fusiondirectory issueshttps://gitlab.fusiondirectory.org/groups/fusiondirectory/-/issues2018-01-10T16:41:55Zhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/5699Multiple MAC addresses2018-01-10T16:41:55ZbmortierMultiple MAC addressesWhy can't a system have multiple MAC adresses ?
In network parameters we can add multiple IP but only one MAC.Why can't a system have multiple MAC adresses ?
In network parameters we can add multiple IP but only one MAC.bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6160Cannot create Group with mail address using Rest API2023-03-09T15:39:32ZbmortierCannot create Group with mail address using Rest APIHi!
### Description
Using the rest API (https://rest-api.fusiondirectory.info), I cannot create a group with mail address, I get this error [{"message":"This tab does not exists: \"mailGroup\"","line":469,"file":"/usr/share/fusiondirec...Hi!
### Description
Using the rest API (https://rest-api.fusiondirectory.info), I cannot create a group with mail address, I get this error [{"message":"This tab does not exists: \"mailGroup\"","line":469,"file":"/usr/share/fusiondirectory/include/webservice/class_fdRPCService.inc"}]
Mail address can only be added to group on update, never during creation. I've noticed it only happens when the mailGroup tab is placed before the ogroup tab in the posted data (group creation succeeds if the mailGroup is placed after the ogroup).
I don't have this error when adding a user with a mail address when the mailAccount tab is placed before the user tab in the posted data.
Also, I've noticed something strange: setting a mail to a group during update only works if the group contains at least one valid member: having a 'fake' member value such as "cn=empty" (that is set by refint overlay or for synchronization purpose), mail cannot be set using an update request (still the tab does not exists error), and in the UI, the mail tab is not displayed at all, while it's usually greyed.
### Distribution Name and Version
Centos 7
### FusionDirectory Version
Fusion directory 1.4-dev
### PHP version used
PHP 7.4.16
### Steps to Reproduce
(replace base and member to match existing base/user)
```
curl -X POST -H "Session-Token: $FD_TOKEN" https://fd.poc-sync.wsweet.cloud/rest.php/v1/objects/OGROUP -d '{"attrs":{"mailGroup":{"mail":"test-group@wsweet.local"},"ogroup":{"cn":"test-group","base":"o=poc-sync,dc=wsweet,dc=cloud","description":"Liste de diffusion","member":["uid=someone,ou=users,o=poc-sync,dc=wsweet,dc=cloud"]}}}'
[{"message":"This tab does not exists: \"mailGroup\"","line":469,"file":"/usr/share/fusiondirectory/include/webservice/class_fdRPCService.inc"}]
```
**Expected behavior:**
Should work like it does for user creation :
(replace base to match existing base)
```
curl -X POST -H "Session-Token: $FD_TOKEN" https://fd.poc-sync.wsweet.cloud/rest.php/v1/objects/USER -d '{"attrs":{"mailAccount":{"mail":"test-user@wsweet.local"},"user":{"uid":"test-user","givenName":"test","sn":"user","base":"o=poc-sync,dc=wsweet,dc=cloud"}}}'
"uid=test-user,ou=users,o=poc-sync,dc=wsweet,dc=cloud"
```
### Additional Information
I'm testing/using a FD LSC plugin.bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6129PHP Fatal error when opening a very large group2021-04-29T08:10:22ZbmortierPHP Fatal error when opening a very large group### Description
Trying to open a very large group (>1000 users) will crash the application with a PHP fatal error
### Distribution Name and Version
```
CentOS Linux release 7.9.2009 (Core)
```
### FusionDirectory Version
```
fusiond...### Description
Trying to open a very large group (>1000 users) will crash the application with a PHP fatal error
### Distribution Name and Version
```
CentOS Linux release 7.9.2009 (Core)
```
### FusionDirectory Version
```
fusiondirectory-schema-1.3-1.noarch
fusiondirectory-1.3-1.noarch
fusiondirectory-selinux-1.3-1.noarch
```
### PHP version used
```
php-gd-7.1.33-10.el7.remi.x86_64
