fusiondirectory-plugins issueshttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues2022-02-21T21:00:18Zhttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6153Adapt the plugins code for the new system with unicity in LDAP2022-02-21T21:00:18ZJonathan SwaelensAdapt the plugins code for the new system with unicity in LDAP## Descriptive title for this enhancement
Related to https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6194 we will need to adapt our code so that it will be working correctly.
### Actual behavior
Unicity use in the code
...## Descriptive title for this enhancement
Related to https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6194 we will need to adapt our code so that it will be working correctly.
### Actual behavior
Unicity use in the code
### Expected behavior
Unicity configuration will be taken from the LDAP
### Step by step description of new behaviour
See https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6194
### Benefits
See https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6194
### Possible Drawbacks
See https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6194
### Applicable Issues
NoneFusionDirectory 1.5bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6152Make a page that let the user archive their account when they not need it any...2022-02-21T21:01:13ZJonathan SwaelensMake a page that let the user archive their account when they not need it anymore## Descriptive title for this enhancement
A page kind of the reset password, but that will use the web service to archive the user after verification.
### Actual behavior
None existent
### Expected behavior
Having a way to let the u...## Descriptive title for this enhancement
A page kind of the reset password, but that will use the web service to archive the user after verification.
### Actual behavior
None existent
### Expected behavior
Having a way to let the user archive their own account
### Step by step description of new behaviour
1. Going to the archive page
2. Verifying the user
3. Archive his account
4. Maybe display the information that are kept
### Benefits
The users possess his own data and have a way to close his account without contacting an administrator.
It also encourages and "enforce" the management and respect of the data that must be kept after closing an account.
### Possible Drawbacks
None
### Applicable Issues
NoneFusionDirectory 1.5bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6149Add webservice overlay functions that matches the interface2022-12-07T10:31:26ZJonathan SwaelensAdd webservice overlay functions that matches the interface## Descriptive title for this enhancement
Each type element (user, server, ogroup, posixgroup...) must have his endpoint and the different method GET, POST, PUT, PATCH, DELETE
For example, /user, /ogroup, /posixgroup... for POST and /...## Descriptive title for this enhancement
Each type element (user, server, ogroup, posixgroup...) must have his endpoint and the different method GET, POST, PUT, PATCH, DELETE
For example, /user, /ogroup, /posixgroup... for POST and /user/dn for PATCH, PUT and DELETE
### Actual behavior
We use the "generic" endpoint like /objects/user/
### Expected behavior
Instead of the "generic" endpoint, we want something more user-friendly like /user
### Step by step description of new behavior
1. The new endpoint not replace the generic one
2. The new endpoint will use the generic endpoint inside the code
### Benefits
It will be more user-friendly to use /posixgroup to create a group instead of /objects/posixgroup
### Possible Drawbacks
None because it's an overlay of the actual code
### Applicable Issues
NoneFusionDirectory 1.5dockx thibaultdockx thibault2022-03-25https://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6148Fix webservice to add functions functions related to serviceManagement2022-12-07T10:31:38ZJonathan SwaelensFix webservice to add functions functions related to serviceManagement### Description
We cannot do any operations on services
### Distribution Name and Version
Debian Buster
### FusionDirectory Version
1.4
### Plugin with the defect
webservice
### PHP version used
php7
### Origin of php packages
...### Description
We cannot do any operations on services
### Distribution Name and Version
Debian Buster
### FusionDirectory Version
1.4
### Plugin with the defect
webservice
### PHP version used
php7
### Origin of php packages
Debian
### Steps to Reproduce
1. Create a server with argonautDNSConfig as service
2. Source the script and run the command
```
#!/bin/env bash
declare URL='https://demo-dev-all-buster.fusiondirectory.org/fusiondirectory//rest.php/v1/'
declare LOGIN='X'
declare PASSWORD='X'
# Short CURL
function C(){
command -- "curl" "-s" "-H" "Content-Type: application/json" "${URL}${@}"
}
# Grab TOKEN
TOKEN=$(C \
'/login' \
-X POST \
--data \
'{
"user": "'"$LOGIN"'",
"password": "'"$PASSWORD"'"
}'
)
TOKEN=$(tr -d '"' <<< "$TOKEN")
# Redfine C
function C(){
command -- "curl" "-s" "-H" "Content-Type: application/json" "-H" "SESSION-TOKEN: $TOKEN" "${URL}${@}" | jq .
