openSUSE Project Management Tool: Issueshttps://progress.opensuse.org/https://progress.opensuse.org/themes/openSUSE/favicon/favicon.ico?15829177842022-01-09T13:45:36ZopenSUSE Project Management Tool
Redmine invisAD-setup - action #104730 (Closed): "Direct Rules" der Firewall greifen nicht mehr.https://progress.opensuse.org/issues/1047302022-01-09T13:45:36Zflaccostefan@invis-server.org
<p>Im Firewall-Setup des invis-Servers haben wir vor einiger Zeit einen Satz an "Direct-Rules" hinzugefügt. Hier die zugehörige XML-Datei:</p>
<pre><code><?xml version="1.0" encoding="utf-8"?>
<direct>
<!-- <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0">-o intern -j MASQUERADE</rule> -->
<rule ipv="ipv4" table="filter" chain="FORWARD" priority="0">-i vpn -o intern -j ACCEPT</rule>
<rule ipv="ipv4" table="filter" chain="FORWARD" priority="0">-i intern -o vpn -m state --state RELATED,ESTABLISHED -j ACCEPT</rule>
</direct>
</code></pre>
<p>Die hier gesetzten Regeln dienten dazu ein Class-Routing zwischen den Schnittstellen "intern" und "vpn" zu ermöglichen. Beide Schnittstellen sind Teil der Zone "internal". Ohne diese Regel war es nicht möglich via VPN auf Netzwerkkomponenten hinter dem invis-Server zuzugreifen.</p>
<p>Unter openSUSE 15.3 (invis 14.3) scheinen diese Regeln nicht mehr zu greifen.</p>
<p>Vermutlich liegt das daran, dass inzwischen "nftables" anstelle von "iptables" als Firewall-Backend genutzt wird.</p>
invisAD-setup - action #81078 (Closed): Aktualisieren unseres Dehydrated-Setupshttps://progress.opensuse.org/issues/810782020-12-15T19:52:27Zflaccostefan@invis-server.org
<p>Die Konfiguration von Dehydrated sollte um die Direktive "cleanup" ergänzt werden. Das sorgt dafür, dass alte Zertifikate automatisch gelöscht werden.</p>
<p>Um dies umzusetzen müssen unter /etc/dehydrated vom Benutzer dehydrated angelegt werden können. Aufgrund inkorrekter Besitzrechte im derzeitigen Setup klappt das nicht, was Folgefehler nach sich zieht.</p>
<p>Es scheint auch so, dass keine "domain.txt" Datei angelegt wird. Dies sollte während des invis-Server Setups automatisch geschehen.</p>
<p>Das Toolbox-Script "actdehydrated" verwendet noch das Kommando "ifconfig", welches nicht mehr im openSUSE Standard-Setup enthalten ist. Das Script muss auf das Kommando "ip" umgestellt werden.</p>
invisAD-setup - action #67540 (In Progress): Build Kimai 2.0 packagehttps://progress.opensuse.org/issues/675402020-06-01T13:42:23Zflaccostefan@invis-server.org
<p>invis-server ships Kimai Timetracking in Version 1.3.x. The Kimai projects releases kimai2 some time ago. Kimai2 is a complete new software.</p>
invisAD-setup - action #67156 (Closed): Add cc-mailadress for emergency mailshttps://progress.opensuse.org/issues/671562020-05-22T07:31:59Zflaccostefan@invis-server.org
<p>In the case of a problem, the invis-server sends mails to a named administrator. This is usually an external service provider. Such mails should also be sent to a local manager. We should add a cc-address to our configuration and extend the emergmailer script.</p>
invisAD-setup - action #55349 (Closed): add a Script-entry for the inhume-script into invis-Porta...https://progress.opensuse.org/issues/553492019-08-11T14:30:12Zflaccostefan@invis-server.org
<p>inhume is a script to remove orphaned data from exited users out of kopano and owncloud.</p>
invisAD-setup - action #51869 (Closed): Build new own Samba-packageshttps://progress.opensuse.org/issues/518692019-05-22T16:22:30Zflaccostefan@invis-server.org
<p>Caused by problems with the MIT-Kerberos implementation and it's "experimental" state, we must build again own Samba-packages with Heimdal-Kerberos and switch our setup back to these own packages.</p>
invisAD-setup - action #47072 (Closed): Check our DHCP-LDAP Schemahttps://progress.opensuse.org/issues/470722019-02-03T10:47:39Zflaccostefan@invis-server.org
<p>During an Upgrade from Samba 4.6 to 4.7 with MIT Kerberos, it is necessary to run "samba-tool dbcheck --cross-ncs --fix".</p>
<p>dbcheck throws some errors related to our dhcpd-LDAP Schema. We have to check this.</p>
<p>Errors:</p>
<hr>
<p>ERROR: Normalisation error for attribute mayContain in CN=iscDhcpClass,CN=Schema,CN=Configuration,DC=140-net,DC=loc<br>
value 'iscDhcpSubClassesDN' should be 'iscDhcpSubclassesDN'<br>
Not fixing attribute mayContain<br>
ERROR: Duplicate values for attribute 'mayContain' in 'CN=iscDhcpClass,CN=Schema,CN=Configuration,DC=140-net,DC=loc'<br>
Values contain a duplicate: [iscDhcpSubClassesDN,iscDhcpOptionsDN,iscDhcpStatements,iscDhcpComments,iscDhcpOption]/[iscDhcpSubClassesDN]!<br>