php-common-7.1.33-10.el7.remi.x86_64
php-Smarty3-gettext-1.1.0-3.el7.noarch
php-fedora-autoloader-1.0.1-2.el7.remi.noarch
php-xml-7.1.33-10.el7.remi.x86_64
php-json-7.1.33-10.el7.remi.x86_64
php-Smarty-3.1.33-1.el7.remi.noarch
php-ldap-7.1.33-10.el7.remi.x86_64
php-cli-7.1.33-10.el7.remi.x86_64
php-pear-CAS-1.3.8-1.el7.remi.noarch
php-7.1.33-10.el7.remi.x86_64
php-imap-7.1.33-10.el7.remi.x86_64
php-pecl-imagick-3.4.4-10.el7.remi.7.1.x86_64
php-mbstring-7.1.33-10.el7.remi.x86_64
php-pdo-7.1.33-10.el7.remi.x86_64
```
(Also happens with remi-php73, I have not tested other versions)
### Origin of php packages
Remi repo, as suggested by https://fusiondirectory-user-manual.readthedocs.io/en/1.3/fusiondirectory/install/centos/centos-fd-install.html
### Steps to Reproduce
* Create a LDAP group with 2000 members:
```
cn=biggroup,ou=Groups,dc=example,dc=com
objectClass: groupOfNames
objectClass: gosaGroupOfNames
cn: biggroup
gosaGroupObjects: [U]
member: uid=user1,ou=People,dc=example,dc=com
...
member: uid=user1995,ou=People,dc=example,dc=com
member: uid=user1996,ou=People,dc=example,dc=com
member: uid=user1997,ou=People,dc=example,dc=com
member: uid=user1998,ou=People,dc=example,dc=com
member: uid=user1999,ou=People,dc=example,dc=com
```
Try to open it
**Expected behavior:**
The group should be displayed
**Actual behavior:**
```
PHP Fatal error: Uncaught Exception: Unexpected input at line1:
in /usr/share/php/Smarty/sysplugins/smarty_internal_templatelexer.php:368
Stack trace:
#0 /usr/share/php/Smarty/sysplugins/smarty_internal_templatelexer.php(279): Smarty_Internal_Templatelexer->yylex1()
#1 /usr/share/php/Smarty/sysplugins/smarty_internal_smartytemplatecompiler.php(123): Smarty_Internal_Templatelexer->yylex()
#2 /usr/share/php/Smarty/sysplugins/smarty_internal_templatecompilerbase.php(481): Smarty_Internal_SmartyTemplateCompiler->doCompile('{render aclName...', true)
#3 /usr/share/php/Smarty/sysplugins/smarty_internal_templatecompilerbase.php(404): Smarty_Internal_TemplateCompilerBase->compileTemplateSource(Object(Smarty_Internal_Template), false, NULL)
#4 /usr/share/php/Smarty/sysplugins/smarty_resource_recompiled.php(52): Smarty_Internal_TemplateCompilerBase->compileTemplate(Object(Smarty_Internal_Template))
#5 /usr/share/php/Smarty/sysplugins/smarty_template_compiled.php(136): Smarty_Resource_Recompiled->process(Object(Smarty_Internal_Template))
#6 /usr/share/php/Smarty/sysplugins/smarty_template_compiled.php(105): Smarty_Template_Compiled->process(Object(Smarty_Internal_Template))
#7 /usr/share/php/Smarty/sysplugins/smarty_internal_template.php(216): Smarty_Template_Compiled->render(Object(Smarty_Internal_Template))
#8 /usr/share/php/Smarty/sysplugins/smarty_internal_templatebase.php(232): Smarty_Internal_Template->render(false, 0)
#9 /usr/share/php/Smarty/sysplugins/smarty_internal_templatebase.php(116): Smarty_Internal_TemplateBase->_execute(Object(Smarty_Internal_Template), NULL, NULL, NULL, 0)
#10 /var/spool/fusiondirectory/008e1b112f81e70bf51a18a1af6801e672e67891_0.file.simpleplugin_section.tpl.php(40): Smarty_Internal_TemplateBase->fetch()
#11 /usr/share/php/Smarty/sysplugins/smarty_template_resource_base.php(123): content_5fc67d6cccb464_01449562(Object(Smarty_Internal_Template))
#12 /usr/share/php/Smarty/sysplugins/smarty_template_compiled.php(114): Smarty_Template_Resource_Base->getRenderedTemplateCode(Object(Smarty_Internal_Template))
#13 /usr/share/php/Smarty/sysplugins/smarty_internal_template.php(216): Smarty_Template_Compiled->render(Object(Smarty_Internal_Template))
#14 /usr/share/php/Smarty/sysplugins/smarty_internal_templatebase.php(232): Smarty_Internal_Template->render(false, 0)
#15 /usr/share/php/Smarty/sysplugins/smarty_internal_templatebase.php(116): Smarty_Internal_TemplateBase->_execute(Object(Smarty_Internal_Template), NULL, NULL, NULL, 0)
#16 /usr/share/fusiondirectory/include/simpleplugin/class_simplePlugin.inc(858): Smarty_Internal_TemplateBase->fetch('/usr/share/fusi...')