}
```
```
C /objects/server/cn=demo-dev,ou=servers,ou=systems,dc=demo-fusiondirectory,dc=org/servicesManagement
{}
```
3. the result doesn't show the argonautDNSConfig service
**Expected behavior:**
We must see something like
```
Argonaut DNS settings
```
And be able to see the content and modify / add other services
**Actual behavior:**
Actually, it shows an empty JSON
**Reproduces how often:**
100FusionDirectory 1.5dockx thibaultdockx thibault2022-03-28https://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6147Review code for samba3 and samba42022-12-07T10:35:48ZJonathan SwaelensReview code for samba3 and samba4## Descriptive title for this enhancement
Review code for samba3 and samba4
### Benefits
See what have changed and keep the plugin updated with samba features
### Possible Drawbacks
Compatibility with older version of samba and fusi...## Descriptive title for this enhancement
Review code for samba3 and samba4
### Benefits
See what have changed and keep the plugin updated with samba features
### Possible Drawbacks
Compatibility with older version of samba and fusiondirectoryFusionDirectory 1.5bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6146Support the changetype operation in LDIF2022-12-07T10:36:00ZJonathan SwaelensSupport the changetype operation in LDIF## Descriptive title for this enhancement
Support the changetype: delete operation in LDIF
### Actual behavior
It only let us doing add operation
### Expected behavior
Having a way to delete or maybe modify
### Benefits
It let use...## Descriptive title for this enhancement
Support the changetype: delete operation in LDIF
### Actual behavior
It only let us doing add operation
### Expected behavior
Having a way to delete or maybe modify
### Benefits
It let users using FusionDirectory for "pure" ldap operation and it can help modify or remove elements that can give FusionDirectory trouble
### Possible Drawbacks
NoneFusionDirectory 1.5bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6119Wrong value with keyboard-configuration debconf2022-12-07T10:39:38ZJonathan SwaelensWrong value with keyboard-configuration debconf### Description
Wrong value with keyboard-configuration debconf
### Distribution Name and Version
Debian buster
### FusionDirectory Version
1.4
### Plugin with the defect
fai
### PHP version used
php7
### Origin of php packages...### Description
Wrong value with keyboard-configuration debconf
### Distribution Name and Version
Debian buster
### FusionDirectory Version
1.4
### Plugin with the defect
fai
### PHP version used
php7
### Origin of php packages
distribution
### Steps to Reproduce
Making a setup through FAI selection "Belgian" in keyboard configuration package set "belgian" in /etc/default/keyboard but the right configuration must have "be"
**Reproduces how often:**
100%FusionDirectory 1.5Jonathan SwaelensJonathan Swaelenshttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6116ldapdump does not show most operational attributes2023-01-12T14:19:41ZBeland Danielldapdump does not show most operational attributes## Descriptive title for this enhancement
Display all operation attributes
### Actual behavior
Only some operational attributes are shown
### Expected behavior
When I select the LDAP tab, I'd like to see all the entry attributes inc...## Descriptive title for this enhancement
Display all operation attributes
### Actual behavior
Only some operational attributes are shown
### Expected behavior
When I select the LDAP tab, I'd like to see all the entry attributes including all operational attributes
### Step by step description of new behaviour
1. Configure overlays that add operational attributes like memberof or lastbind
2. Open an entry and select the LDAP tab
3. Most operational attributes are not shown (memberOf, authTimestamp), although some are shown (createTimestamp, modifyTimestamp)
### Benefits
So I don't need to do a cli ldapsearch to see them
### Possible Drawbacks
None I can seeFusionDirectory 1.5bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6104Mail methods refactor2022-03-03T11:00:44ZCôme ChillietMail methods refactorMail method should be refactored so that:
- We avoid duplicated code in mailAccount/mailGroup/sympaAliasPartage
- We avoid connecting to the mail server when it’s not needed
- Even lazily load quota info to speed-up account edition?
- Su...Mail method should be refactored so that:
- We avoid duplicated code in mailAccount/mailGroup/sympaAliasPartage
- We avoid connecting to the mail server when it’s not needed
- Even lazily load quota info to speed-up account edition?
- Support correctly server change (partly done)
- Maybe improve server change with the same method?
- Hide non-supported fields (or check that this is the case already)FusionDirectory 1.5dockx thibaultdockx thibaulthttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6081Do not record empty memberUid within mixedgroups2023-02-02T11:25:07ZDanjean VincentDo not record empty memberUid within mixedgroups### Description
I'm using fusiondirectory 1.3 through Debian package (locally recompiled for buster).
I'm using the mixedgroups plugin.
When I create a mixedgroup with one user and several (sub-)groups, I got an error about duplicate (...### Description
I'm using fusiondirectory 1.3 through Debian package (locally recompiled for buster).
I'm using the mixedgroups plugin.
