<p dir="ltr">I forget how lemonldap determines who is an admin and who isn't..</p>
<div class="gmail_quote">On 22 Jan 2016 10:35, "Jean-Claude Vanier" <<a href="mailto:jclvanier@gmail.com">jclvanier@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On one hand, even if manager has a dns set, a non logged user<br>
attempting to open it is redirected to auth and a logged user without<br>
admin permission get a frightening black page.<br>
On the other hand, manager will be seldom used, so a simple record in<br>
one's /etc/host can be enough.<br>
I have no strong opinion on this matter.<br>
<br>
2016-01-22 15:27 GMT+01:00 Robert Xu <<a href="mailto:robxu9@gmail.com">robxu9@gmail.com</a>>:<br>
> Careful - we don't want anyone accessing the manager; only those who are<br>
> proxied into Jasper or Ruby.<br>
><br>
> On 22 Jan 2016 07:23, "Raphaël Jadot" <<a href="mailto:rj@hodo.fr">rj@hodo.fr</a>> wrote:<br>
>><br>
>> Gandi (cloudflare in fact) is badly configured then :)<br>
>><br>
>> --<br>
>> Sent from Yandex.Mail for mobile<br>
>><br>
>> 22.01.2016, 12:58, "Jean-Claude Vanier" <<a href="mailto:jclvanier@gmail.com">jclvanier@gmail.com</a>>:<br>
>><br>
>><br>
>> I'm not sure to understand everything:<br>
>> Gandi shows that auth points to 212.83.163.187 (jade) but if I ping to<br>
>> auth, the answer comes from 212.129.32.94 (jasper).<br>
>> If I make manager pointing to jasper, in my /etc/host, lemonldap<br>
>> displays correctly.<br>
>><br>
>> 2016-01-22 12:38 GMT+01:00 Jean-Claude Vanier <<a href="mailto:jclvanier@gmail.com">jclvanier@gmail.com</a>>:<br>
>><br>
>> Ah, I forgot you told me that yesterday.<br>
>> Actually, manager points to jade ... at least this morning.<br>
>><br>
>> 2016-01-22 12:21 GMT+01:00 Raphaël Jadot <<a href="mailto:rj@hodo.fr">rj@hodo.fr</a>>:<br>
>><br>
>> Yesterday it was ok but i had to make manager.op… point to jasper ip<br>
>><br>
>> --<br>
>> Sent from Yandex.Mail for mobile<br>
>><br>
>> 22.01.2016, 10:53, "Jean-Claude Vanier" <<a href="mailto:jclvanier@gmail.com">jclvanier@gmail.com</a>>:<br>
>><br>
>><br>
>> Big thanks Raphaël.<br>
>> Anyone experiences this: manager gives a blank page ?<br>
>><br>
>> 2016-01-21 21:59 GMT+01:00 Raphaël Jadot <<a href="mailto:rj@hodo.fr">rj@hodo.fr</a>>:<br>
>><br>
>><br>
>><br>
>> <a href="https://secure.waynesallee.com/openmandriva/infrawiki/index.php?title=Ruby#Step_for_adding_password_encrypting_policy" rel="noreferrer" target="_blank">https://secure.waynesallee.com/openmandriva/infrawiki/index.php?title=Ruby#Step_for_adding_password_encrypting_policy</a><br>
>><br>
>> I had to create a password for cn=admin,cn=config<br>
>><br>
>><br>
>> <a href="https://secure.waynesallee.com/openmandriva/infrawiki/index.php?title=Ruby#Admin_users_and_password" rel="noreferrer" target="_blank">https://secure.waynesallee.com/openmandriva/infrawiki/index.php?title=Ruby#Admin_users_and_password</a><br>
>><br>
>> 20.01.2016, 19:53, "Robert Xu" <<a href="mailto:robxu9@gmail.com">robxu9@gmail.com</a>>:<br>
>><br>
>> Actually, I see it now - it's default. Great! All the passwords are<br>
>> being hashed.<br>
>><br>
>> Raphael, you may want to change your password so that it gets hashed.<br>
>> Other than that, I believe we should start hooking up systems!<br>
>><br>
>> On 20 January 2016 at 12:41, Robert Xu <<a href="mailto:robxu9@gmail.com">robxu9@gmail.com</a>> wrote:<br>
>><br>
>> Is it default? i.e. all password changes will be automatically hashed?<br>
>><br>
>> On 20 Jan 2016 7:25 a.m., "Jean-Claude Vanier" <<a href="mailto:jclvanier@gmail.com">jclvanier@gmail.com</a>><br>
>> wrote:<br>
>><br>
>> ppolicy is installed and active. It is possible to encypt the password<br>
>> using phpldap admin.<br>
>> See "uid=jvanier,ou=People,dc=openmandriva,dc=org" and export this<br>
>> entry.<br>
>><br>
>> 2016-01-19 19:44 GMT+01:00 Robert Xu <<a href="mailto:robxu9@gmail.com">robxu9@gmail.com</a>>:<br>
>> ><br>
>> > On 19 Jan 2016 13:19, "Anurag Bhandari" <<a href="mailto:ab@anuragbhandari.com">ab@anuragbhandari.com</a>><br>
>> wrote:<br>
>> >><br>
>> >><br>
>> >> On 19-Jan-2016 1:26 pm, "Robert Xu" <<a href="mailto:robxu9@gmail.com">robxu9@gmail.com</a>> wrote:<br>
>> >> ><br>
>> >> > Okay, so it's a good thing I caught this - LDAP is storing<br>
>> passwords<br>
>> >> > in clear text. That is unacceptable.<br>
>> >><br>
>> >> Whoops! That's outrageous. Totally unacceptable.<br>