#17 /usr/share/fusiondirectory/include/simpleplugin/class_simplePlugin.inc(707): simplePlugin->renderAttributes(false)
#18 /usr/share/fusiondirectory/include/simpleplugin/class_simpleTabs.inc(209): simplePlugin->execute()
#19 /usr/share/fusiondirectory/include/simpleplugin/class_simpleManagement.inc(588): simpleTabs->execute()
#20 /usr/share/fusiondirectory/include/simpleplugin/class_simpleManagement.inc(1356): simpleManagement->execute()
#21 /usr/share/fusiondirectory/plugins/admin/groups/main.inc(21): simpleManagement::mainInc('groupManagement')
#22 /usr/share/fusiondirectory/html/main.php(284): require('/usr/share/fusi...')
#23 {main}
thrown in /usr/share/php/Smarty/sysplugins/smarty_internal_templatelexer.php on line 368
```
**Reproduces how often:**
Everytime if the group is big enough
### Additional Information
This issue is caused by Smarty, see `/usr/share/php/Smarty/sysplugins/smarty_internal_templatelexer.php` in yylex1:
```php
$this->yy_global_pattern1 =
$this->replace("/\G([{][}])|\G((SMARTYldel)SMARTYal[*])|\G((SMARTYldel)SMARTYalphp([ ].*?)?SMARTYrdel|(SMARTYldel)SMARTYal[\/]phpSMARTYrdel)|\G((SMARTYldel)SMARTYautoliteral\\s+SMARTYliteral)|\G((SMARTYldel)SMARTYalliteral\\s*SMARTYrdel)|\G((SMARTYldel)SMARTYal[\/]literal\\s*SMARTYrdel)|\G((SMARTYldel)SMARTYal)|\G([<][?]((php\\s+|=)|\\s+)|[<][%]|[<][?]xml\\s+|[<]script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*[>]|[?][>]|[%][>])|\G((.*?)(?=((SMARTYldel)SMARTYal|[<][?]((php\\s+|=)|\\s+)|[<][%]|[<][?]xml\\s+|[<]script\\s+language\\s*=\\s*[\"']?\\s*php\\s*[\"']?\\s*[>]|[?][>]|[%][>]SMARTYliteral))|[\s\S]+)/isS");
}
if (!isset($this->dataLength)) {
$this->dataLength = strlen($this->data);
}
if ($this->counter >= $this->dataLength) {
return false; // end of input
}
do {
if (preg_match($this->yy_global_pattern1, $this->data, $yymatches, 0, $this->counter)) {
```
The `preg_match` call usually works, but if the group is too big, Smarty has to parse a very big string, and the match fails.
