• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login
    1. Home
    2. antonionardella
    A
    • Profile
    • Following 0
    • Followers 0
    • Topics 3
    • Posts 14
    • Best 0
    • Controversial 0
    • Groups 0

    antonionardella

    @antonionardella

    0
    Reputation
    16
    Profile views
    14
    Posts
    0
    Followers
    0
    Following
    Joined Last Online

    antonionardella Unfollow Follow

    Latest posts made by antonionardella

    • RE: LDAP plugin - apache2/error.log - password in plaintext

      @Fernando-Gietz found it!

      openldap.png

      posted in General
      A
      antonionardella
    • RE: LDAP plugin - apache2/error.log - password in plaintext

      @Fernando-Gietz Hello, I am terribly sorry I could not replicate the error and apache already rotated the logs.
      Let’s close this issue, I will open it again if I am able to replicate it.

      Cheers,
      Antonio

      posted in General
      A
      antonionardella
    • LDAP plugin - apache2/error.log - password in plaintext

      Hello,

      I set up the LDAP plugin.
      During some tests I discovered that failed logins are logged in /var/log/apache2/error.log with the password in plaintext, this does not feel as a secure setup.

      Cheers,
      Antonio

      posted in General
      A
      antonionardella
    • Add hosts to group via different inventory attributes

      Hello,

      is there a possibility to add hosts to a group using e.g. a part of the System Product model number from the inventory fields?

      Let’s say for example that I have Debian 9 installed and a bug with USB-3 and the 4.9 Linux kernel has been discovered and now I have to upgrade only specific PCs/ or notebook models with USB-3 to the 4.19 Linux backports kernel.

      I would:

      • capture a new image
      • create a new group for the PCs/notebooks that need the USB-3 update
      • add PCs/notebooks based on their model to the group
      • set a task to deploy the new image to this group

      How and where could I do this in FOG?

      Thanks,
      Antonio

      posted in FOG Problems
      A
      antonionardella
    • RE: LDAP Plugin with openLDAP

      Hello @Fernando-Gietz,

      thanks for the awesome help and support, it works now as needed.

      Is there something I should be aware or edit in our openLDAP implementation to make the plugin work correctly without editing the /var/www/[html/]fog/lib/plugin/ldap/class/ldap.class.php file?

      Ciao,
      Antonio

      posted in General Problems
      A
      antonionardella
    • RE: LDAP Plugin with openLDAP

      Hi @Fernando-Gietz, I am terribly sorry, but making everyone an admin does not look like an option.
      It’s less about the web UI access, but more about restricting users (see students) from deploying random images to the systems and breaking things or activating licenses of pre-imaged software.

      What if the group would be called dsp, is it in no way possibile to limit the access only to this group here?
      What is the issue exactly?

      Thank you for your time.

      Ciao,
      Antonio

      posted in General Problems
      A
      antonionardella
    • RE: LDAP Plugin with openLDAP

      Hello,

      I tried with Search Base DN set to:

      • dsptest
      • ou=dsptest
      • ou=dsptest,dc=example,dc=com
      • ou=dsp
      • ou=dsp,dc=example,dc=com

      with no luck:

