openSUSE Project Management Tool: Issueshttps://progress.opensuse.org/https://progress.opensuse.org/themes/openSUSE/favicon/favicon.ico?15829177842021-08-28T07:06:05ZopenSUSE Project Management Tool
Redmine invisAD-setup - action #97604 (Closed): Passwörter von Mail-Konten im ADhttps://progress.opensuse.org/issues/976042021-08-28T07:06:05Zflaccostefan@invis-server.org
<p>Wir speichern die Passwörter externer Mailkonten im Klartext im AD. Abgesehen davon, dass das grundsätzlich schon unsicher ist, ist es technisch gesehen auch extrem unschön.</p>
<p>Sind Sonderzeicheen und/oder Umlaute enthalten, kann das zu Problemen führen.</p>
<p>Fügt man ein neues Mailkonto mit dem neuen Toolbox-Script "addmailaccount" zum AD hinzu werden Passwörter die Umlaute enthalten automatisch nocht im Klartext, sondern Base64 kodiert im AD gespeichert. Das macht nicht mein Script, sondern das verwendete Tool "ldbadd" bzw. "ldbmodify". Beim Auslesen entsteht dann ein Problem, weil nicht klar ist, ob das PW im Klartext enthalten ist oder Base64-kodiert. Die automatische Erkennung macht die Anwendung eines komplexen regulären Ausdrucks erforderlich (was soweit ok ist).</p>
<p>Trotzdem stellt sich die Frage, ob wir die Passwörter nicht grundsätzlich Base64-kodiert speichern sollten? Das ist zwar noch kein Schutz, vergleichbar mit einer Verschlüsselung sondern maximal ein "Sichtschutz" abder das Handling der Passwörter in irgendwelchen Shellscripts ist wesentlich einfacher, da wir uns nicht mehr mit ekelhaften Sonderzeichern herum schlagen müssen.</p>
<p>Was denkt Ihr. Klartext oder Base64?</p>
<p>Bitte um Rückmeldung.</p>
invisAD-setup - action #81076 (In Progress): DHCP-Server Konfiguration im AD so vorbereiten, dass...https://progress.opensuse.org/issues/810762020-12-15T19:44:33Zflaccostefan@invis-server.org
<p>Dafür müssen die LDIF-Dateien für das Setup des Servers um zwei DHCP-Optionen erweitert werden:</p>
<p>rfc3442-classless-static-routes code 121 = array of integer 8<br>
ms-classless-static-routes code 249 = array of integer 8</p>
<p>Ergänzend sollte ein Shellscript für die invis-Toolbox geschrieben werden, welches die eigentlichen Routen dann in der Subnetz-Deklaration die eigentlichen Routen ergänzt.</p>
invisAD-setup - action #67540 (In Progress): Build Kimai 2.0 packagehttps://progress.opensuse.org/issues/675402020-06-01T13:42:23Zflaccostefan@invis-server.org
<p>invis-server ships Kimai Timetracking in Version 1.3.x. The Kimai projects releases kimai2 some time ago. Kimai2 is a complete new software.</p>
invisAD-setup - action #67156 (Closed): Add cc-mailadress for emergency mailshttps://progress.opensuse.org/issues/671562020-05-22T07:31:59Zflaccostefan@invis-server.org
<p>In the case of a problem, the invis-server sends mails to a named administrator. This is usually an external service provider. Such mails should also be sent to a local manager. We should add a cc-address to our configuration and extend the emergmailer script.</p>
invisAD-setup - action #63634 (New): We should publish a list with the expiry dates of all VPN cl...https://progress.opensuse.org/issues/636342020-02-20T07:36:54Zflaccostefan@invis-server.org
<p>The VPN client certs we create have a 24 month time to live. Actually the users have no information about this, the don't know when there clients certs epxire. More than once this caused problems in practice.</p>
invisAD-setup - action #55349 (Closed): add a Script-entry for the inhume-script into invis-Porta...https://progress.opensuse.org/issues/553492019-08-11T14:30:12Zflaccostefan@invis-server.org
<p>inhume is a script to remove orphaned data from exited users out of kopano and owncloud.</p>
invisAD-setup - action #54389 (New): DNS-Updates via DHCP-Server should be possiblehttps://progress.opensuse.org/issues/543892019-07-18T06:37:55Zflaccostefan@invis-server.org
<p>In our setup every try to update DNS-Records dynamically fails:</p>
<p>Unable to add forward map from LANCOM_884_VOIP.baettenhausen.local to 192.168.1.205: REFUSED</p>
<p>This should be possible.</p>
<p>How to setup: <a href="https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Setting_up_BIND" class="external">https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End#Setting_up_BIND</a></p>
invisAD-setup - action #46472 (Rejected): Evaluation: EGroupwarehttps://progress.opensuse.org/issues/464722019-01-21T16:26:15Zflaccostefan@invis-server.org
