LDAP Plugins on FOG 1.5.0

Tom Elliott

@steuve68 What I’m saying is, while you’ve made a workaround, this is not a “normal” behaviour.

The idea of using email in any username dealing with AD logins just will not work, normally. I’m not saying you didn’t find a way to do it. When windows logs in, if you add the @<domain.com> it changes the domain it will be logging in to.

By allowing “email” login, as you’re doing it, could cause unexpected things to occur.

Tom Elliott

@nextechinc If you have any suggestions on how to fix, or where the problems are occurring, please let me know. I don’t have an AD server anymore, (though I could set one up), and am working on other things. While I’m sure I could get to fixing this, if you already noticed it, any help would be greatly appreciated.

Steuve68

We could possibly do a .sql script that removes AD users from the Users table, for example:

mysql> use fog;
mysql> delete from users where uType = '990' or uType = '991';

We could put it in a crontab and run it at regular intervals

It’s probably a little oldschool but it could work no?

Tom Elliott

@steuve68 we used to do that verything. On every login remove all ldap users. We removed that functionality to limit read / write cycles. While I understand this is a very simple method to get the same action you’re expecting, I think we can actually do it without removing the users. I just time to review.

Tom Elliott

@steuve68 and a cleaner SQL might be:

Delete from users where uType in ('990','991');

Steuve68

@tom-elliott yes thanks ! i’m not very very good in sql !

I can try to put this request to logout WEBUI pending a better solution…
In which file could I make this change for try ?

Thank you !

Tom Elliott

So I took a little time today to try to see what was happening. I’m happy to report, at least based on how I could test, that I believe I found a solution.

Please, if either of you could be so kind, install the working-1.5.1 branch of FOG? This should contain the fix for ldap users and authentication without having to delete the users from the database every iteration.

Steuve68

@tom-elliott Hello,

So, i have try to working 1-5-1
FOG 1.5.0.16

Globally it’s OK, it’s works fine !
When i deleted one user of the FOG_Admin group it cannot acces to WEBUI FOG ! (and not deleted to Users table in SQL)
When i change password of one AD users (into group FOG_Admin) it cannot acces to WEBUI with old password => Work fine with the new password

I have look 2 “problems” (not verify important but … it might be interesting)

1. The news LDAP Plugins don’t work with group nesting (a group into a group) per example:

if i add into FOG_Admin just another group (IT_Services per example) with IT services members, no members can acces to WEBUI FOG. If i add individualy user into FOG_Admin, it’s work !

2. If i delete one user into FOG_Admin, he can still log in just once. The second time he can not anymore. Synchronization is ok

Not really really bad but it could be points for improvement

in any case, A BIG THANK YOU

george1421

@steuve68 One other test you should check, is if the FOG Admin changes his/her password. Is that password change seen immediatly by the fog server? I’m only suggesting this based on your #2 point of the one shot after the admin has been removed.

Steuve68

@george1421 Yes, if i change password of one user into FOG_Admin, It change immediatly for connect to FOG WEBUI.