Re: Wheezy Gosa² setup
Hi, On Tue, Jan 22, 2013 at 05:43:59AM +0100, Mike Gabriel wrote: > Hi Andi, hi Wolfgang, > > On Di 22 Jan 2013 00:38:32 CET Wolfgang Schweer wrote: > > >>In addition, I had to rewrite gosa-sync. > > > >gosa-sync seems to work here without any change. > > In Debian Edu squeeze and GOsa² 2.6 the gosa-sync script does not > report back failures to GOsa², thus, passwords run out of sync. As > we have several OTRS tickets open about this with our customers, > this definitely would be an improvement for squeeze, at least. Are > you really sure that error handling is correct with wheezy and GOsa² > 2.7 (/me doubts it by what is written in this thread). > > Simple way to test gosa-sync failures: e.g. stop kadmind and try to > modify or add a user with GOsa². > I just tried this test, however, even with kadmind stopped, the password can be modified as gosa-sync operates via kadmin.local directly on the database, I guess. The test I used is changing to a password with just a single class of characters, for example "12345". GOsa allows this password, but I use a Kerberos policy that demands 2 character classes: This error is reported in GOsa and the password modification canceled (also within LDAP). Best regards, Andi -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130122073509.GA17391@fuzi
Re: Wheezy Gosa² setup
Hi Andi, hi Wolfgang, On Di 22 Jan 2013 00:38:32 CET Wolfgang Schweer wrote: In addition, I had to rewrite gosa-sync. gosa-sync seems to work here without any change. In Debian Edu squeeze and GOsa² 2.6 the gosa-sync script does not report back failures to GOsa², thus, passwords run out of sync. As we have several OTRS tickets open about this with our customers, this definitely would be an improvement for squeeze, at least. Are you really sure that error handling is correct with wheezy and GOsa² 2.7 (/me doubts it by what is written in this thread). Simple way to test gosa-sync failures: e.g. stop kadmind and try to modify or add a user with GOsa². Mike -- DAS-NETZWERKTEAM mike gabriel, rothenstein 5, 24214 neudorf-bornstein fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpnaZowxmAhX.pgp Description: Digitale PGP-Unterschrift
Re: Wheezy Gosa² setup
On Mon, Jan 21, 2013 at 11:17:37PM +0100, Andreas B. Mundt wrote: > Hi, > > On Sun, Jan 20, 2013 at 05:25:16PM +0100, Wolfgang Schweer wrote: > > On Sun, Jan 20, 2013 at 01:38:22PM +0100, Andreas B. Mundt wrote: > > > I had to modify the variable name to be send to gosa-sync: > > > > > > - postmodify="USERPASSWORD=%userPassword /usr/bin/sudo > > >/usr/local/sbin/gosa-sync %dn" > > > + postmodify="USERPASSWORD=%new_password /usr/bin/sudo > > >/usr/local/sbin/gosa-sync %dn" > > > > Seems to be that this change is required in the administration section > > too. > > Strange, it seems to work here with just one occurrence. Perhaps because > I use fewer features. I just had a look at your gosa.conf file. Seems to be that there are the same features. But: I've put the postmodify line into the administration section after class="userManagement". Seems to work. > In addition, I had to rewrite gosa-sync. gosa-sync seems to work here without any change. Wolfgang signature.asc Description: Digital signature
Re: Wheezy Gosa² setup
Hi, On Sun, Jan 20, 2013 at 05:25:16PM +0100, Wolfgang Schweer wrote: > On Sun, Jan 20, 2013 at 01:38:22PM +0100, Andreas B. Mundt wrote: > > I had to modify the variable name to be send to gosa-sync: > > > > - postmodify="USERPASSWORD=%userPassword /usr/bin/sudo > >/usr/local/sbin/gosa-sync %dn" > > + postmodify="USERPASSWORD=%new_password /usr/bin/sudo > >/usr/local/sbin/gosa-sync %dn" > > Seems to be that this change is required in the administration section > too. Strange, it seems to work here with just one occurrence. Perhaps because I use fewer features. In addition, I had to rewrite gosa-sync. Take a look at: http://anonscm.debian.org/gitweb/?p=collab-maint/debian-lan.git;a=blob;f=fai/config/files/usr/local/sbin/gosa-sync/GOSA> If kadmin.local gives an error, the error message is shown in GOsa and the password change reverted. Best regards, Andi -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130121221737.GA7713@fuzi
