@Fernando-Gietz found it!
Latest posts made by antonionardella
-
RE: LDAP plugin - apache2/error.log - password in plaintext
@Fernando-Gietz Hello, I am terribly sorry I could not replicate the error and apache already rotated the logs.
Let’s close this issue, I will open it again if I am able to replicate it.Cheers,
Antonio -
LDAP plugin - apache2/error.log - password in plaintext
Hello,
I set up the LDAP plugin.
During some tests I discovered that failed logins are logged in /var/log/apache2/error.log with the password in plaintext, this does not feel as a secure setup.Cheers,
Antonio -
Add hosts to group via different inventory attributes
Hello,
is there a possibility to add hosts to a group using e.g. a part of the System Product model number from the inventory fields?
Let’s say for example that I have Debian 9 installed and a bug with USB-3 and the 4.9 Linux kernel has been discovered and now I have to upgrade only specific PCs/ or notebook models with USB-3 to the 4.19 Linux backports kernel.
I would:
- capture a new image
- create a new group for the PCs/notebooks that need the USB-3 update
- add PCs/notebooks based on their model to the group
- set a task to deploy the new image to this group
How and where could I do this in FOG?
Thanks,
Antonio -
RE: LDAP Plugin with openLDAP
Hello @Fernando-Gietz,
thanks for the awesome help and support, it works now as needed.
Is there something I should be aware or edit in our openLDAP implementation to make the plugin work correctly without editing the /var/www/[html/]fog/lib/plugin/ldap/class/ldap.class.php file?
Ciao,
Antonio -
RE: LDAP Plugin with openLDAP
Hi @Fernando-Gietz, I am terribly sorry, but making everyone an admin does not look like an option.
It’s less about the web UI access, but more about restricting users (see students) from deploying random images to the systems and breaking things or activating licenses of pre-imaged software.What if the group would be called dsp, is it in no way possibile to limit the access only to this group here?
What is the issue exactly?Thank you for your time.
Ciao,
Antonio -
RE: LDAP Plugin with openLDAP
Hello,
I tried with Search Base DN set to:
- dsptest
- ou=dsptest
- ou=dsptest,dc=example,dc=com
- ou=dsp
- ou=dsp,dc=example,dc=com
with no luck:
[Fri Apr 05 10:10:09.017746 2019] [proxy_fcgi:error] [pid 9652] [client ::1:51122] AH01071: Got error 'PHP message: PHP Warning: ldap_search(): Search: Invalid DN syntax in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: PHP Warning: ldap_count_entries() expects parameter 2 to be resource, boolean given in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest)); Result: \nPHP message: Plugin LDAP::authLDAP() Search results returned false. Search DN: dsptest; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest))\n', referer: http://localhost/fog/management/index.php [Fri Apr 05 10:45:05.644639 2019] [proxy_fcgi:error] [pid 9707] [client ::1:59212] AH01071: Got error 'PHP message: PHP Warning: ldap_search(): Search: No such object in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: PHP Warning: ldap_count_entries() expects parameter 2 to be resource, boolean given in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest)); Result: \nPHP message: Plugin LDAP::authLDAP() Search results returned false. Search DN: ou=dsptest,dc=example,dc=com; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest))\n', referer: http://localhost/fog/management/index.php [Fri Apr 05 10:45:10.428643 2019] [proxy_fcgi:error] [pid 9681] [client ::1:59270] AH01071: Got error 'PHP message: PHP Warning: ldap_search(): Search: No such object in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: PHP Warning: ldap_count_entries() expects parameter 2 to be resource, boolean given in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest)); Result: \nPHP message: Plugin LDAP::authLDAP() Search results returned false. Search DN: ou=dsptest,dc=example,dc=com; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest))\n', referer: http://localhost/fog/management/index.php?node=home [Fri Apr 05 10:46:43.542053 2019] [proxy_fcgi:error] [pid 9652] [client ::1:59972] AH01071: Got error 'PHP message: PHP Warning: ldap_search(): Search: No such object in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: PHP Warning: ldap_count_entries() expects parameter 2 to be resource, boolean given in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest)); Result: \nPHP message: Plugin LDAP::authLDAP() Search results returned false. Search DN: ou=dsptest; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest))\n', referer: http://localhost/fog/management/index.php [Fri Apr 05 10:47:32.359197 2019] [proxy_fcgi:error] [pid 9650] [client ::1:60348] AH01071: Got error 'PHP message: PHP Warning: ldap_search(): Search: No such object in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: PHP Warning: ldap_count_entries() expects parameter 2 to be resource, boolean given in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest)); Result: \nPHP message: Plugin LDAP::authLDAP() Search results returned false. Search DN: ou=dsp; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest))\n', referer: http://localhost/fog/management/index.php [Fri Apr 05 10:48:28.842830 2019] [proxy_fcgi:error] [pid 9648] [client ::1:60670] AH01071: Got error 'PHP message: PHP Warning: ldap_search(): Search: No such object in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: PHP Warning: ldap_count_entries() expects parameter 2 to be resource, boolean given in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest)); Result: \nPHP message: Plugin LDAP::authLDAP() Search results returned false. Search DN: ou=dsp,dc=example,dc=com; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest))\n', referer: http://localhost/fog/management/index.php
Cheers,
Antonio -
RE: LDAP Plugin with openLDAP
Hello @Fernando-Gietz it works using that code!
-
RE: LDAP Plugin with openLDAP
Hi @Fernando-Gietz,
here the output:
It’s not working because the filter only works with this query:
(&(|(name=dsp))(memberuid=dsptest));
without ,ou=Users,dc=example,dc=com
as shown here:
@antonionardella said in LDAP Plugin with openLDAP:
@Fernando-Gietz and @george1421
Hello and thank you for your answers, thing is that the filter is putting
(&(|(name=dsp))(memberuid=uid=dsptest,ou=Users,dc=example,dc=com));
while it should be without =uid and ,ou=Users,dc=example,dc=com like so:
(&(|(name=dsp))(memberuid=dsptest));
Then I get an output with ldapsearch (see image)
I tried to look at the two functions authLDAP() and _getAccessLevel() but I miss enough understanding of PHP to find the extra =uid and ,ou=Users,dc=example,dc=com
Cheers,
Antonio