openSUSE Project Management Tool: Issueshttps://progress.opensuse.org/https://progress.opensuse.org/themes/openSUSE/favicon/favicon.ico?15829177842020-06-01T13:56:40ZopenSUSE Project Management Tool
Redmine invisAD-setup - action #67543 (Workable): Upgrade Test from invis-Server 14.1 to 14.3 (14.2 wird ...https://progress.opensuse.org/issues/675432020-06-01T13:56:40Zflaccostefan@invis-server.org
<p>Test an direct upgrade from invis-server 14.1 based on Leap 15.1 to invis-Server 14.3 based on Leap 15.3</p>
<p>It is necessary to do the distribution upgrade step by step: 15.1 -> 15.2 -> 15.3</p>
<p><del>Before release of 14.2 we should do an upgrade test from 14.1 to 14.2 based on leap 15.1.</del></p>
<p><del>14.2 should be just a feature and bugfix release, but to be compatible with the upcoming leap 15.2 we had to build new samba and sssd packages which are much newer than the distribution packages. Installing the invisAD-setup-14 (14.2) package forces an upgrade of sssd and samba. This means a release without a upgrade test is dangerous.</del></p>
<p><del>Perhaps we should ship 14.2 as an intermediate package on the way to invis-server 15.0 just like 13.5 was.</del></p>
invisAD-setup - action #67486 (Closed): Test invisAD-setup-14 (14.2) with openSUSE Leap 15.2https://progress.opensuse.org/issues/674862020-05-30T20:40:22Zflaccostefan@invis-server.org
<p>openSUSE Leap 15.2 is nearly ready. There is a release candidate available.</p>
<p>We should test the new 14.2 invis-server setup on leap 15.2.</p>
<p>It should be possible to install an invis-server 14.2 on both maintained openSUSE leap versions</p>
invisAD-setup - action #67480 (Closed): VPN Clients shoudn't show warnings during connection esta...https://progress.opensuse.org/issues/674802020-05-30T12:53:16Zflaccostefan@invis-server.org
<p>The warnings:</p>
<p>Sat May 30 14:07:20 2020 WARNING: No server certificate verification method has been enabled. See <a href="http://openvpn.net/howto.html#mitm" class="external">http://openvpn.net/howto.html#mitm</a> for more info.<br>
Sat May 30 14:07:24 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this</p>
invisAD-setup - action #67057 (Closed): We should remove the ssh portforwarding from our firewall...https://progress.opensuse.org/issues/670572020-05-20T06:29:41Zflaccostefan@invis-server.org
<p>Our Rule causes a problem with outgoing ssh connections on port 22. With our rule it's no longer possible to reach ssh-servers outside the local network via port 22.</p>
<p>Instead of a portforwarding it's possible to configure sshd to listen on two different ports. We should leave port 22 open and add our higher port additionally. In our firewall setup we should open both ports for the internal zones and just the high port in the external zone. </p>
invisAD-setup - action #63634 (New): We should publish a list with the expiry dates of all VPN cl...https://progress.opensuse.org/issues/636342020-02-20T07:36:54Zflaccostefan@invis-server.org
<p>The VPN client certs we create have a 24 month time to live. Actually the users have no information about this, the don't know when there clients certs epxire. More than once this caused problems in practice.</p>
invisAD-setup - action #63631 (Closed): We should publish the CRL expiration date via invis portalhttps://progress.opensuse.org/issues/636312020-02-20T07:32:14Zflaccostefan@invis-server.org
<p>Our CRL (Certification Revocation List) expires 6 month after creation. We should publish this date via invis-Portal.</p>
invisAD-setup - action #36019 (Rejected): We should think about the integration of kopanos libre-...https://progress.opensuse.org/issues/360192018-05-09T06:52:03Zflaccostefan@invis-server.org
<p>Sharing Documents is an essential part of modern working.... </p>
invisAD-setup - action #36003 (Resolved): Switch to dehydrated package from distributionhttps://progress.opensuse.org/issues/360032018-05-08T12:17:56Zflaccostefan@invis-server.org
<p>The let's encrypt client dehydrated is now part of the opensuse leap 15 standard repos. We should switch to this package, instead of building our own package.</p>
invisAD-setup - action #35943 (Closed): Switch from networkmanager back to wickeddhttps://progress.opensuse.org/issues/359432018-05-06T10:42:15Zflaccostefan@invis-server.org
<p>It seems that even inside es minimal server setup of opensuse leap 15 the network-management is done with networkmanager. We should switch back to wickedd. This could be done inside our netsetup-Script.</p>
invisAD-setup - action #33736 (Closed): Renewing the Kopano configuration fileshttps://progress.opensuse.org/issues/337362018-03-23T15:10:44Zflaccostefan@invis-server.org