When I create a mixedgroup with one user and several (sub-)groups, I got an error about duplicate (empty) memberUid.
Indeed, this is due to the fact that the plugin gets a 'uid' attribute for all its entries, even for (sub-)groups that do not have 'uid' attribute.
I fixed this locally with this patch:
In ogroups/mixedgroups/class_mixedGroup.inc, in prepare_save(), I replace:
```php
foreach ($members as $dn) {
$ldap->cat($dn, array('uid'));
$attrs = $ldap->fetch();
$memberUid[] = $attrs['uid'][0];
}
```
by
```php
foreach ($members as $dn) {
$ldap->cat($dn, array('uid'));
$attrs = $ldap->fetch();
/* Some members (other groups) do not have uid
* Adding a empty uid is not a problem, but adding two or more is */
if ($attrs['uid'][0] != '') {
$memberUid[] = $attrs['uid'][0];
}
}
```
Note: it solve my problem but you might want to do other things, for example:
- allows empty uid but skip entries with no uid attribute (my patch does the same thing for both cases)
- check that there are no duplicate uid (empty or not). If there are:
- return an error
- cleanup the list to keep only unique values
- or ...
Regards
Vincent
PS: the code in gitlab seems to be the same in the 1.4 branch, so this bug does not seem already fixed.FusionDirectory 1.5dockx thibaultdockx thibault2022-04-13https://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6078check the new api from PARTAGE to see what we need to implement to support al...2022-11-25T10:13:32Zbmortiercheck the new api from PARTAGE to see what we need to implement to support all the new functionalitiesHello,
PARTAGE from RENATER updated their api and added several new interesting functionalities :
* make a list of what we support actually and where in FusionDirectory
* look at the api and conceptualize how to implement the various f...Hello,
PARTAGE from RENATER updated their api and added several new interesting functionalities :
* make a list of what we support actually and where in FusionDirectory
* look at the api and conceptualize how to implement the various functionnalities in Fusiondirectory
I will ask for a test account on PARTAGE but we should start without it
[API_PARTAGE_2.4.pdf](/uploads/37b48ab07d350bec77d221b4efd58b1d/API_BSS_Documentation.pdf)FusionDirectory 1.5dockx thibaultdockx thibaulthttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6055Add a basic kerberos plugin2022-12-07T10:34:10ZCôme ChillietAdd a basic kerberos pluginFor now, just show the fields as text fields, so that kerberos information on users is not lost by FD.
https://gitlab.opensides.be/telecomsudparis/Migration-FusionDirectory-OpenLDAP/-/issues/111For now, just show the fields as text fields, so that kerberos information on users is not lost by FD.
https://gitlab.opensides.be/telecomsudparis/Migration-FusionDirectory-OpenLDAP/-/issues/111FusionDirectory 1.5dockx thibaultdockx thibaulthttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6051IMAP error when activating mail tab on group with dovecot plugin2022-12-07T10:43:27Zemmanuel thetasIMAP error when activating mail tab on group with dovecot plugin### Description
error message when I activate mail on a posix group :
... : Can not authenticate to IMAP server: [CLOSED] IMAP connection broken (authenticate)
### Distribution Name and Version
Centos7
### FusionDirectory Version
...### Description
error message when I activate mail on a posix group :
... : Can not authenticate to IMAP server: [CLOSED] IMAP connection broken (authenticate)
### Distribution Name and Version
Centos7
### FusionDirectory Version
1.3-fixes
### Plugin with the defect
dovecot
### PHP version used
7.1
### Origin of php packages
from https://integration.fusiondirectory.org/repos/fixes-releases/rpm/rhel/7/fusiondirectory-13-fixes/RPMS/
### Steps to Reproduce
1. configure dovecot services on mail server (in system settings)
2. activate mail on posix group with mail address and mail server
3. validate data
=> error!