<p>invis-Servers use Kopano as their primary groupware system. Earlier versions of the invis server also included group-e. Group-es focus differs completely from Kopano. Features like project-management or time-tracking turned Group-e from a simple groupware to a tool which has the possibility to manage a lot of business workflows. After the group-e maintainers stopped the group-e developement, I was looking for an alternate system. The first idea was to include Tine20, but it was to complex.</p>
<p>In the very early days of invis-server they included EGroupware but I kicked it in favor of group-e. Now EGroupware did giant steps forward. We should evaluate if it is possible to integrate EGroupware as an alternative to Kopano for customers which want to manage their whole business with an extended groupware system.</p>
<p>Questions:</p>
<ol>
<li>Is it possible to combine EGroupware with ActiveDirectory based user-management?</li>
<li>Is it possible to automate EGroupwares setup and configuration?</li>
<li>Can EGroupware fit the needs of our target group or is it much to complex?</li>
</ol>
<p>A possible implementation of EGroupware will not change the Role of Kopano as our preferred groupware system. </p>
invisAD-setup - action #46121 (Rejected): CalDAV to CalDAV synchronization (Server to Server)https://progress.opensuse.org/issues/461212019-01-14T19:25:31Zflaccostefan@invis-server.org
<p>We should evaluate if it is possible to integrate a CalDAV to CalDAV synchronization tool into the invis-Server.</p>
<p>Background: With Kopano or other groupware systems we have a CalDAV Server inside invis-Server. A lot of our (FSP) customers use additional business-software systems which also ships calendar and scheduling components inside. Some of them are CalDAV servers.</p>
<p>For our customers it's difficult to decide which system they should use. Having the possibility to synchronize these systems could be a cool and extremely useful feature.</p>
invisAD-setup - action #43424 (In Progress): Add the functionality to create kopano-ressources to...https://progress.opensuse.org/issues/434242018-11-06T10:03:48Zflaccostefan@invis-server.org
<p>Kopano resources are shared store users with additional attributes "zarafaResourceType" and "zarafaResourceCapacity". Possible values are an integer number for the capacity and "equipment" or "room" for the type. Only resources of type "equipment" can be extended with a capacity value. It means that a resource exists X times.</p>
invisAD-setup - action #37414 (In Progress): Implementation of SingleSignOnhttps://progress.opensuse.org/issues/374142018-06-15T07:57:23Zflaccostefan@invis-server.org
<p>Step by step we should implement SSO for as much applications as possible. First step would be to fit the apache2 setup for SSO.</p>
invisAD-setup - action #36019 (Rejected): We should think about the integration of kopanos libre-...https://progress.opensuse.org/issues/360192018-05-09T06:52:03Zflaccostefan@invis-server.org
<p>Sharing Documents is an essential part of modern working.... </p>
invis-server - action #35995 (Closed): Creating a new repository structure for leap 15 based invi...https://progress.opensuse.org/issues/359952018-05-08T07:32:44Zflaccostefan@invis-server.org
<p>Ingo mentioned that it would be wise to create a completely new repositories structure. A new start from scratch helps to drop old ballast from our repos.</p>
invisAD-setup - action #25198 (Rejected): invis-Server Upgrade Systemhttps://progress.opensuse.org/issues/251982017-09-12T05:53:59Zflaccostefan@invis-server.org
<p>We should build an upgrade System or Script for invis-Server to support minor-release jumps.</p>
<p>Such a system has to do only the projectable things like adding new stuff (schema addons, data) to Active-Directory or setting new Versionnumbers. To do the whole upgrades automatically is impossible in my opinion. </p>
<p>Any suggestions to this topic?</p>
invisAD-setup - action #23746 (Closed): Adding sudoers rules to active directory.https://progress.opensuse.org/issues/237462017-08-29T08:02:07Zflaccostefan@invis-server.org
<p>Like described in an "Linux Administrator Magazin" article we should add support for providing sudo rules to active directory.</p>
<p>Info: <a href="http://jhrozek.livejournal.com/3860.html" class="external">http://jhrozek.livejournal.com/3860.html</a></p>