Re: Wheezy Gosa² setup
On Mon, Jan 21, 2013 at 09:57:09PM +0100, Mike Gabriel wrote: > On Mo 21 Jan 2013 16:46:33 CET Wolfgang Schweer wrote: > >On Mon, Jan 21, 2013 at 03:25:24PM +0100, Holger Levsen wrote: > >>On Montag, 21. Januar 2013, Wolfgang Schweer wrote: > >>> > > New Revision: 78794 > >>> > > +# FIXME: Check this for jessie > >>> > why do we need this plugin again? didnt we do this already for > >>> > squeeze? > >>> gosa-plugin-netgroups isn't available in wheezy (bug #682747). for > > The problem with gosa-plugin-netgroups was, that the upstream > changes in the plugin that were needed for 2.7 compatibility were > only provided by GONICUS very shore before the wheezy freeze. Too > short. The GOsa² packaging team offered to include the netgroups > plugin into the build infrastructure of the gosa src:package, but > for this it was also too late at that time. > > >>> squeeze there was am imo ugly solution > >>> (debian-edu-gosa-plugin-netgrups). > >> > >>why do you think this was ugly and how did you implement this > >>differently now? > > > >it was implemented as the (virtual) package > > not as a virtual package. The upstream code was in src:package > debian-edu-config. The build process of src:package > debian-edu-config created a bin:package named > debian-edu-config-gosa-netgroups. This bit of code was hacked on the > dev meeting in 2011 in Hamburg. > > >debian-edu-config-gosa-netgrroups, causing bug #662947 > > /me wonders if there is a typo in the bug number... the quoted bug > seems totally unrelated... you probably also mean #682747 here? typo, should've been #662967 Wolfgang signature.asc Description: Digital signature
Re: Wheezy Gosa² setup
Hi all, On Mo 21 Jan 2013 16:46:33 CET Wolfgang Schweer wrote: On Mon, Jan 21, 2013 at 03:25:24PM +0100, Holger Levsen wrote: On Montag, 21. Januar 2013, Wolfgang Schweer wrote: > > > New Revision: 78794 > > > +# FIXME: Check this for jessie > > why do we need this plugin again? didnt we do this already for > > squeeze? > gosa-plugin-netgroups isn't available in wheezy (bug #682747). for The problem with gosa-plugin-netgroups was, that the upstream changes in the plugin that were needed for 2.7 compatibility were only provided by GONICUS very shore before the wheezy freeze. Too short. The GOsa² packaging team offered to include the netgroups plugin into the build infrastructure of the gosa src:package, but for this it was also too late at that time. > squeeze there was am imo ugly solution > (debian-edu-gosa-plugin-netgrups). why do you think this was ugly and how did you implement this differently now? it was implemented as the (virtual) package not as a virtual package. The upstream code was in src:package debian-edu-config. The build process of src:package debian-edu-config created a bin:package named debian-edu-config-gosa-netgroups. This bit of code was hacked on the dev meeting in 2011 in Hamburg. debian-edu-config-gosa-netgrroups, causing bug #662947 /me wonders if there is a typo in the bug number... the quoted bug seems totally unrelated... you probably also mean #682747 here? now it's simply shipped within d-e-c (which might be even more ugly concerning policy?) Yes, it is more ugly, but for wheezy, this is our only chance to get the netgroups plugin into Debian (again). > this was detected by some script and > as a consequence you removed it for wheezy. rather, the new gosa version includes this plugin now (or was said to), so thats why we had those "Breaks:"-releationships and so I removed it. see bugs #682747 and #680945 > without the plugin the > main-server is badly crippled. why dont we add this plugin the old way then? could be done, but see above. anyway: it must be there. Let's take the squeeze way here (or no way...). > there's