**Expected behavior:**
<!-- What you expect to happen-->
nothing. I don't want an imap connexion with mail group, only for mail user
<!-- What actually happens -->
Imap connection, so error, for mail group
<!-- What percentage of the time does it reproduce?-->
100%
### Additional Information
I use dovecot module for user mail quota.FusionDirectory 1.5bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6047A better way of managing SupAnn lists2022-10-25T08:12:49ZbmortierA better way of managing SupAnn lists## Descriptive title for this enhancement
<!-- required -->
designing a better way to manage supann list
### Actual behavior
<!-- What actually happens -->
Actually we read list from disk and those list a created from the bcn
* act...## Descriptive title for this enhancement
<!-- required -->
designing a better way to manage supann list
### Actual behavior
<!-- What actually happens -->
Actually we read list from disk and those list a created from the bcn
* activite_CNU
* activite_REFERENS
* affiliation
* corps_NCORPS
* diplome_SISE
* discipline_SISE
* entite_SUPANN
* etablissement_SUPANN
* eturegimeinscription_SISE
* role_SUPANN
* typediplome_SISE
most of the time the people are not happy with the list because :
* They are huge an not very usefull for their specific cases
* they cannot remove entries in the file because it will be erased on next upgrade
* If the file where not erased but backuped, it still will need manual editing of the file who his cumbersome
### Expected behavior
<!-- What you expect to happen-->
Have to possibility to store lists in the fusiondirectory backend tab supann to replace the lists sroted on disk
### Step by step description of new behaviour
<!-- Required -->
1. Look into his backend to know if a list is filled in the configuration backend
2. If this list is filled it would just use the data from the configuration backend on would not charge the file form disk
we could to that at startup maybe with a flag telling the plugin which list should be taken from disk and wich not
or
we could just flag the list in the configuration backend as used or not used and stored that in seesion so the plugin now where to look for data
### Benefits
<!-- optional -->
<!-- What benefits will be realized by the code change? -->
* Better usability for users
* Better configurability because those list have lots of variations in each location
### Possible Drawbacks
<!-- optional -->
<!-- What are the possible side-effects or negative impacts of the code change? -->
need to think ou to split the supann tab in configuration to not getting huge
### Applicable Issues
full discussion in french https://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/wikis/meeting-supann-list-2020-04-30
<!-- optional -->
<!-- Enter any applicable Issues here -->FusionDirectory 1.5dockx thibaultdockx thibaulthttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6045Adapt plugins to deletion workflow2022-02-21T21:17:54ZCôme ChillietAdapt plugins to deletion workflowSee fd#6091
Should fix errors when deleting an account with SupAnn CMS tab.See fd#6091
Should fix errors when deleting an account with SupAnn CMS tab.FusionDirectory 1.5dockx thibaultdockx thibaulthttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6023If mailbox creation failed at user creation, you get stuck2022-12-07T10:40:06ZJonathan SwaelensIf mailbox creation failed at user creation, you get stuck### Description
I was trying to create a user with a mailbox (on cyrus). The mailbox creation failed but when I wanted apply again FusionDirectory told me that an user with my uid already exist.
### Distribution Name and Version
Debia...### Description
I was trying to create a user with a mailbox (on cyrus). The mailbox creation failed but when I wanted apply again FusionDirectory told me that an user with my uid already exist.
### Distribution Name and Version
Debian Buster
### FusionDirectory Version
1.4
### Plugin with the defect
mail
### PHP version used
7
### Origin of php packages
Distribution
### Steps to Reproduce
1. Set fdMailAttribute on mail and disable cyrus unix style
2. Create an user with a mail on cyrus server
3. If you try to apply again after the mailbox creation error it will say the uid already exist
**Expected behavior:**
Not create the user if the mailbox creation fail
**Actual behavior:**
It create the user same if the mailbox creation fail
**Reproduces how often:**
100%FusionDirectory 1.5Jonathan SwaelensJonathan Swaelens2019-12-18https://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/5997xml syntax of FD diffusion acquisition in case of error2022-09-30T18:44:06Zagallavardinxml syntax of FD diffusion acquisition in case of error### Description
Xml generated for sinaps transaction seems incorrect
### Distribution Name and Version
Debian 9
### FusionDirectory Version
1.3-fixes
### Plugin with the defect
sinaps
### PHP version used
PHP 7.0.33-0+deb9u5
### Or...### Description
Xml generated for sinaps transaction seems incorrect
### Distribution Name and Version
Debian 9
### FusionDirectory Version
1.3-fixes
### Plugin with the defect
sinaps
### PHP version used
PHP 7.0.33-0+deb9u5
### Origin of php packages
debian
### Steps to Reproduce
1. SINAPS launch diffusion to FD on a already created user
2. error occur because "the entry already use this 'Login' attribute!"
**Expected behavior:**
Fusiondirectory should response a correct answer with "identifiantObjApp"
**Actual behavior:**
FusionDirectory answer :
```
<?xml version="1.0" encoding="UTF-8"?>
<acq:Acquittement xmlns:acq="http://referentiels.SINAPS.amue.fr/acquittementFonctionnel">
<ResponseCode>200</ResponseCode>
<messageAcquittement>The entry '<dn of the user>' already use this 'Login' attribute!</messageAcquittement>
<codeAcquittement>15</codeAcquittement>
<identifiantObjApp/>
</acq:Acquittement>
```
`<identifiantObjApp>` seems missing
**Reproduces how often:**
not enough iterations to be sure
### Additional Information
It may be related to #5963agallavardinagallavardinhttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6018Cannot lock users in FD with the pwd check module enabled and not using rootDN2020-03-21T14:45:02ZsfrogerCannot lock users in FD with the pwd check module enabled and not using rootDN### Description
Context: FusionDirectory is using a regular DSA account with write privileges to connect to OpenLDAP, and not using the directory rootDN.