I was able to solve my issue by setting
```
; default value * 100
pcre.backtrack_limit=10000000
```
in `php.ini`
Here are a few solution ideas:
* ini_set pcre.backtrack_limit to a higher value when loading the app so that huge groups can be displayed
* find a way to send smaller templates to Smarty? probably not a trivial fix
* Catch the PHP exception from smarty and trigger some special processing when the group is too big (friendly error message, etc)FusionDirectory 1.4bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/6031Updating FD 1.2.3 to 1.3.1 on centos 72020-01-30T09:29:02ZbmortierUpdating FD 1.2.3 to 1.3.1 on centos 7Hello Team,
I encountered some problem today trying to update a customer :
### Description
We had a centos with remiphp-56 & fusiondirectory 1.2.3, when we updated to remiphp-71 & fusiondirectory 1.3.1 we had this message on the login...Hello Team,
I encountered some problem today trying to update a customer :
### Description
We had a centos with remiphp-56 & fusiondirectory 1.2.3, when we updated to remiphp-71 & fusiondirectory 1.3.1 we had this message on the login page :
```Fatal error: Uncaught --> Smarty Compiler: Syntax error in template "file:/usr/share/fusiondirectory/ihtml/themes/breezy/login.tpl" on line 16 "{t}Sign in{/t}" unknown tag 't' <-- thrown in /usr/share/php/Smarty/sysplugins/smarty_internal_templatecompilerbase.php on line 16```
### Distribution Name and Version
CentOS Linux release 7.7.1908 (Core)
### FusionDirectory Version
```fusiondirectory-plugin-dsa-schema-1.3-1.noarch
fusiondirectory-plugin-audit-1.3-1.noarch
fusiondirectory-plugin-ppolicy-1.3-1.noarch
fusiondirectory-schema-1.3-1.noarch
fusiondirectory-plugin-alias-schema-1.3-1.noarch
fusiondirectory-plugin-mail-1.3-1.noarch
fusiondirectory-selinux-1.3-1.noarch
fusiondirectory-plugin-ppolicy-schema-1.3-1.noarch
fusiondirectory-1.3-1.noarch
fusiondirectory-plugin-dsa-1.3-1.noarch
fusiondirectory-plugin-mail-schema-1.3-1.noarch
fusiondirectory-plugin-audit-schema-1.3-1.noarch
fusiondirectory-plugin-alias-1.3-1.noarch```
```
### PHP version used
tried remiphp-71 / remiphp-72 / remiphp-73
### Steps to Reproduce
```
yum-config-manager --enable remi-php71
yum update
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/core-fd-conf.schema
fusiondirectory-insert-schema -m /etc/ldap/schema/fusiondirectory/audit-fd.schema
```
**Expected behavior:**
Login page showing correctly
**Actual behavior:**
a smarty bug appens
**Reproduces how often:**
everytime
### Additional Information
For now we have bypassed it by doing this :
```
cd /tmp && wget https://codeload.github.com/smarty-gettext/smarty-gettext/zip/master && mv master master.zip
unzip master.zip
Archive: master.zip
9438931e5a36f8eddd4350a152d7673a585e4a02
creating: smarty-gettext-master/
inflating: smarty-gettext-master/block.t.php
inflating: smarty-gettext-master/function.locale.php
inflating: smarty-gettext-master/tsmarty2c.1
inflating: smarty-gettext-master/tsmarty2c.php
cp -a /usr/share/php/Smarty/ /usr/share/php/Smartybak/
cp -a smarty-gettext-master/* /usr/share/php/Smarty/plugins
```
Thank youbmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/5983Write ACL on user/userRoles/groupsMembership not working when not having full...2021-01-22T10:41:18ZbmortierWrite ACL on user/userRoles/groupsMembership not working when not having full user/user read right### Description
FD displays a message "You have no permission to modify the field "groupsMembership" of object ... " when editing a user group membership, though the user do have an ACL assigned allowing him to do so.
### Distribution ...### Description
FD displays a message "You have no permission to modify the field "groupsMembership" of object ... " when editing a user group membership, though the user do have an ACL assigned allowing him to do so.