<p>This should be done in two steps.</p>
<p>First step is to put our individual settings of the existing files to the new example files of Kopano 8.5.x</p>
<p>This step includes Ticket <a class="issue tracker-4 status-5 priority-4 priority-default closed" title="action: PFS Setup for Kopano (Closed)" href="https://progress.opensuse.org/issues/27094">#27094</a>.</p>
<p>Second step is to switch to the new kopano LDAP schema and then create a new ldap.cfg. With kopano 8.5.x the ldap.cfg is splitted in two parts. Part one is in /etc/kopano. Inside this file the second part (/usr/share/kopano/ldap.active-directory.cfg) is included.</p>
<p>...and we have to think about how to migrate from the old zarafa-schema to the new kopano-schema.</p>
invisAD-setup - action #29909 (Closed): Upgrade to PHP7https://progress.opensuse.org/issues/299092018-01-02T09:29:18Zflaccostefan@invis-server.org
<p>We have to upgrade the invis-server to php7. The now used Version 5.5. is out of maintenance and newer openSUSE Versions possibly ship only php7.</p>
<p>I think that the most wepapps we have included in invis-server still support php7. Biggest problem could be the invis-portal.</p>
invisAD-setup - action #25802 (Closed): Switch to firewalldhttps://progress.opensuse.org/issues/258022017-10-05T17:36:44Zflaccostefan@invis-server.org
<p>The upcoming openSUSE leap 15 replaces the traditional SuSEfirewall2 with the firewalld system. Therefor we have to migrate our fw-settings from SuSEfirewall2 to firewalld. SuSEfirewall2 is not completely replaced, but we decided to switch firewalld. The migration script susefirewall2-to-firewalld will help to migrate.</p>
invis-server - action #24736 (Closed): Repositories are brokenhttps://progress.opensuse.org/issues/247362017-09-07T10:06:51Zflaccostefan@invis-server.org
<p>If I do a zypper ref on invis-servers I get the following answer from zypper:</p>
<p>Metadaten von Repository 'Common packages for invis-Server stable & unstable (openSUSE_42.2)' abrufen --------------------------------------[/]<br>
Datei './repodata/a710cf170ceff2acfcccc3bc4919f44d06ce7246231c684c587dced0ed348855-primary.xml.gz' auf Medium '<a href="http://download.opensuse.org/repositories/spins:/invis:/common/openSUSE_Leap_42.2/" class="external">http://download.opensuse.org/repositories/spins:/invis:/common/openSUSE_Leap_42.2/</a>' nicht gefunden</p>
<p>Abbrechen, wiederholen, ignorieren? <a href="a" class="external">a/w/i/...? zeigt alle Optionen</a>:</p>
<p>This happens with all our repos. </p>
invisAD-setup - action #23792 (Closed): Showing invis-Server and openSUSE version numbers in invi...https://progress.opensuse.org/issues/237922017-08-30T18:45:29Zflaccostefan@invis-server.org
<p>We should extend the invis-portal status site, to let her show the version numbers of invis-server and openSUSE.</p>
invisAD-setup - action #23758 (Closed): Using directory templates for groupshares, create groups ...https://progress.opensuse.org/issues/237582017-08-29T09:52:56Zflaccostefan@invis-server.org
<p>If we add a new group via invis-portal on an invis-server, the server automatically creates a working-directory for this group. Only the groupmembers can access and use it.</p>
<a name="First-feature"></a>
<h2 >First feature<a href="#First-feature" class="wiki-anchor">¶</a></h2>
<p>It would be a nice addon, if we could select a directory-template from collection of templates, for creating the new workingdirectory for a new group.</p>
<p>invis-portal launches a shell-script called "creategroupshare". I added the possibility to use template-dirs to this script before. For using this feature it's only neccessary to give it the path to the templatedir as a position parameter:</p>
<p>creategroupshare /path/to/templatedir</p>
<p>To use this feature we have to add the template-dir selection to invis-portal. The selection should be a dropdown list.</p>
<a name="Second-feature"></a>
<h2 >Second feature<a href="#Second-feature" class="wiki-anchor">¶</a></h2>
<p>It should be possible to create groups without a share/directory. We will add a checkbox to the group creation dialog to disable the share creation. Default is enabled. We integrated this option in the dropdown list. The list contains "Leeres Verzeichnis" (default), "Kein Verzeichnis" and then the template directories, if there are any.</p>
<a name="Third-feature"></a>
<h2 >Third feature<a href="#Third-feature" class="wiki-anchor">¶</a></h2>
<p>The template directory needs acls. We will create a group "diradmins" with sine2. Only members of this group should be able to create, delete or modify the template directories.</p>