Not fixing attribute 'mayContain'<br>
ERROR: Not fixing missing 'name' on 'CN=iscDhcpClass,CN=Schema,CN=Configuration,DC=140-net,DC=loc'<br>
ERROR: Normalisation error for attribute mustContain in CN=iscDhcpFailOverPeer,CN=Schema,CN=Configuration,DC=140-net,DC=loc<br>
value 'iscDhcpFailoverPrimaryPort' should be 'iscDhcpFailOverPrimaryPort'<br>
Not fixing attribute mustContain<br>
ERROR: Duplicate values for attribute 'mustContain' in 'CN=iscDhcpFailOverPeer,CN=Schema,CN=Configuration,DC=140-net,DC=loc'<br>
Values contain a duplicate: [cn,iscDhcpFailOverPrimaryServer,iscDhcpFailOverSecondaryServer,iscDhcpFailoverPrimaryPort,iscDhcpFailOverSecondaryPort]/[iscDhcpFailOverPrimaryServer,iscDhcpFailoverPrimaryPort,cn,iscDhcpFailOverSecondaryServer]!<br>
Not fixing attribute 'mustContain'<br>
ERROR: Not fixing missing 'name' on 'CN=iscDhcpFailOverPeer,CN=Schema,CN=Configuration,DC=140-net,DC=loc'<br>
ERROR: incorrect DN SID component for member in object CN=Domain Users,CN=Users,DC=140-net,DC=loc - ;;;;;;;;CN=<a href="mailto:postmaster@140-net.loc">postmaster@140-net.loc</a>,CN=Users,DC=140-net,DC=loc<br>
Not fixing SID component mismatch</p>
<hr>
invisAD-setup - action #46121 (Rejected): CalDAV to CalDAV synchronization (Server to Server)https://progress.opensuse.org/issues/461212019-01-14T19:25:31Zflaccostefan@invis-server.org
<p>We should evaluate if it is possible to integrate a CalDAV to CalDAV synchronization tool into the invis-Server.</p>
<p>Background: With Kopano or other groupware systems we have a CalDAV Server inside invis-Server. A lot of our (FSP) customers use additional business-software systems which also ships calendar and scheduling components inside. Some of them are CalDAV servers.</p>
<p>For our customers it's difficult to decide which system they should use. Having the possibility to synchronize these systems could be a cool and extremely useful feature.</p>
invisAD-setup - action #45731 (Closed): Bug: firewalld is blocking everything until it's restartedhttps://progress.opensuse.org/issues/457312019-01-04T15:54:45Zflaccostefan@invis-server.org
<p>After a reboot of an invis server the new firwalld daemon is blocking everything until it is restarted.</p>
invisAD-setup - action #43424 (In Progress): Add the functionality to create kopano-ressources to...https://progress.opensuse.org/issues/434242018-11-06T10:03:48Zflaccostefan@invis-server.org
<p>Kopano resources are shared store users with additional attributes "zarafaResourceType" and "zarafaResourceCapacity". Possible values are an integer number for the capacity and "equipment" or "room" for the type. Only resources of type "equipment" can be extended with a capacity value. It means that a resource exists X times.</p>
invisAD-setup - action #39161 (Closed): Build a new invisAD-setup Version 13.5https://progress.opensuse.org/issues/391612018-08-05T10:29:18Zflaccostefan@invis-server.org
<p>13.5 is a kind of intermediate version to prepare an upgrade to upcoming leap15 based Versions.</p>
<ul>
<li>This Version uses PHP7 and corNAz is already integrated in our invis-Portal.</li>
<li>It should support PHP7 based Kopano 8.6 packages and ownCloud 10.</li>
</ul>
invisAD-setup - action #36108 (Resolved): Connect kimai to ADhttps://progress.opensuse.org/issues/361082018-05-12T12:23:35Zflaccostefan@invis-server.org
<p>sine2 should prepare the connection of kimai to the activedirectory</p>
invisAD-setup - action #29886 (Closed): Building all keypairs inside the sine2 sysprep modulehttps://progress.opensuse.org/issues/298862017-12-30T11:42:58Zflaccostefan@invis-server.org
<p>All keys and certs should be build during the run of the sysprep modul, because builing keys needs user interaction which interrupts the sine2 run.</p>
invisAD-setup - action #25532 (Closed): Combine z-push and owncloud vHostshttps://progress.opensuse.org/issues/255322017-09-23T15:40:15Zflaccostefan@invis-server.org
<p>A lot of possible recipients of an owncloud share-link are behind of a proxy server. The most proxy servers block the access to ports different from the standard http(s) ports 80 and 443.</p>
invisAD-setup - action #23746 (Closed): Adding sudoers rules to active directory.https://progress.opensuse.org/issues/237462017-08-29T08:02:07Zflaccostefan@invis-server.org
<p>Like described in an "Linux Administrator Magazin" article we should add support for providing sudo rules to active directory.</p>
<p>Info: <a href="http://jhrozek.livejournal.com/3860.html" class="external">http://jhrozek.livejournal.com/3860.html</a></p>