### Distribution Name and Version
Debian jessie
### FusionDirectory Version
1.3
### PHP version used
PHP 5.6.40-0+deb8u2
### Origin of php packages
debian
### Steps to Reproduce
1. Create user A
1. Create an ACL role to read groups and write their member attribute. Assign to user A on the whole tree.
1. Create an ACL role to allow read/edition on some user fields (not all) & their groups/roles membership. This is the setting I currently have :
`0:user/userRoles;cmdrw#groupsMembership;rw#rolesMembership;rw,user/user;#cn;w#sn;rw#givenName;rw#description;rw#jpegPhoto;rw#l;rw#st;rw#postalAddress;rw#telephoneNumber;rw#mobile;rw#pager;rw#facsimileTelephoneNumber;rw#uid;r#preferredLanguage;rw#displayName;r#homePostalAddress;rw#homePhone;rw#title;rw#o;r#ou;rw#departmentNumber;rw#employeeNumber;rw#employeeType;rw#manager;rw#userLock;r`
1. Assign this ACL role to user A on a branch containing user B
1. Log in as user A and edit one of the allowed fields on user B: it works.
1. Still as user A, add a group to user B : when applying change, an error message appear : "You have no permission to modify the field "groupsMembership" of object "uid=userb,ou=users,..."
=> groupsMembership read/write doesn't seem to work properly when there are write restrictions on other user fields.
As a work around, if I manually add a new attribute "gosaAclTemplate" to the ACL role in OpenLDAP with value `1:user/user;#groupsMembership;rw`, after the one set through web interface, then the user B groups can be edited successfully by user A. But this value cannot be set through FD web interface, and will be lost if someone edit this entry through FD, since #groupMembership are set in user/userRoles block, not user/user.
**Expected behavior:**
User A should be able to edit group membership when granted the right within user/userRoles settings.
**Actual behavior:**
User A cannot edit group membership of user B even though the write of the groupsMembership attribute has been granted on user/userRoles.
**Reproduces how often:**
100%. Tried many combinaisons for user/userRoles with same results.FusionDirectory 1.3.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/5958LSC R&D2022-02-21T21:29:08ZbmortierLSC R&D## Test how LSC can be used for account synchronization from and towards FD
A few plugins like :
* renater-partage
* sinaps
an future
* lucca (renater)
* zimbra (telecom)
* xivo
* bluemind
are used for account synchronization.
E...## Test how LSC can be used for account synchronization from and towards FD
A few plugins like :
* renater-partage
* sinaps
an future
* lucca (renater)
* zimbra (telecom)
* xivo
* bluemind
are used for account synchronization.
Even more synchronizations features are asked from us in the future, Samba4, SeaFile, …
We would like to do that from LSC instead of FD since FD is only supposed to talk to the LDAP and LSC is the right tool for synchronization.
### Actual behavior
Plugins hit APIs upon events in FD, or custom endpoints/scripts are used to sync users.
### Expected behavior
LSC should handle all the sync.
FD could be used to trigger LSC sync upon user save if needed.
FD could be used to edit LSC configuration if we write some code for this.
FD could be used through its API by LSC to create/update accounts.
### Benefits
<!-- optional -->
<!-- What benefits will be realized by the code change? -->
Synchronization done right, without making FD slow or buggy, with complex conflict resolution features if needed.
