openSUSE Project Management Tool: Issueshttps://progress.opensuse.org/https://progress.opensuse.org/themes/openSUSE/favicon/favicon.ico?15829177842022-01-09T13:45:36ZopenSUSE Project Management Tool
Redmine invisAD-setup - action #104730 (Closed): "Direct Rules" der Firewall greifen nicht mehr.https://progress.opensuse.org/issues/1047302022-01-09T13:45:36Zflaccostefan@invis-server.org
<p>Im Firewall-Setup des invis-Servers haben wir vor einiger Zeit einen Satz an "Direct-Rules" hinzugefügt. Hier die zugehörige XML-Datei:</p>
<pre><code><?xml version="1.0" encoding="utf-8"?>
<direct>
<!-- <rule ipv="ipv4" table="nat" chain="POSTROUTING" priority="0">-o intern -j MASQUERADE</rule> -->
<rule ipv="ipv4" table="filter" chain="FORWARD" priority="0">-i vpn -o intern -j ACCEPT</rule>
<rule ipv="ipv4" table="filter" chain="FORWARD" priority="0">-i intern -o vpn -m state --state RELATED,ESTABLISHED -j ACCEPT</rule>
</direct>
</code></pre>
<p>Die hier gesetzten Regeln dienten dazu ein Class-Routing zwischen den Schnittstellen "intern" und "vpn" zu ermöglichen. Beide Schnittstellen sind Teil der Zone "internal". Ohne diese Regel war es nicht möglich via VPN auf Netzwerkkomponenten hinter dem invis-Server zuzugreifen.</p>
<p>Unter openSUSE 15.3 (invis 14.3) scheinen diese Regeln nicht mehr zu greifen.</p>
<p>Vermutlich liegt das daran, dass inzwischen "nftables" anstelle von "iptables" als Firewall-Backend genutzt wird.</p>
invisAD-setup - action #81078 (Closed): Aktualisieren unseres Dehydrated-Setupshttps://progress.opensuse.org/issues/810782020-12-15T19:52:27Zflaccostefan@invis-server.org
<p>Die Konfiguration von Dehydrated sollte um die Direktive "cleanup" ergänzt werden. Das sorgt dafür, dass alte Zertifikate automatisch gelöscht werden.</p>
<p>Um dies umzusetzen müssen unter /etc/dehydrated vom Benutzer dehydrated angelegt werden können. Aufgrund inkorrekter Besitzrechte im derzeitigen Setup klappt das nicht, was Folgefehler nach sich zieht.</p>
<p>Es scheint auch so, dass keine "domain.txt" Datei angelegt wird. Dies sollte während des invis-Server Setups automatisch geschehen.</p>
<p>Das Toolbox-Script "actdehydrated" verwendet noch das Kommando "ifconfig", welches nicht mehr im openSUSE Standard-Setup enthalten ist. Das Script muss auf das Kommando "ip" umgestellt werden.</p>
invis-backup - action #67930 (Closed): Add pruning functionality to invis-bbuhttps://progress.opensuse.org/issues/679302020-06-10T07:13:19Zflaccostefan@invis-server.org
<p>For the first step pruning should run:</p>
<ol>
<li>manually for disk backup</li>
<li>automatically for net backup </li>
</ol>
invisAD-setup - action #67540 (In Progress): Build Kimai 2.0 packagehttps://progress.opensuse.org/issues/675402020-06-01T13:42:23Zflaccostefan@invis-server.org
<p>invis-server ships Kimai Timetracking in Version 1.3.x. The Kimai projects releases kimai2 some time ago. Kimai2 is a complete new software.</p>
invisAD-setup - action #67156 (Closed): Add cc-mailadress for emergency mailshttps://progress.opensuse.org/issues/671562020-05-22T07:31:59Zflaccostefan@invis-server.org
<p>In the case of a problem, the invis-server sends mails to a named administrator. This is usually an external service provider. Such mails should also be sent to a local manager. We should add a cc-address to our configuration and extend the emergmailer script.</p>
invisAD-setup - action #55349 (Closed): add a Script-entry for the inhume-script into invis-Porta...https://progress.opensuse.org/issues/553492019-08-11T14:30:12Zflaccostefan@invis-server.org
<p>inhume is a script to remove orphaned data from exited users out of kopano and owncloud.</p>
invisAD-setup - action #51869 (Closed): Build new own Samba-packageshttps://progress.opensuse.org/issues/518692019-05-22T16:22:30Zflaccostefan@invis-server.org
<p>Caused by problems with the MIT-Kerberos implementation and it's "experimental" state, we must build again own Samba-packages with Heimdal-Kerberos and switch our setup back to these own packages.</p>
