LDAP Plugin install

Kiweegie · Feb 13, 2020, 4:54 PM

@Tom-Elliott ok cool that makes sense ref the one UI being more responsive. If I check the UI on my phone (Samsung S10+ running Android 10) the UI is not as good as it could be. Not a criticism in any way but pointing it out. Its certainly usable but the display is a little “janky”

Same using Chrome (80.0.3987.87) or Firefox (68.5.0)

regards Tom

Tom Elliott · Feb 13, 2020, 4:58 PM

@Kiweegie We’re aware of that, and 1.5.x GUI was a step toward the right direction. If you want a much nicer GUI, you are more than welcome to test working-1.6.

Sebastian Roth · Feb 13, 2020, 6:42 PM

@Kiweegie Just be aware that working-1.6 is still under strong development and there is no easy way back to 1.5.x unless you have snapshots to go back to.

Kiweegie · Feb 14, 2020, 11:58 AM

@Sebastian-Roth @Tom-Elliott thanks both

We need the current live FOG install to JFDI at the moment so can’t play with the live environment but I’m putting together a virtual box lab to test version 1.6 with location plugin, LDAP etc.

Update once i get that up and running.

cheers Tom

stuhad · Feb 17, 2020, 1:23 AM

Thanks for the quick response guys, and sorry about the late reply.

Glad that I installed the correct php plugin, I’ve restarted the fog server a couple of times after installing as well.

Based on Kiweegie’s example I’ve changed the Search scope to Subtree and below, but unfortunately this doesn’t seem to have fixed the issue.

How does the LDAP plugin handle spaces in the DN search list? for example:
Search Base DN: ou=fog users,dc=company,dc=com,dc=au

Here’s our (edited for privacy) config for one of our DCs

LDAP connection name: dc1
LDAP Server Address: IP Address (is an IP ok?)
LDAP Server Port: 389
Use Group Matching: ticked
Search Base DN: ou=fog users,dc=company,dc=com,dc=au
Group Search DN: ou=fog users,dc=company,dc=com,dc=au
Admin group: cn=fog admins,ou=fog users,dc=company,dc=com,dc=au
Mobile group: cn=fog admins,ou=fog users,dc=company,dc=com,dc=au
User Name Attribute: sAMAccountName
Group Member Attribute: member
Search Scope: Subtree and below
Bind DN: cn=ldapadmin,ou=services,dc=company,dc=com,dc=au
Bind password: added in plaintext

stuhad · Feb 17, 2020, 1:45 AM

Sorry we are running Ubuntu 18.04.4 LTS

Under Fog Configuration > Fog Version Information it says we’re running the latest stable version: 1.5.7

But then it states under Kernel Versions:
DefaultMember Fog Version: (1.5.5)

and the bottom right hand corner of the GUI states: 1.5.5

Sebastian Roth · Feb 17, 2020, 6:42 AM

@stuhad said in LDAP Plugin install:

But then it states under Kernel Versions:
DefaultMember Fog Version: (1.5.5)
and the bottom right hand corner of the GUI states: 1.5.5

Seems like something went wrong with your install. Please run the following command and post output here:
ls -al /var/www; ls -al /var/www/html; ls -al /var/www/html/fog

Tom Elliott · Feb 17, 2020, 12:46 PM

@Sebastian-Roth I fixed the versioning issue. No update needed to see this.

There was a slight issue on the remote side code that checks the version information for us.

Sebastian Roth · Feb 17, 2020, 3:40 PM

@stuhad So are you on 1.5.5 or 1.5.7 now?

stuhad · Feb 17, 2020, 4:23 PM

Hey Sebastion,

I’m not certain if we are on 1.5.5 or 1.5.7, perhaps the upgrade failed? Is there any way I can tell definitively?

Here is the output you requested.

$ ls -al /var/www; ls -al /var/www/html; ls -al /var/www/html/fog
total 16
drwxr-xr-x  4 root     root     4096 Mar 14  2019 .
drwxr-xr-x 14 root     root     4096 Mar 14  2019 ..
drwxr-xr-x 10 www-data www-data 4096 Mar 14  2019 fog
drwxr-xr-x  2 root     root     4096 Mar 14  2019 html
total 20
drwxr-xr-x 2 root root  4096 Mar 14  2019 .
drwxr-xr-x 4 root root  4096 Mar 14  2019 ..
lrwxrwxrwx 1 root root    13 Mar 14  2019 fog -> /var/www/fog/
-rw-r--r-- 1 root root 10918 Mar 14  2019 index.html
lrwxrwxrwx 1 root root 13 Mar 14  2019 /var/www/html/fog -> /var/www/fog/

