openSUSE Project Management Tool: Issueshttps://progress.opensuse.org/https://progress.opensuse.org/themes/openSUSE/favicon/favicon.ico?15829177842020-12-15T19:52:27ZopenSUSE Project Management Tool
Redmine invisAD-setup - action #81078 (Closed): Aktualisieren unseres Dehydrated-Setupshttps://progress.opensuse.org/issues/810782020-12-15T19:52:27Zflaccostefan@invis-server.org
<p>Die Konfiguration von Dehydrated sollte um die Direktive "cleanup" ergänzt werden. Das sorgt dafür, dass alte Zertifikate automatisch gelöscht werden.</p>
<p>Um dies umzusetzen müssen unter /etc/dehydrated vom Benutzer dehydrated angelegt werden können. Aufgrund inkorrekter Besitzrechte im derzeitigen Setup klappt das nicht, was Folgefehler nach sich zieht.</p>
<p>Es scheint auch so, dass keine "domain.txt" Datei angelegt wird. Dies sollte während des invis-Server Setups automatisch geschehen.</p>
<p>Das Toolbox-Script "actdehydrated" verwendet noch das Kommando "ifconfig", welches nicht mehr im openSUSE Standard-Setup enthalten ist. Das Script muss auf das Kommando "ip" umgestellt werden.</p>
invisAD-setup - action #51869 (Closed): Build new own Samba-packageshttps://progress.opensuse.org/issues/518692019-05-22T16:22:30Zflaccostefan@invis-server.org
<p>Caused by problems with the MIT-Kerberos implementation and it's "experimental" state, we must build again own Samba-packages with Heimdal-Kerberos and switch our setup back to these own packages.</p>
invisAD-setup - action #47072 (Closed): Check our DHCP-LDAP Schemahttps://progress.opensuse.org/issues/470722019-02-03T10:47:39Zflaccostefan@invis-server.org
<p>During an Upgrade from Samba 4.6 to 4.7 with MIT Kerberos, it is necessary to run "samba-tool dbcheck --cross-ncs --fix".</p>
<p>dbcheck throws some errors related to our dhcpd-LDAP Schema. We have to check this.</p>
<p>Errors:</p>
<hr>
<p>ERROR: Normalisation error for attribute mayContain in CN=iscDhcpClass,CN=Schema,CN=Configuration,DC=140-net,DC=loc<br>
value 'iscDhcpSubClassesDN' should be 'iscDhcpSubclassesDN'<br>
Not fixing attribute mayContain<br>
ERROR: Duplicate values for attribute 'mayContain' in 'CN=iscDhcpClass,CN=Schema,CN=Configuration,DC=140-net,DC=loc'<br>
Values contain a duplicate: [iscDhcpSubClassesDN,iscDhcpOptionsDN,iscDhcpStatements,iscDhcpComments,iscDhcpOption]/[iscDhcpSubClassesDN]!<br>
Not fixing attribute 'mayContain'<br>
ERROR: Not fixing missing 'name' on 'CN=iscDhcpClass,CN=Schema,CN=Configuration,DC=140-net,DC=loc'<br>
ERROR: Normalisation error for attribute mustContain in CN=iscDhcpFailOverPeer,CN=Schema,CN=Configuration,DC=140-net,DC=loc<br>
value 'iscDhcpFailoverPrimaryPort' should be 'iscDhcpFailOverPrimaryPort'<br>
Not fixing attribute mustContain<br>
ERROR: Duplicate values for attribute 'mustContain' in 'CN=iscDhcpFailOverPeer,CN=Schema,CN=Configuration,DC=140-net,DC=loc'<br>
Values contain a duplicate: [cn,iscDhcpFailOverPrimaryServer,iscDhcpFailOverSecondaryServer,iscDhcpFailoverPrimaryPort,iscDhcpFailOverSecondaryPort]/[iscDhcpFailOverPrimaryServer,iscDhcpFailoverPrimaryPort,cn,iscDhcpFailOverSecondaryServer]!<br>
Not fixing attribute 'mustContain'<br>
ERROR: Not fixing missing 'name' on 'CN=iscDhcpFailOverPeer,CN=Schema,CN=Configuration,DC=140-net,DC=loc'<br>
ERROR: incorrect DN SID component for member in object CN=Domain Users,CN=Users,DC=140-net,DC=loc - ;;;;;;;;CN=<a href="mailto:postmaster@140-net.loc">postmaster@140-net.loc</a>,CN=Users,DC=140-net,DC=loc<br>
Not fixing SID component mismatch</p>
<hr>
invis-sub-setup - action #46718 (In Progress): Create a setup-script for invis-sub-serverhttps://progress.opensuse.org/issues/467182019-01-26T15:49:46Zflaccostefan@invis-server.org
<p>Major steps to realize with this Script:</p>
<ol>
<li>Establish an openVPN connection to the main invis-server</li>
<li>Join the Domain as a "Read Only Domain Controller" (RODC)</li>
<li>Setup sssd</li>
<li>Setup local samba shares</li>
<li>realize (owncloud based) data synchronization between sub and main-server</li>
</ol>
<p>Some of these steps are already realized inside the joininvis-script from the invisAD-client package.</p>
<p>Joining the domain as a rodc (<a href="https://de.wikipedia.org/wiki/Read_Only_Domain_Controller" class="external">https://de.wikipedia.org/wiki/Read_Only_Domain_Controller</a>) instead of a simple member server seems to be the better way. In a productive environment at one of our custumers I tried to realize a subsidiary server as a simple member-server. Nearly every time the vpn-connection caused by a not very stable internet-connection, I had to rejoin the domain with the sub-server to give the sub-users access to their local samba-shares. </p>
invisAD-setup - action #46121 (Rejected): CalDAV to CalDAV synchronization (Server to Server)https://progress.opensuse.org/issues/461212019-01-14T19:25:31Zflaccostefan@invis-server.org
<p>We should evaluate if it is possible to integrate a CalDAV to CalDAV synchronization tool into the invis-Server.</p>