invisAD-setup - action #46121 (Rejected): CalDAV to CalDAV synchronization (Server to Server)https://progress.opensuse.org/issues/461212019-01-14T19:25:31Zflaccostefan@invis-server.org
<p>We should evaluate if it is possible to integrate a CalDAV to CalDAV synchronization tool into the invis-Server.</p>
<p>Background: With Kopano or other groupware systems we have a CalDAV Server inside invis-Server. A lot of our (FSP) customers use additional business-software systems which also ships calendar and scheduling components inside. Some of them are CalDAV servers.</p>
<p>For our customers it's difficult to decide which system they should use. Having the possibility to synchronize these systems could be a cool and extremely useful feature.</p>
invisAD-setup - action #45731 (Closed): Bug: firewalld is blocking everything until it's restartedhttps://progress.opensuse.org/issues/457312019-01-04T15:54:45Zflaccostefan@invis-server.org
<p>After a reboot of an invis server the new firwalld daemon is blocking everything until it is restarted.</p>
invisAD-setup - action #43424 (In Progress): Add the functionality to create kopano-ressources to...https://progress.opensuse.org/issues/434242018-11-06T10:03:48Zflaccostefan@invis-server.org
<p>Kopano resources are shared store users with additional attributes "zarafaResourceType" and "zarafaResourceCapacity". Possible values are an integer number for the capacity and "equipment" or "room" for the type. Only resources of type "equipment" can be extended with a capacity value. It means that a resource exists X times.</p>
invisAD-setup - action #39161 (Closed): Build a new invisAD-setup Version 13.5https://progress.opensuse.org/issues/391612018-08-05T10:29:18Zflaccostefan@invis-server.org
<p>13.5 is a kind of intermediate version to prepare an upgrade to upcoming leap15 based Versions.</p>
<ul>
<li>This Version uses PHP7 and corNAz is already integrated in our invis-Portal.</li>
<li>It should support PHP7 based Kopano 8.6 packages and ownCloud 10.</li>
</ul>
invisAD-client - action #31636 (In Progress): bringing invis-client package to opensuse factoryhttps://progress.opensuse.org/issues/316362018-02-10T17:01:11Zflaccostefan@invis-server.org
<p>In github (<a href="https://github.com/invisserver/invisAD-client" class="external">https://github.com/invisserver/invisAD-client</a>) I startet a very small invis-client project. It's goal is to add opensuse Linux workstations to an invis-server AD domain. Using this tool is a litlle bit complicated because it has to be cloned from github before using it.</p>
<p>We should bring this as a rpm package into opensuse-factory to make it easy for opensuse clients to join an invis-server domain.</p>
<p>Steps:</p>
<ol>
<li>build a package in spins:invis:testing</li>
<li>request to add it to factory</li>
</ol>
invisAD-setup - action #29886 (Closed): Building all keypairs inside the sine2 sysprep modulehttps://progress.opensuse.org/issues/298862017-12-30T11:42:58Zflaccostefan@invis-server.org
<p>All keys and certs should be build during the run of the sysprep modul, because builing keys needs user interaction which interrupts the sine2 run.</p>
invisAD-setup - action #23746 (Closed): Adding sudoers rules to active directory.https://progress.opensuse.org/issues/237462017-08-29T08:02:07Zflaccostefan@invis-server.org
<p>Like described in an "Linux Administrator Magazin" article we should add support for providing sudo rules to active directory.</p>
<p>Info: <a href="http://jhrozek.livejournal.com/3860.html" class="external">http://jhrozek.livejournal.com/3860.html</a></p>
invis-backup - action #23672 (Rejected): add encryption to invis-rdbu https://progress.opensuse.org/issues/236722017-08-26T11:28:04Zflaccostefan@invis-server.org
<p>We should extend our own backup-solution invis-rdbu to support encrypted harddisks or volumes.</p>
<p>invis-rdbu can use external eSATA or USB Disks as backup targets. These targes should be encrypted for security reasons.</p>
<p>I think that it's not necessary to encrypt the backup target in case if the target is a backup-server.</p>