Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
1
Installation and Upgrades / Re: [Solved] trying to connect Synology NAS to Zentyal
« on: September 19, 2013, 04:25:07 pm »
ok, the problem was DSM 3.1 ... i updated the Diskstation to 3.3 and now it works.. nevermind.
2
Installation and Upgrades / Re: [Solved] trying to connect Synology NAS to Zentyal
« on: September 19, 2013, 01:47:34 pm »
Hi, i was trying to follow your explanations across this and the synology forum but i coulndt really get the different infos together:
RECAP: The Problem is, that we can neither set Port 390 nor does the input mask accept Zentyals Bind DN Users, right?
What i understood from your solution: Install LDAP Server, start it up to create a dummy config, stop it again. Then login as root, go to /usr/syno/etc/ and edit nslcd.conf...
----
uri ldap://192.168.123.1:390
# The LDAP version to use (defaults to 3
# if supported by client library)
#ldap_version 3
# The distinguished name of the search base.
base dc=domain,dc=tld
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn cn=zentyalro,dc=domain,dc=tld
# The credentials to bind with.
# Optional: default is no credentials.
# Note that if you set a bindpw you should check the permissions of this file.
bindpw 12345678xyz
----
So if i apply this changes, the Diskstation still does not connect to Zentyal. What else did you change?
RECAP: The Problem is, that we can neither set Port 390 nor does the input mask accept Zentyals Bind DN Users, right?
What i understood from your solution: Install LDAP Server, start it up to create a dummy config, stop it again. Then login as root, go to /usr/syno/etc/ and edit nslcd.conf...
----
uri ldap://192.168.123.1:390
# The LDAP version to use (defaults to 3
# if supported by client library)
#ldap_version 3
# The distinguished name of the search base.
base dc=domain,dc=tld
# The distinguished name to bind to the server with.
# Optional: default is to bind anonymously.
binddn cn=zentyalro,dc=domain,dc=tld
# The credentials to bind with.
# Optional: default is no credentials.
# Note that if you set a bindpw you should check the permissions of this file.
bindpw 12345678xyz
----
So if i apply this changes, the Diskstation still does not connect to Zentyal. What else did you change?
3
Installation and Upgrades / Re: Owncloud 4.5, LDAP and Zentyal
« on: September 17, 2013, 05:23:42 pm »
Well, my "understanding" or rather "attempts to understand" come from Apache Directory Studio being connected to Zentyal LDAP on Port 390, so you are correct. I didnt know that there was a another ways to access Zentyals LDAP. On the other hand, it should also be possible to query for the Attribute i mentioned in my earlier post, no?
4
Installation and Upgrades / Re: Owncloud 4.5, LDAP and Zentyal
« on: September 17, 2013, 04:27:39 pm »
hmm ok, of course i referring to the Zentyal (v3) LDAP Schema.
Ok, so there is no memberOf but a "member" attribute in
OU=Groups, CN=OwncloudTeam, DC=domain, DC=tld
member consists of
uid=username, ou=Users, dc=Domain, dc=tld
what i cannot figure out is how to build a query to figure out if the login user uid is listed in the member attribute of the group...
all the examples i found for owncloud are for active directory or other ldap servers that have an memberOf attribute... which is not the case with zentyal.
Ok, so there is no memberOf but a "member" attribute in
OU=Groups, CN=OwncloudTeam, DC=domain, DC=tld
member consists of
uid=username, ou=Users, dc=Domain, dc=tld
what i cannot figure out is how to build a query to figure out if the login user uid is listed in the member attribute of the group...
all the examples i found for owncloud are for active directory or other ldap servers that have an memberOf attribute... which is not the case with zentyal.
5
Installation and Upgrades / Re: Owncloud 4.5, LDAP and Zentyal
« on: September 17, 2013, 01:49:17 pm »
i created a user "test" who is not member of any group.
i tried to create a filter as described here: https://confluence.atlassian.com/display/DEV/How+to+write+LDAP+search+filters
i tried a user login filter like this:
(&(uid=%uid)(memberOf=cn=owncloudTeam,ou=Groups,dc=domain,dc=tld)(memberOf=cn=owncloudAndere,ou=Groups,dc=domain,dc=tld))
still, user "test" can log in... what did i do wrong here?
cheers,
t.
i tried to create a filter as described here: https://confluence.atlassian.com/display/DEV/How+to+write+LDAP+search+filters
i tried a user login filter like this:
(&(uid=%uid)(memberOf=cn=owncloudTeam,ou=Groups,dc=domain,dc=tld)(memberOf=cn=owncloudAndere,ou=Groups,dc=domain,dc=tld))
still, user "test" can log in... what did i do wrong here?
cheers,
t.
