)groups that do not have 'uid' attribute.
I fixed this locally with this patch:
In ogroups/mixedgroups/class_mixedGroup.inc, in prepare_save(), I replace:
```php
foreach ($members as $dn) {
$ldap->cat($dn, array('uid'));
$attrs = $ldap->fetch();
$memberUid[] = $attrs['uid'][0];
}
```
by
```php
foreach ($members as $dn) {
$ldap->cat($dn, array('uid'));
$attrs = $ldap->fetch();
/* Some members (other groups) do not have uid
* Adding a empty uid is not a problem, but adding two or more is */
if ($attrs['uid'][0] != '') {
$memberUid[] = $attrs['uid'][0];
}
}
```
Note: it solve my problem but you might want to do other things, for example:
- allows empty uid but skip entries with no uid attribute (my patch does the same thing for both cases)
- check that there are no duplicate uid (empty or not). If there are:
- return an error
- cleanup the list to keep only unique values
- or ...
Regards
Vincent
PS: the code in gitlab seems to be the same in the 1.4 branch, so this bug does not seem already fixed.FusionDirectory 1.5dockx thibaultdockx thibault2022-04-13https://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6104Mail methods refactor2022-03-03T11:00:44ZCôme ChillietMail methods refactorMail method should be refactored so that:
- We avoid duplicated code in mailAccount/mailGroup/sympaAliasPartage
- We avoid connecting to the mail server when it’s not needed
- Even lazily load quota info to speed-up account edition?
- Su...Mail method should be refactored so that:
- We avoid duplicated code in mailAccount/mailGroup/sympaAliasPartage
- We avoid connecting to the mail server when it’s not needed
- Even lazily load quota info to speed-up account edition?
- Support correctly server change (partly done)
- Maybe improve server change with the same method?
- Hide non-supported fields (or check that this is the case already)FusionDirectory 1.5dockx thibaultdockx thibault