>> >><br>
>> >> ><br>
>> >> > Can someone figure out a way to make LDAP store them hashed? We<br>
>> >> > cannot<br>
>> >> > proceed with passwords in clear text.<br>
>> >><br>
>> >> I can check into this. Where's the data store for LDAP? Also, did<br>
>> you<br>
>> >> check if there's a setting in lemonldap to enable encrypted<br>
>> passwords.<br>
>> >> At<br>
>> >> any rate, such a setting should be default.<br>
>> ><br>
>> > In Ruby. There's no setting in LemonLDAP, so we probably forgot to<br>
>> > enable<br>
>> > some sort of setting in LDAP itself - ppolicy maybe?<br>
>> ><br>
>> ><br>
>> > _______________________________________________<br>
>> > OM-Infra mailing list<br>
>> > <a href="mailto:OM-Infra@ml.openmandriva.org">OM-Infra@ml.openmandriva.org</a><br>
>> ><br>
>> <a href="http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org" rel="noreferrer" target="_blank">http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org</a><br>
>> ><br>
>><br>
>> _______________________________________________<br>
>> OM-Infra mailing list<br>
>> <a href="mailto:OM-Infra@ml.openmandriva.org">OM-Infra@ml.openmandriva.org</a><br>
>><br>
>> <a href="http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org" rel="noreferrer" target="_blank">http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org</a><br>
>><br>
>><br>
>> --<br>
>> cheers, Robert :: <a href="http://github.com/robxu9" rel="noreferrer" target="_blank">github.com/robxu9</a><br>
>><br>
>> _______________________________________________<br>
>> OM-Infra mailing list<br>
>> <a href="mailto:OM-Infra@ml.openmandriva.org">OM-Infra@ml.openmandriva.org</a><br>
>> <a href="http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org" rel="noreferrer" target="_blank">http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org</a><br>
>><br>
>><br>
>> Raphaël Jadot<br>
>><br>
>> _______________________________________________<br>
>> OM-Infra mailing list<br>
>> <a href="mailto:OM-Infra@ml.openmandriva.org">OM-Infra@ml.openmandriva.org</a><br>
>> <a href="http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org" rel="noreferrer" target="_blank">http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org</a><br>
>><br>
>><br>
>><br>
>> _______________________________________________<br>
>> OM-Infra mailing list<br>
>> <a href="mailto:OM-Infra@ml.openmandriva.org">OM-Infra@ml.openmandriva.org</a><br>
>> <a href="http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org" rel="noreferrer" target="_blank">http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org</a><br>
>><br>
>><br>
>> _______________________________________________<br>
>> OM-Infra mailing list<br>
>> <a href="mailto:OM-Infra@ml.openmandriva.org">OM-Infra@ml.openmandriva.org</a><br>
>> <a href="http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org" rel="noreferrer" target="_blank">http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org</a><br>
>><br>
>><br>
>><br>
>> _______________________________________________<br>
>> OM-Infra mailing list<br>
>> <a href="mailto:OM-Infra@ml.openmandriva.org">OM-Infra@ml.openmandriva.org</a><br>
>> <a href="http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org" rel="noreferrer" target="_blank">http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org</a><br>
>><br>
>><br>
>> _______________________________________________<br>
>> OM-Infra mailing list<br>
>> <a href="mailto:OM-Infra@ml.openmandriva.org">OM-Infra@ml.openmandriva.org</a><br>
>> <a href="http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org" rel="noreferrer" target="_blank">http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org</a><br>
>><br>
><br>
> _______________________________________________<br>
> OM-Infra mailing list<br>
> <a href="mailto:OM-Infra@ml.openmandriva.org">OM-Infra@ml.openmandriva.org</a><br>
> <a href="http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org" rel="noreferrer" target="_blank">http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org</a><br>
><br>
<br>
_______________________________________________<br>
OM-Infra mailing list<br>
<a href="mailto:OM-Infra@ml.openmandriva.org">OM-Infra@ml.openmandriva.org</a><br>
<a href="http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org" rel="noreferrer" target="_blank">http://ml.openmandriva.org/mailman/listinfo/om-infra_ml.openmandriva.org</a><br>
</blockquote></div>