<p>Background: With Kopano or other groupware systems we have a CalDAV Server inside invis-Server. A lot of our (FSP) customers use additional business-software systems which also ships calendar and scheduling components inside. Some of them are CalDAV servers.</p>
<p>For our customers it's difficult to decide which system they should use. Having the possibility to synchronize these systems could be a cool and extremely useful feature.</p>
invisAD-setup - action #43424 (In Progress): Add the functionality to create kopano-ressources to...https://progress.opensuse.org/issues/434242018-11-06T10:03:48Zflaccostefan@invis-server.org
<p>Kopano resources are shared store users with additional attributes "zarafaResourceType" and "zarafaResourceCapacity". Possible values are an integer number for the capacity and "equipment" or "room" for the type. Only resources of type "equipment" can be extended with a capacity value. It means that a resource exists X times.</p>
invisAD-setup - action #43313 (Closed): Create an upgrade path from samba 4.6 to 4.7 with MIT ker...https://progress.opensuse.org/issues/433132018-11-03T12:40:58Zflaccostefan@invis-server.org
<p>We have to do upgrade tests with our heimdal based samba 4.6 setups to samba 4.7 with MT kerberos</p>
invisAD-setup - action #39161 (Closed): Build a new invisAD-setup Version 13.5https://progress.opensuse.org/issues/391612018-08-05T10:29:18Zflaccostefan@invis-server.org
<p>13.5 is a kind of intermediate version to prepare an upgrade to upcoming leap15 based Versions.</p>
<ul>
<li>This Version uses PHP7 and corNAz is already integrated in our invis-Portal.</li>
<li>It should support PHP7 based Kopano 8.6 packages and ownCloud 10.</li>
</ul>
invis-sub-setup - action #38303 (In Progress): Create a rpm package with basic directories, confi...https://progress.opensuse.org/issues/383032018-07-07T07:49:01Zflaccostefan@invis-server.org
<p>We have to create a first rpm package for the invis-Sub-Server which contains the basic directories, config files and dependencies. The package should be the base for the further development of the invis subsidiary server.</p>
<p>Known dependencies are:</p>
<p>openvpn<br>
krb5-client<br>
samba<br>
owncloud-client</p>
invisAD-setup - action #36108 (Resolved): Connect kimai to ADhttps://progress.opensuse.org/issues/361082018-05-12T12:23:35Zflaccostefan@invis-server.org
<p>sine2 should prepare the connection of kimai to the activedirectory</p>
invisAD-client - action #31636 (In Progress): bringing invis-client package to opensuse factoryhttps://progress.opensuse.org/issues/316362018-02-10T17:01:11Zflaccostefan@invis-server.org
<p>In github (<a href="https://github.com/invisserver/invisAD-client" class="external">https://github.com/invisserver/invisAD-client</a>) I startet a very small invis-client project. It's goal is to add opensuse Linux workstations to an invis-server AD domain. Using this tool is a litlle bit complicated because it has to be cloned from github before using it.</p>
<p>We should bring this as a rpm package into opensuse-factory to make it easy for opensuse clients to join an invis-server domain.</p>
<p>Steps:</p>
<ol>
<li>build a package in spins:invis:testing</li>
<li>request to add it to factory</li>
</ol>
invisAD-setup - action #29886 (Closed): Building all keypairs inside the sine2 sysprep modulehttps://progress.opensuse.org/issues/298862017-12-30T11:42:58Zflaccostefan@invis-server.org
<p>All keys and certs should be build during the run of the sysprep modul, because builing keys needs user interaction which interrupts the sine2 run.</p>
invisAD-setup - action #25532 (Closed): Combine z-push and owncloud vHostshttps://progress.opensuse.org/issues/255322017-09-23T15:40:15Zflaccostefan@invis-server.org
<p>A lot of possible recipients of an owncloud share-link are behind of a proxy server. The most proxy servers block the access to ports different from the standard http(s) ports 80 and 443.</p>
invisAD-setup - action #23746 (Closed): Adding sudoers rules to active directory.https://progress.opensuse.org/issues/237462017-08-29T08:02:07Zflaccostefan@invis-server.org
<p>Like described in an "Linux Administrator Magazin" article we should add support for providing sudo rules to active directory.</p>
<p>Info: <a href="http://jhrozek.livejournal.com/3860.html" class="external">http://jhrozek.livejournal.com/3860.html</a></p>
invis-backup - action #23672 (Rejected): add encryption to invis-rdbu https://progress.opensuse.org/issues/236722017-08-26T11:28:04Zflaccostefan@invis-server.org
<p>We should extend our own backup-solution invis-rdbu to support encrypted harddisks or volumes.</p>
<p>invis-rdbu can use external eSATA or USB Disks as backup targets. These targes should be encrypted for security reasons.</p>
<p>I think that it's not necessary to encrypt the backup target in case if the target is a backup-server.</p>