### Possible Drawbacks
<!-- optional -->
<!-- What are the possible side-effects or negative impacts of the code change? -->
* LSC needs its own setup/configuration
* LSC config is written in XML (no GUI for this as of now)
* LSC is in Java
### Applicable Issues
<!-- optional -->
<!-- Enter any applicable Issues here -->https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/5732Listing objects should check ACL on attributes2018-03-21T14:09:16ZbmortierListing objects should check ACL on attributes### Description
<!-- Required -->
<!-- Description of the issue -->
When using objects::ls ACL can be checked by sending a parameter but it only does basic acl check, it does not check asked attributes are allowed (this is done in webse...### Description
<!-- Required -->
<!-- Description of the issue -->
When using objects::ls ACL can be checked by sending a parameter but it only does basic acl check, it does not check asked attributes are allowed (this is done in webservice since fd-plugins#5704 but should be moved to objects::)
Also all attributes are allowed in the filter which can lead to information leak as well
### FusionDirectory Version
<!-- Required -->
1.3
### Steps to Reproduce
<!-- Required -->
1. Use objects::ls through code or webservice
2. You can see more info than you should
**Expected behavior:**
<!-- What you expect to happen-->
ACL should be respected for returned attributes and filter
**Actual behavior:**
<!-- What actually happens -->
Too much information is available
### Additional Information
<!-- optional -->
<!-- Any additional information, configuration or data that might be necessary to reproduce the issue. -->
We should somehow still allow the use of attributes which are not in the ACL system when the caller has all rights on the given objectType. Operational attributes are also a complicated case.FusionDirectory 1.2.1bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/5262Support for 2-factor auth2021-01-31T14:55:36ZbmortierSupport for 2-factor authSupport for 2-factor auth when logging in through the HTTP GUI.Support for 2-factor auth when logging in through the HTTP GUI.FusionDirectory 1.4bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/5843Security: Insecure Generation of Random Tokens2020-06-23T15:48:44ZbmortierSecurity: Insecure Generation of Random Tokens### Description
The random tokens for CSRF protection and password reset are generated by the method `standAlonePage::generateRandomHash()`. This method uses the insecure function `mt_rand()`. The output of this function is predictable ...### Description
The random tokens for CSRF protection and password reset are generated by the method `standAlonePage::generateRandomHash()`. This method uses the insecure function `mt_rand()`. The output of this function is predictable and therefore not suitable for security purposes.
Instead of the insecure functions, [`random_bytes()`](http://id1.php.net/random_bytes), [`random_int()`](http://pl1.php.net/random_int) or the [implementation for older PHP versions](https://github.com/paragonie/random_compat) should be used.
### Code Locations
* https://gitlab.fusiondirectory.org/fusiondirectory/fd/blob/1.2.1-fixes/html/class_passwordRecovery.inc#L233
* https://gitlab.fusiondirectory.org/fusiondirectory/fd/blob/1.3-dev/html/class_passwordRecovery.inc#L234
* https://gitlab.fusiondirectory.org/fusiondirectory/fd/blob/1.4-dev/html/class_passwordRecovery.inc#L233
### Distribution Name and Version
Found by source code analysis.
### FusionDirectory Version
Identified in all current development and master branch.
### PHP version used
Found by source code analysis.
### Origin of php packages
Found by source code analysis.
### Steps to Reproduce
The vulnerability was discovered by code analysis but not implemented specific for FusionDirectory. Generally, an attacker can predict the tokens when he gathers few tokens or calculates random tokens from known seeds. See [this page](http://phpsecurity.readthedocs.io/en/latest/Insufficient-Entropy-For-Random-Values.html) for details. There's also [a tool](https://github.com/GeorgeArgyros/Snowflake) for exploitation of such issues.
**Actual behavior:**
Predictable tokens are generated for security purposes.
**Reproduces how often:**
100%
### Additional Information
* https://stackoverflow.com/questions/17362402/why-is-phps-mt-rand-not-cryptographically-secure
* https://softwareengineering.stackexchange.com/questions/76229/predicting-the-output-of-phps-randFusionDirectory 1.2.2bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/316test with FreeIPA directory2017-12-08T18:00:59Zbmortiertest with FreeIPA directoryTest with freeIPA http://www.freeipa.org
Tutorial with integration schema , user ....
*(from redmine: issue id 316, created on 2011-06-24, closed on 2014-11-21)*Test with freeIPA http://www.freeipa.org
Tutorial with integration schema , user ....
*(from redmine: issue id 316, created on 2011-06-24, closed on 2014-11-21)*https://gitlab.fusiondirectory.org/fusiondirectory/fd/-/issues/276test with FreeIPA directory2017-12-08T16:52:21Zbmortiertest with FreeIPA directoryTest with freeIPA http://www.freeipa.org
Tutorial with integration schema , user ....
Test with freeIPA http://www.freeipa.org
Tutorial with integration schema , user ....
https://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/6110Webservice behavior is dependent of tab order in JSON2021-06-08T12:32:30ZsfrogerWebservice behavior is dependent of tab order in JSONHi!
