[om-infra] sso - custom username support is working now

Jean-Claude Vanier jclvanier at gmail.com
Fri Jan 22 10:34:44 EST 2016


On one hand, even if manager has a dns set, a non logged user
attempting to open it is redirected to auth and a logged user without
admin permission get a frightening black page.
On the other hand, manager will be seldom used, so a simple record in
one's /etc/host can be enough.
I have no strong opinion on this matter.

2016-01-22 15:27 GMT+01:00 Robert Xu <robxu9 at gmail.com>:
> Careful - we don't want anyone accessing the manager; only those who are
> proxied into Jasper or Ruby.
>
> On 22 Jan 2016 07:23, "Raphaël Jadot" <rj at hodo.fr> wrote:
>>
>> Gandi (cloudflare in fact) is badly configured then :)
>>
>> --
>> Sent from Yandex.Mail for mobile
>>
>> 22.01.2016, 12:58, "Jean-Claude Vanier" <jclvanier at gmail.com>:
>>
>>
>> I'm not sure to understand everything:
>> Gandi shows that auth points to 212.83.163.187 (jade) but if I ping to
>> auth, the answer comes from 212.129.32.94 (jasper).
>> If I make manager pointing to jasper, in my /etc/host, lemonldap
>> displays correctly.
>>
>> 2016-01-22 12:38 GMT+01:00 Jean-Claude Vanier <jclvanier at gmail.com>:
>>
>>  Ah, I forgot you told me that yesterday.
>>  Actually, manager points to jade ... at least this morning.
>>
>>  2016-01-22 12:21 GMT+01:00 Raphaël Jadot <rj at hodo.fr>:
>>
>>  Yesterday it was ok but i had to make manager.op… point to jasper ip
>>
>>  --
>>  Sent from Yandex.Mail for mobile
>>
>>  22.01.2016, 10:53, "Jean-Claude Vanier" <jclvanier at gmail.com>:
>>
>>
>>  Big thanks Raphaël.
>>  Anyone experiences this: manager gives a blank page ?
>>
>>  2016-01-21 21:59 GMT+01:00 Raphaël Jadot <rj at hodo.fr>:
>>
>>
>>
>> https://secure.waynesallee.com/openmandriva/infrawiki/index.php?title=Ruby#Step_for_adding_password_encrypting_policy
>>
>>   I had to create a password for cn=admin,cn=config
>>
>>
>> https://secure.waynesallee.com/openmandriva/infrawiki/index.php?title=Ruby#Admin_users_and_password
>>
>>   20.01.2016, 19:53, "Robert Xu" <robxu9 at gmail.com>:
>>
>>   Actually, I see it now - it's default. Great! All the passwords are
>>   being hashed.
>>
>>   Raphael, you may want to change your password so that it gets hashed.
>>   Other than that, I believe we should start hooking up systems!
>>
>>   On 20 January 2016 at 12:41, Robert Xu <robxu9 at gmail.com> wrote:
>>
>>    Is it default? i.e. all password changes will be automatically hashed?
>>
>>    On 20 Jan 2016 7:25 a.m., "Jean-Claude Vanier" <jclvanier at gmail.com>
>>  wrote:
>>
>>    ppolicy is installed and active. It is possible to encypt the password
>>    using phpldap admin.
>>    See "uid=jvanier,ou=People,dc=openmandriva,dc=org" and export this
>> entry.
>>
>>    2016-01-19 19:44 GMT+01:00 Robert Xu <robxu9 at gmail.com>:
>>    >
>>    > On 19 Jan 2016 13:19, "Anurag Bhandari" <ab at anuragbhandari.com>
>> wrote:
>>    >>
>>    >>
>>    >> On 19-Jan-2016 1:26 pm, "Robert Xu" <robxu9 at gmail.com> wrote:
>>    >> >
>>    >> > Okay, so it's a good thing I caught this - LDAP is storing
>> passwords
>>    >> > in clear text. That is unacceptable.
>>    >>
>>    >> Whoops! That's outrageous. Totally unacceptable.
>>    >>
>>    >> >
>>    >> > Can someone figure out a way to make LDAP store them hashed? We
>>    >> > cannot
>>    >> > proceed with passwords in clear text.
>>    >>
>>    >> I can check into this. Where's the data store for LDAP? Also, did
>> you
>>    >> check if there's a setting in lemonldap to enable encrypted
>> passwords.
>>    >> At
>>    >> any rate, such a setting should be default.
>>    >
>>    > In Ruby. There's no setting in LemonLDAP, so we probably forgot to
>>    > enable
>>    > some sort of setting in LDAP itself - ppolicy maybe?
>>    >
>>    >
>>    > _______________________________________________
>>    > OM-Infra mailing list
>>    > OM-Infra at ml.openmandriva.org
>>    >
>> http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org
>>    >
>>
>>    _______________________________________________
>>    OM-Infra mailing list
>>    OM-Infra at ml.openmandriva.org
>>
>> http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org
>>
>>
>>   --
>>   cheers, Robert :: github.com/robxu9
>>
>>   _______________________________________________
>>   OM-Infra mailing list
>>   OM-Infra at ml.openmandriva.org
>>   http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org
>>
>>
>>   Raphaël Jadot
>>
>>   _______________________________________________
>>   OM-Infra mailing list
>>   OM-Infra at ml.openmandriva.org
>>   http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org
>>
>>
>>
>>  _______________________________________________
>>  OM-Infra mailing list
>>  OM-Infra at ml.openmandriva.org
>>  http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org
>>
>>
>>  _______________________________________________
>>  OM-Infra mailing list
>>  OM-Infra at ml.openmandriva.org
>>  http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org
>>
>>
>>
>> _______________________________________________
>> OM-Infra mailing list
>> OM-Infra at ml.openmandriva.org
>> http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org
>>
>>
>> _______________________________________________
>> OM-Infra mailing list
>> OM-Infra at ml.openmandriva.org
>> http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org
>>
>
> _______________________________________________
> OM-Infra mailing list
> OM-Infra at ml.openmandriva.org
> http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org
>



More information about the OM-Infra mailing list