When a FD user wants to lock an account that has a password policy with a pwdChec...### Description
Context: FusionDirectory is using a regular DSA account with write privileges to connect to OpenLDAP, and not using the directory rootDN.
When a FD user wants to lock an account that has a password policy with a pwdCheckModule enabled and quality set to 2, he gets this error:
```
LDAP modify operation failed!
Object: uid=tpolicy,ou=users,dc=my-domain,dc=com
Error: Constraint violation (Password fails quality checking policy, while operating on 'uid=tpolicy,ou=users,dc=my-domain,dc=com' using LDAP server 'ldap://localhost:2389')
```
### Distribution Name and Version
Debian stretch
### FusionDirectory Version
1.3-1
#### PHP version used
PHP 7.0.33-0+deb9u3
### Origin of php packages
debian
### Steps to Reproduce
1. Configure FD to connect to OpenLDAP using a DSA account with write privileges on your branch instead of rootDN
2. Activate ppolicy module in OpenLDAP and ppolicy plugin in FD
3. Activate a check module on a password policy (in our case, we used LTB's PPM https://github.com/ltb-project/ppm) :
```
objectClass: pwdPolicyChecker
pwdCheckModule: /usr/local/openldap/lib64/ppm.so
pwdCheckQuality: 2
```
3. Add this password policy to a user
4. Try to lock / unlock the user: the action will fail as FD is trying to edit the password by adding à "!" between the password method and encrypted password, which is rejected by the pwd quality checker as it cannot checks quality on encoded password and is set to reject password on module failure.
5. Trying to change the user password using any other method than "clear" will also result in an error message: the password is rejected by the pwd quality checker for same reason than above.
**Expected behavior:**
When pwdCheckQuality is set to 2 and a policy checker is set, password should only be updated using clear/plain text method so the password policy can check. It would be nice to be able to deactivate the password method choice from user edition page depending on the current ppolicy.
Also, the lock/unlock could set the pwdAccountLockedTime attribute at value '000001010000Z' which will result in permanent locking, instead of manipulating the encoded value of the user password.
**Actual behavior:**
Managers cannot lock account using FD functionality and have errors when changing password using another password method than "clear" if FD is not using the RootDN account that do not trigger password quality checks.
**Reproduces how often:**
100%bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/5962Support Header authentication in webservice2021-05-27T13:58:41ZcoudotSupport Header authentication in webserviceLemonLDAP::NG can protect a WebService by sending to it a header with the user identity. Is could be great that FD webservice can use this header as authentication, just like it is done for the web application.LemonLDAP::NG can protect a WebService by sending to it a header with the user identity. Is could be great that FD webservice can use this header as authentication, just like it is done for the web application.FusionDirectory 1.5bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6068Auto Fill SupannType for supann Composite Attribute2022-02-21T21:41:21ZagallavardinAuto Fill SupannType for supann Composite Attribute### Requirements
Supann Plugin installed
## Descriptive title for this enhancement
When adding information in fdSupannRelationEntite ( supann extension) or supannRoleEntite( user's supann tab) the type and supannCodeEntite of one enti...### Requirements
Supann Plugin installed
## Descriptive title for this enhancement
When adding information in fdSupannRelationEntite ( supann extension) or supannRoleEntite( user's supann tab) the type and supannCodeEntite of one entity is mandatory
### Actual behavior
Type and label has been set manually and separatly. In my mind supannCodeEntite and type MUST be coherent and corresponding of the type stored in the structure selected
Have to confirm with the Supann guide.
### Expected behavior
Type of structure on "role" in user screen and "Relation" in Supann-ext tab should be set up automatically by choosing the structure)
### Step by step description of new behaviour
supann structure contain an entity with
* supannCodeEntite = COMPANY
* supannTypeEntite = {ACME}C001
Ex for user supann Role
1. choose a role ( ex RESP of supann referential)
2. choose the entity COMPANY
3. save
The supannRoleEntity field should contains : [role={SUPANN}RESP][type={ACME}C001][code=COMPANY]
### Benefits
Supann information more coherent on user screen and supann-ext
### Possible Drawbacks
no drawbacks in my mindFusionDirectory 1.5