### Description
Using the rest API (https://rest-api.fusiondirectory.info), I cannot create a group with mail address, I get this error [{"message":"This tab does not exists: \"mailGroup\"","line":469,"file":"/usr/share/fusiondirec...Hi!
### Description
Using the rest API (https://rest-api.fusiondirectory.info), I cannot create a group with mail address, I get this error [{"message":"This tab does not exists: \"mailGroup\"","line":469,"file":"/usr/share/fusiondirectory/include/webservice/class_fdRPCService.inc"}]
Mail address can only be added to group on update, never during creation. I've noticed it only happens when the mailGroup tab is placed before the ogroup tab in the posted data (group creation succeeds if the mailGroup is placed after the ogroup).
I don't have this error when adding a user with a mail address when the mailAccount tab is placed before the user tab in the posted data.
Also, I've noticed something strange: setting a mail to a group during update only works if the group contains at least one valid member: having a 'fake' member value such as "cn=empty" (that is set by refint overlay or for synchronization purpose), mail cannot be set using an update request (still the tab does not exists error), and in the UI, the mail tab is not displayed at all, while it's usually greyed.
### Distribution Name and Version
Centos 7
### FusionDirectory Version
Fusion directory 1.4-dev
### PHP version used
PHP 7.4.16
### Steps to Reproduce
(replace base and member to match existing base/user)
```
curl -X POST -H "Session-Token: $FD_TOKEN" https://fd.poc-sync.wsweet.cloud/rest.php/v1/objects/OGROUP -d '{"attrs":{"mailGroup":{"mail":"test-group@wsweet.local"},"ogroup":{"cn":"test-group","base":"o=poc-sync,dc=wsweet,dc=cloud","description":"Liste de diffusion","member":["uid=someone,ou=users,o=poc-sync,dc=wsweet,dc=cloud"]}}}'
[{"message":"This tab does not exists: \"mailGroup\"","line":469,"file":"/usr/share/fusiondirectory/include/webservice/class_fdRPCService.inc"}]
```
**Expected behavior:**
Should work like it does for user creation :
(replace base to match existing base)
```
curl -X POST -H "Session-Token: $FD_TOKEN" https://fd.poc-sync.wsweet.cloud/rest.php/v1/objects/USER -d '{"attrs":{"mailAccount":{"mail":"test-user@wsweet.local"},"user":{"uid":"test-user","givenName":"test","sn":"user","base":"o=poc-sync,dc=wsweet,dc=cloud"}}}'
"uid=test-user,ou=users,o=poc-sync,dc=wsweet,dc=cloud"
```
### Additional Information
I'm testing/using a FD LSC plugin.FusionDirectory 1.4Côme ChillietCôme Chilliethttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/5860DHCP there is no sorting in dropdown about DHCP subnets.2019-07-08T13:04:36ZPrethorianDHCP there is no sorting in dropdown about DHCP subnets.### Description
I am using DHCP plugin and I have several DHCP servers (in several departments) and each of them have several subnets.
Now when I want to assign some DHCP subnet to server in DHCP tab I am seeing not sorted items (see pi...### Description
I am using DHCP plugin and I have several DHCP servers (in several departments) and each of them have several subnets.
Now when I want to assign some DHCP subnet to server in DHCP tab I am seeing not sorted items (see picture): ![Screen_Shot_2018-08-28_at_12.28.11_PM](/uploads/64e2049943795c093133a301cbce1730/Screen_Shot_2018-08-28_at_12.28.11_PM.png)
### Distribution Name and Version
Ubuntu server 16.04
### FusionDirectory Version
1.2.1
### Plugin with the defect
DHCP
### PHP version used
7.0
### Origin of php packages
Distribution package
**Expected behavior:**
At first this should show sorted items, or better not to show items from not matched department.