@Sebastian-Roth said in LDAP Plugin install:

ls -al /var/www; ls -al /var/www/html; ls -al /var/www/html/fo

Sebastian Roth · Feb 17, 2020, 10:50 PM

@stuhad The output looks fine from a technical point of view. Though I am wondering about the file change date of /var/www/fog/ as 1.5.7 came out after March 14th 2019. Please run the two commands

grep FOG_VERSION /var/www/html/fog/lib/fog/system.class.php
find /var/www -name "system.class.php"

and post output here.

stuhad · Feb 18, 2020, 3:53 AM

@Sebastian-Roth

$ grep FOG_VERSION /var/www/html/fog/lib/fog/system.class.php
        define('FOG_VERSION', '1.5.5');
$ find /var/www -name "system.class.php"
/var/www/fog/lib/fog/system.class.php

stuhad · Feb 18, 2020, 3:53 AM

OK sorry I’m not sure what changed but it seems like the GUI is now saying we are in fact not running 1.5.7 but actually 1.5.5, which at least makes sense as no one remembers upgrading Fog, and it matches the log output. Just not sure why it was reporting 1.5.7 before… perhaps a DNS issue?

The only change I can think of is I performed an apt install to install ldap-utils so I could troubleshoot if it was perhaps a network issue between our fog server and the domain controllers not sure why this would make any difference to what the GUI was reporting.

I’ve confirmed I can query the domain controllers using ldapsearch from the fog server without issue so it doesn’t appear to be a network problem. Unfortunately, ldap logins still aren’t working to the fog server.

Would you recommend I try actually upgrading to 1.5.7?

Cheers,

Sebastian Roth · Feb 18, 2020, 4:36 PM

@stuhad said in LDAP Plugin install:

OK sorry I’m not sure what changed but it seems like the GUI is now saying we are in fact not running 1.5.7 but actually 1.5.5,

Did you see Tom’s post? There seemed to be an issue in the version check script on our webserver which led to it saying you are “up to date” eventhough you are running the years old 1.5.5 version. Tom fixed it. You can always be sure the version number in the bottom right corner is the one you have.

Updating to a newer version might surely help. Though I can’t promise you this particular issue has been fixed between 1.5.5 and 1.5.7 I am sure people use the LDAP plugin with 1.5.7.

But you might want to wait a few more days because we are preparing the 1.5.8 release to come out soon.

Kiweegie · Feb 18, 2020, 2:58 PM

@stuhad

We are running on the dev version here 1.5.7.109 and can confirm that LDAP plugin works on this version.

Re your FOG install showing 1.55 but earlier not I think you’re seeing the issue that @Tom-Elliott referred to below and has fixed.

As to why the LDAP plugin is not working it will be down to something in the LDAP config I suspect rather than anything linked to the FOG version. I’ve had LDAP plugin working on both 1.55 and 1.57.

Do you have anything in the following log file at all in reference to LDAP users?

/var/log/apaches/error.log

Looking through your LDAP config and comments from previous post

LDAP connection name: dc1
(fine as long as each connection name is unique)
LDAP Server Address: IP Address (is an IP ok?)
IP address OK, thats what I’ve used
LDAP Server Port: 389
OK
Use Group Matching: ticked
OK
Search Base DN: ou=fog users,dc=company,dc=com,dc=au
I’ve set my search base here to the root of the domain so try just dc=company,dc=com,dc=au
Group Search DN: ou=fog users,dc=company,dc=com,dc=au
Should be fine - spaces in OU names also OK.
Admin group: cn=fog admins,ou=fog users,dc=company,dc=com,dc=au
Try just using the group name here “fog admins” don’t need the cn entry. Also try removing space. Should be ok but something to rule out
Mobile group: cn=fog admins,ou=fog users,dc=company,dc=com,dc=au
As above
User Name Attribute: sAMAccountName
OK
Group Member Attribute: member
OK
Search Scope: Subtree and below
OK
Bind DN: cn=ldapadmin,ou=services,dc=company,dc=com,dc=au
This user should have delegated rights to add and delete computer objects. If unsure try adding as member of Domain Admins group to test
Bind password: added in plaintext
OK

Ninja Edit: With the password remember to ensure no special characters!!

Give the above a whirl and let us know how you get on.

regards Tom

stuhad · Feb 19, 2020, 12:27 AM

@Sebastian-Roth said in LDAP Plugin install:

Did you see Tom’s post? There seemed to be an issue in the version check script on our webserver which led to it saying you are “up to date” eventhough you are running the years old 1.5.5 version. Tom fixed it. You can always be sure the version number in the bottom right corner is the one you have.

Hey sorry about the confusion I did see his comment, but clearly did not understand. It’s a huge relief that we aren’t dealing with a failed upgrade.

Thanks for all your help with this everyone, I have finally got the plugin working. As @Kiweegie suggested early on the password complexity seemed to be the issue. I had made sure there was no special characters in it, but I had made the password obscenely long. Changing it < 24 characters seems to have done the trick.

Apologies for all the confusion and thanks again for all the help.

LDAP Plugin install

239

12.0k

17.3k

155.2k