6
Installation and Upgrades / Re: Owncloud 4.5, LDAP and Zentyal
« on: September 17, 2013, 10:10:38 am »
Hey sorry to dig out this old thread, but since the settings discussed here also work with OC5 i guess we can continue.
I applied the UserList Group Filter suggested in one of the last posts here and it works. When Sharing Stuff, only Users from a certain group appear in the autocomplete function.
What i am still missing now is that i only want to allow access to owncloud for users that are part of on specific group i.e. owncloud_users. What would be great also is different defaults for different groups.
i.e.
- users that are member of "owncloudTeam" group get 20GB of Quota
- users that are member of "owncloudOthers" group get 1GB of quota...
etc. is that possible? How would i filter the members of a certain groups to only be allowed to login?
cheers,
t.
I applied the UserList Group Filter suggested in one of the last posts here and it works. When Sharing Stuff, only Users from a certain group appear in the autocomplete function.
What i am still missing now is that i only want to allow access to owncloud for users that are part of on specific group i.e. owncloud_users. What would be great also is different defaults for different groups.
i.e.
- users that are member of "owncloudTeam" group get 20GB of Quota
- users that are member of "owncloudOthers" group get 1GB of quota...
etc. is that possible? How would i filter the members of a certain groups to only be allowed to login?
cheers,
t.
7
Installation and Upgrades / Zentyal 3 Postgres & other basic infrastructure
« on: March 24, 2013, 03:19:31 pm »
Hi People,
the documentation is kind of vague on the availablity of Postgres on Zentyal 3. It mentions that several Zentyal internal Databases are being switched to MySQL since 3.0 but i couldnt find infos if Postgres is installed by default or not.
Also i never really understood if Zentyal discourages installing additional (non Zentyal) Software on the same machine. I.E i prefer running NGinx as a reverse proxy, i want to have dokuwiki, etherpad, davical & agendav etc. It does not make sense for me to install another server for these little programs, neither does my server have the power to run several VM's... But when it comes to installing additional Software Zentyals Docs are rather vague. Would be nice to know by what i can run into conflicts etc. I.e. also i wanted to use VBoxManage - i thought VirtualBox is installed anyways, but VBoxManage was nowhere to be found. It is kind of trial and error then to install VirtualBox to have VBoxManage and find out if it might cause conflicts.
Similar for the Zentyal LDAP Schemata... If i run only one machine, if course it is nice to be able to authenticate against the Zentyal users i have set up anyways. The description is really kind of non existent when it comes to authentication against the Zentyal LDAP.
Anyway, so here my question for right now: Is Postgres part of Zentyal 3? If not, will i break anything by installing it? If yes, how is the MySQL configured, where is the configuration, whats the root user etc?
Or did i get anything wrong completely, what is the proposed procedure to run additinal software on a Zentyal Box, i.e. one that needs its own Database table?
cheers,
t.
the documentation is kind of vague on the availablity of Postgres on Zentyal 3. It mentions that several Zentyal internal Databases are being switched to MySQL since 3.0 but i couldnt find infos if Postgres is installed by default or not.
Also i never really understood if Zentyal discourages installing additional (non Zentyal) Software on the same machine. I.E i prefer running NGinx as a reverse proxy, i want to have dokuwiki, etherpad, davical & agendav etc. It does not make sense for me to install another server for these little programs, neither does my server have the power to run several VM's... But when it comes to installing additional Software Zentyals Docs are rather vague. Would be nice to know by what i can run into conflicts etc. I.e. also i wanted to use VBoxManage - i thought VirtualBox is installed anyways, but VBoxManage was nowhere to be found. It is kind of trial and error then to install VirtualBox to have VBoxManage and find out if it might cause conflicts.
Similar for the Zentyal LDAP Schemata... If i run only one machine, if course it is nice to be able to authenticate against the Zentyal users i have set up anyways. The description is really kind of non existent when it comes to authentication against the Zentyal LDAP.
Anyway, so here my question for right now: Is Postgres part of Zentyal 3? If not, will i break anything by installing it? If yes, how is the MySQL configured, where is the configuration, whats the root user etc?
Or did i get anything wrong completely, what is the proposed procedure to run additinal software on a Zentyal Box, i.e. one that needs its own Database table?
cheers,
t.
8
Installation and Upgrades / Just Another LDAP Question - DokuWiki
« on: February 28, 2013, 02:35:58 pm »
hi People,
in my quest to find a collaborative document editing solution with LDAP Auth, finally i seem to have found a great solution:
- Dokuwiki will act as the "Document Management"
- Dokuwiki has a working LDAP Authorization Backend
- There is a Etherpad-Lite Plugin for DokuWiki
- All that is served through a lightweight nginx with php5-fpm
The best thing is, it was quite easy to get LDAP running with Zentyal.