For example I have host in Dep1 and dhcp servers in Dep1 Dep2 and Dep3. When I add new host to Dep1 then in this dropdown list should not be shown DHCP entries with DHCP subnets which belongs to other departments (Dep2 and Dep3).FusionDirectory 1.4Jonathan SwaelensJonathan Swaelenshttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/5399Add an option to allow several zone nodes for the same DNS zone2023-03-13T15:57:17ZCôme ChillietAdd an option to allow several zone nodes for the same DNS zoneThis will allow to have several files for the same DNS zone but to include them in different DNS views.This will allow to have several files for the same DNS zone but to include them in different DNS views.FusionDirectory 1.4bmortierbmortierhttps://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues/3632DHCP sorting hosts by name or IP or HWaddr2019-07-02T10:36:27ZPrethorianDHCP sorting hosts by name or IP or HWaddrIt would be nice to be able to configure sorting of hosts in subnet by name or IP or HWaddr. When I want to add some new host, I need to see available next IP address so some sorting will be nice (or even next free IP suggestion from def...It would be nice to be able to configure sorting of hosts in subnet by name or IP or HWaddr. When I want to add some new host, I need to see available next IP address so some sorting will be nice (or even next free IP suggestion from defined subnet should be nice too.FusionDirectory 1.4Jonathan SwaelensJonathan Swaelenshttps://gitlab.fusiondirectory.org/fusiondirectory/fusiondirectory-orchestrator/-/issues/41[Orchestrator] MAIL_SEC="<ssl/tls"> error typo in the orchestrator configuration2024-03-26T11:49:11Zdockx thibault[Orchestrator] MAIL_SEC="<ssl/tls"> error typo in the orchestrator configuration[Orchestrator] MAIL_SEC="<ssl/tls"> error typo in the orchestrator configuration.
" should be fixed to not throw error in case mail is left untouched.[Orchestrator] MAIL_SEC="<ssl/tls"> error typo in the orchestrator configuration.
" should be fixed to not throw error in case mail is left untouched.FusionDirectory 1.5dockx thibaultdockx thibaulthttps://gitlab.fusiondirectory.org/fusiondirectory/fusiondirectory-orchestrator/-/issues/36[Orchestrator] - Adapt CI to integrate new FD-Integrator libraries2024-03-14T13:03:05Zdockx thibault[Orchestrator] - Adapt CI to integrate new FD-Integrator libraries[Orchestrator] - Adapt CI to integrate new FD-Integrator libraries[Orchestrator] - Adapt CI to integrate new FD-Integrator librariesdockx thibaultdockx thibaulthttps://gitlab.fusiondirectory.org/fusiondirectory/user-manual/-/issues/247[Orchestrator] - Adapt CI to integrate new FD-Integrator libraries2024-03-14T10:08:33Zdockx thibault[Orchestrator] - Adapt CI to integrate new FD-Integrator libraries[Orchestrator] - Adapt CI to integrate new FD-Integrator libraries[Orchestrator] - Adapt CI to integrate new FD-Integrator librariesdockx thibaultdockx thibaulthttps://gitlab.fusiondirectory.org/fusiondirectory/fusiondirectory-tools/-/issues/58[Tools] - import the new fusiondirectory-orchestrator-client within tools2024-03-14T13:04:03Zdockx thibault[Tools] - import the new fusiondirectory-orchestrator-client within tools[Tools] - import the new fusiondirectory-orchestrator-client within tools[Tools] - import the new fusiondirectory-orchestrator-client within toolsdockx thibaultdockx thibaulthttps://gitlab.fusiondirectory.org/fusiondirectory/fusiondirectory-orchestrator/-/issues/35[Orchestrator] - Moving Rest library out to FD-integrator.2024-03-14T13:02:46Zdockx thibault[Orchestrator] - Moving Rest library out to FD-integrator.[Orchestrator] - Moving Rest library out to FD-integrator.
autoload will require the following line :
`require '/usr/share/php/FusionDirectory/autoloader.php';`
renaming the binary to fusiondirectory-orchestrator-client and move it to...[Orchestrator] - Moving Rest library out to FD-integrator.
autoload will require the following line :
`require '/usr/share/php/FusionDirectory/autoloader.php';`
renaming the binary to fusiondirectory-orchestrator-client and move it to Tools repository.dockx thibaultdockx thibault