      [Fri Apr 05 10:10:09.017746 2019] [proxy_fcgi:error] [pid 9652] [client ::1:51122] AH01071: Got error 'PHP message: PHP Warning:  ldap_search(): Search: Invalid DN syntax in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: PHP Warning:  ldap_count_entries() expects parameter 2 to be resource, boolean given in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest)); Result: \nPHP message: Plugin LDAP::authLDAP() Search results returned false. Search DN: dsptest; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest))\n', referer: http://localhost/fog/management/index.php
      [Fri Apr 05 10:45:05.644639 2019] [proxy_fcgi:error] [pid 9707] [client ::1:59212] AH01071: Got error 'PHP message: PHP Warning:  ldap_search(): Search: No such object in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: PHP Warning:  ldap_count_entries() expects parameter 2 to be resource, boolean given in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest)); Result: \nPHP message: Plugin LDAP::authLDAP() Search results returned false. Search DN: ou=dsptest,dc=example,dc=com; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest))\n', referer: http://localhost/fog/management/index.php
      [Fri Apr 05 10:45:10.428643 2019] [proxy_fcgi:error] [pid 9681] [client ::1:59270] AH01071: Got error 'PHP message: PHP Warning:  ldap_search(): Search: No such object in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: PHP Warning:  ldap_count_entries() expects parameter 2 to be resource, boolean given in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest)); Result: \nPHP message: Plugin LDAP::authLDAP() Search results returned false. Search DN: ou=dsptest,dc=example,dc=com; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest))\n', referer: http://localhost/fog/management/index.php?node=home
      [Fri Apr 05 10:46:43.542053 2019] [proxy_fcgi:error] [pid 9652] [client ::1:59972] AH01071: Got error 'PHP message: PHP Warning:  ldap_search(): Search: No such object in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: PHP Warning:  ldap_count_entries() expects parameter 2 to be resource, boolean given in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest)); Result: \nPHP message: Plugin LDAP::authLDAP() Search results returned false. Search DN: ou=dsptest; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest))\n', referer: http://localhost/fog/management/index.php
      [Fri Apr 05 10:47:32.359197 2019] [proxy_fcgi:error] [pid 9650] [client ::1:60348] AH01071: Got error 'PHP message: PHP Warning:  ldap_search(): Search: No such object in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: PHP Warning:  ldap_count_entries() expects parameter 2 to be resource, boolean given in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest)); Result: \nPHP message: Plugin LDAP::authLDAP() Search results returned false. Search DN: ou=dsp; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest))\n', referer: http://localhost/fog/management/index.php
      [Fri Apr 05 10:48:28.842830 2019] [proxy_fcgi:error] [pid 9648] [client ::1:60670] AH01071: Got error 'PHP message: PHP Warning:  ldap_search(): Search: No such object in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: PHP Warning:  ldap_count_entries() expects parameter 2 to be resource, boolean given in /var/www/html/fog/lib/plugins/ldap/class/ldap.class.php on line 124\nPHP message: Plugin LDAP::_result(). Search Method: search; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest)); Result: \nPHP message: Plugin LDAP::authLDAP() Search results returned false. Search DN: ou=dsp,dc=example,dc=com; Filter: (&(|(objectcategory=person)(objectclass=person))(cn=dsptest))\n', referer: http://localhost/fog/management/index.php
      

      Cheers,
      Antonio

      posted in General Problems
      A
      antonionardella
    • RE: LDAP Plugin with openLDAP

      Hello @Fernando-Gietz it works using that code!

      posted in General Problems
      A
      antonionardella
    • RE: LDAP Plugin with openLDAP

      Hi @Fernando-Gietz,

      here the output:
      debug.png

      It’s not working because the filter only works with this query:

      (&(|(name=dsp))(memberuid=dsptest));

      without ,ou=Users,dc=example,dc=com

      as shown here:

      @antonionardella said in LDAP Plugin with openLDAP:

      @Fernando-Gietz and @george1421

      Hello and thank you for your answers, thing is that the filter is putting

      (&(|(name=dsp))(memberuid=uid=dsptest,ou=Users,dc=example,dc=com));
      

      while it should be without =uid and ,ou=Users,dc=example,dc=com like so:

      (&(|(name=dsp))(memberuid=dsptest));
      

      Then I get an output with ldapsearch (see image)
      openldap_filter.png

      I tried to look at the two functions authLDAP() and _getAccessLevel() but I miss enough understanding of PHP to find the extra =uid and ,ou=Users,dc=example,dc=com

      Cheers,
      Antonio

      posted in General Problems
      A
      antonionardella
    • RE: LDAP Plugin with openLDAP

      @Fernando-Gietz here the result:
      debug.png

      posted in General Problems
      A
      antonionardella