BUT, i cannot get one thing to work: I need some users to get the wiki's superuser rights, to install plugins etc.
I added the Users to a "wikiadmin" group in Zentyal. Dokuwiki's LDAP debug looks good, generally.
LDAP user search: Success [ldap.class.php:182]
LDAP search at: ou=Users, dc=xx, dc=yy (&(uid=user.name)(objectClass=posixAccount)) [ldap.class.php:183]
LDAP group search: Success [ldap.class.php:229]
LDAP search at: ou=Groups, dc=xx, dc=yy (&(objectClass=posixGroup)(|(gidNumber=1901)(memberUID=user.name))) [ldap.class.php:230]
LDAP usergroup: __USERS__ [ldap.class.php:242]
I dont understand why i always only get returned the "__USERS__" group instead of ALL groups a user is part of, including the "wikiadmin" group.
the auth-config of dokuwiki looks like this:
Any LDAP Buffs got a suggestion here?
Thanks,
t.
in my quest to find a collaborative document editing solution with LDAP Auth, finally i seem to have found a great solution:
- Dokuwiki will act as the "Document Management"
- Dokuwiki has a working LDAP Authorization Backend
- There is a Etherpad-Lite Plugin for DokuWiki
- All that is served through a lightweight nginx with php5-fpm
The best thing is, it was quite easy to get LDAP running with Zentyal.
BUT, i cannot get one thing to work: I need some users to get the wiki's superuser rights, to install plugins etc.
I added the Users to a "wikiadmin" group in Zentyal. Dokuwiki's LDAP debug looks good, generally.
LDAP user search: Success [ldap.class.php:182]
LDAP search at: ou=Users, dc=xx, dc=yy (&(uid=user.name)(objectClass=posixAccount)) [ldap.class.php:183]
LDAP group search: Success [ldap.class.php:229]
LDAP search at: ou=Groups, dc=xx, dc=yy (&(objectClass=posixGroup)(|(gidNumber=1901)(memberUID=user.name))) [ldap.class.php:230]
LDAP usergroup: __USERS__ [ldap.class.php:242]
I dont understand why i always only get returned the "__USERS__" group instead of ALL groups a user is part of, including the "wikiadmin" group.
the auth-config of dokuwiki looks like this:
Code: [Select]
<?php
/**
* Protected settings
* Do override DokuWiki default settings and local settings from Config Manager
*/
$conf['useacl'] = 1;
$conf['openregister']= 0;
$conf['superuser'] = '@wikiadmin';
$conf['authtype'] = 'ldap';
$conf['auth']['ldap']['server'] = 'localhost';
$conf['auth']['ldap']['port'] = 390;
#$conf['auth']['ldap']['server'] = 'ldap://localhost:390'; #instead of the above two settings
$conf['auth']['ldap']['usertree'] = 'ou=Users, dc=xx, dc=yy';
$conf['auth']['ldap']['grouptree'] = 'ou=Groups, dc=xx, dc=yy';
$conf['auth']['ldap']['userfilter'] = '(&(uid=%{user})(objectClass=posixAccount))';
$conf['auth']['ldap']['groupfilter'] = '(&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))';
# This is optional but may be required for your server:
$conf['auth']['ldap']['version'] = 3;
# This enables the use of the STARTTLS command
#$conf['auth']['ldap']['starttls'] = 1;
# This is optional and is required to be off when using Active Directory:
#$conf['auth']['ldap']['referrals'] = 0;
# Optional bind user and password if anonymous bind is not allowed (develonly)
$conf['auth']['ldap']['binddn'] = 'cn=zentyalro, dc=xx, dc=yy';
$conf['auth']['ldap']['bindpw'] = '**********';
# Mapping can be used to specify where the internal data is coming from.
#$conf['auth']['ldap']['mapping']['name'] = 'displayname'; # Name of attribute Active Directory stores it's pretty print user name.
#$conf['auth']['ldap']['mapping']['grps'] = array('memberof' => '/CN=(.+?),/i'); # Where groups are defined in Active Directory
# Limit search scope for user and group searches (sub|one|base)
#$conf['auth']['ldap']['userscope'] = 'sub';
#$conf['auth']['ldap']['groupscope'] = 'sub';
# Optional debugging
$conf['auth']['ldap']['debug'] = 1;Any LDAP Buffs got a suggestion here?
Thanks,
t.
9
Installation and Upgrades / Re: User changing their own password Captive Portal
« on: February 24, 2013, 04:50:01 pm »
Well, it might be an issue. So, different approach: i guess it would make more sense, that they apply for an account , entering their data on their own already granting them access to some webservices and then wait for an admin to approve this to be promoted to a zentyal account... Meaning there has to be a second authentication instance... i fear this exceeds my knowledge in LDAP / Programming in General...
10
Installation and Upgrades / Re: User changing their own password Captive Portal
« on: February 24, 2013, 04:18:11 pm »
Basically a minimal account would be an LDAP Entry, allowing access to some web-services, like Etherpad-Lite a DocuWiki etc. This could be extended to Webservices like Meeting Room Booking Service, Jabber Account, Captive Portal etc. Additionally, our NAS might use this authentication data as well.
In some cases, also it should be possible to promote this to Disk Space Quota etc. aka the "Full" Zentyal User Package... So i guess i will look into PHP / Ruby On Rails and do this via the API?
cheers, t.
In some cases, also it should be possible to promote this to Disk Space Quota etc. aka the "Full" Zentyal User Package... So i guess i will look into PHP / Ruby On Rails and do this via the API?
cheers, t.
11
Installation and Upgrades / Re: User changing their own password Captive Portal
« on: February 24, 2013, 03:28:08 pm »
No, for my use case ideally, the users would sign up themselves, creating an account & password but initially being only granted very basic rights, maybe reading a docuwiki & maybe etherpad or something. Then, as a second step i would want to grant them access to more services. But it would significantly reduce my work if they could sign up themselves...
12
Installation and Upgrades / Re: sshd password probing - what to do?
« on: February 24, 2013, 01:38:11 pm »
excellent, fail2ban was what i was looking for. I would not like to solely rely on VPN as a way to access my machine. if i mess up something with the firewall / routing, its too easy to lock yourself out.
thanks again, t.
btw. could it be that ssh root login is enable by default in zentyal? or did i change that some time? either way, i guess it shouldnt.
thanks again, t.
btw. could it be that ssh root login is enable by default in zentyal? or did i change that some time? either way, i guess it shouldnt.
13
Installation and Upgrades / Re: User changing their own password Captive Portal
« on: February 24, 2013, 01:21:24 pm »
Maybe a follow up question: Is it possible for users to sign up for a Zentyal account without the help of the admin?
I would like to grant them very basic rights on signup and then decide later what group-rights they could additionally have.
I would like to grant them very basic rights on signup and then decide later what group-rights they could additionally have.
14
Installation and Upgrades / Re: nginx with ldap module - authentication against zentyal ldap?
« on: February 24, 2013, 12:38:12 pm »
Hi,
thanks for that hints.
i found this article, http://www.allgoodbits.org/articles/view/21 which seems a good starting point to try more things. I cannot compile nginx-debug version though as the compilation of nginx with ldap already was kind of a hassle - i had to deinstall zentyal for it, caused by some irrelevant dependency (gd2-xpm-dev if i remember correctly).
anyway, adapting the methodoloy of that article, i tried this on my server:
ldapsearch -v -h localhost:390 -b 'DC=xx,DC=yy' -D 'cn=zentyalro, dc=xx, dc=yy' -x -W '(&(objectCategory=person)(objectClass=user) (sAMAccountName=myUserName))'
(i know the objects i am looking for don't exist on zentyal, that will be covered in my next question)
next thing ldap is asking for a password. so i guess this is supposed to be the zentyalro password from the WUI: Users & Groups / LDAP Settings? right?
what i get is this:
ldap_bind: Invalid credentials (49)
Any clues what i am doing wrong here?
And the next question, is there something in the documentation about the LDAP Scheme zentyal uses, of course i can install apache directory studio but i hoped for a commted documentation somewhere...
thanks,
t.
thanks for that hints.
i found this article, http://www.allgoodbits.org/articles/view/21 which seems a good starting point to try more things. I cannot compile nginx-debug version though as the compilation of nginx with ldap already was kind of a hassle - i had to deinstall zentyal for it, caused by some irrelevant dependency (gd2-xpm-dev if i remember correctly).
anyway, adapting the methodoloy of that article, i tried this on my server:
ldapsearch -v -h localhost:390 -b 'DC=xx,DC=yy' -D 'cn=zentyalro, dc=xx, dc=yy' -x -W '(&(objectCategory=person)(objectClass=user) (sAMAccountName=myUserName))'
(i know the objects i am looking for don't exist on zentyal, that will be covered in my next question)
next thing ldap is asking for a password. so i guess this is supposed to be the zentyalro password from the WUI: Users & Groups / LDAP Settings? right?
what i get is this:
ldap_bind: Invalid credentials (49)
Any clues what i am doing wrong here?
And the next question, is there something in the documentation about the LDAP Scheme zentyal uses, of course i can install apache directory studio but i hoped for a commted documentation somewhere...
thanks,
t.
15
Installation and Upgrades / Re: sshd password probing - what to do?
« on: February 23, 2013, 08:31:29 pm »
After i saw the log, i enabled the IDS. But in the IDS rules i did not see anything related to sshd, or did i miss something?
Pages: [1] 2