yet another big problem: in gosa-plugin-ldapmanager the import > feature has been dropped upstream since version 2.7. it was "not widely > used" (or some such) and so porting cut to limit workload. that's sort > of a great loss for local school admins. what functionality does that plugin provide? it allows mass creation of user accounts using a csv file. argghhh... the LDAP import add-on is a must I cannot imaging to maintain a large deployment without such an import filter. There were caveats in the 2.6 LDAP mass import code, but once you were aware of them, it did good deeds. We probably have to hack that one into debian-edu-config, as well (plus updating the upstream code for usage with gosa 2.7). Grmpf... Mike -- DAS-NETZWERKTEAM mike gabriel, rothenstein 5, 24214 neudorf-bornstein fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpBjQ0qGm45i.pgp Description: Digitale PGP-Unterschrift
Re: debian-edu-doc translation update (Was: Content and translation status for the debian-edu-squeeze manual)
Le 20/01/2013 19:33, Wolfgang Schweer a écrit : > On Sun, Jan 20, 2013 at 03:45:42PM -0400, David Prévot wrote: >> Le 19/01/2013 21:23, Holger Levsen a écrit : >> >>> debian-edu-squeeze-manual.da.po: 1345 translated messages, 1 fuzzy >>> translation, 21 untranslated messages. >>> debian-edu-squeeze-manual.de.po: 1345 translated messages, 1 fuzzy >>> translation, 21 untranslated messages. >> […] >>> debian-edu-squeeze-manual.fr.po: 1345 translated messages, 1 fuzzy >>> translation, 21 untranslated messages. >>> debian-edu-squeeze-manual.it.po: 1345 translated messages, 1 fuzzy >>> translation, 21 untranslated messages. >> >> No date is scheduled yet for the 6.0.*+r1 release, but could you please >> update your translation in the mean time? (I'll be less ashamed to ask >> you for a last minute translation update with a short timeline when I'll >> be aware of it ;). > nothing has been done because these items concern a chapter which is "work > in progress" -- only to be translated, if editing is finished. Please note that I've filled up this part some time ago, it has been acknowledge by Holger, but didn't remove the FIXME part in hope someone else would feed more stuff to it, and eventually review it too (and maybe I was too shy to pretend I actually fixed something ;). Regards David signature.asc Description: OpenPGP digital signature
Re: Wheezy Gosa² setup
On Mon, Jan 21, 2013 at 03:25:24PM +0100, Holger Levsen wrote: > On Montag, 21. Januar 2013, Wolfgang Schweer wrote: > > > > New Revision: 78794 > > > > +# FIXME: Check this for jessie > > > why do we need this plugin again? didnt we do this already for > > > squeeze? > > gosa-plugin-netgroups isn't available in wheezy (bug #682747). for > > squeeze there was am imo ugly solution > > (debian-edu-gosa-plugin-netgrups). > > why do you think this was ugly and how did you implement this > differently now? it was implemented as the (virtual) package debian-edu-config-gosa-netgrroups, causing bug #662947 now it's simply shipped within d-e-c (which might be even more ugly concerning policy?) > > this was detected by some script and > > as a consequence you removed it for wheezy. > > rather, the new gosa version includes this plugin now (or was said to), so > thats why we had those "Breaks:"-releationships and so I removed it. see bugs #682747 and #680945 > > without the plugin the > > main-server is badly crippled. > > why dont we add this plugin the old way then? could be done, but see above. anyway: it must be there. > > there's yet another big problem: in gosa-plugin-ldapmanager the import > > feature has been dropped upstream since version 2.7. it was "not widely > > used" (or some such) and so porting cut to limit workload. that's sort > > of a great loss for local school admins. > > what functionality does that plugin provide? it allows mass creation of user accounts using a csv file. > debian/changelog entries should be self-explainatory! :-) agreed. Wolfgang -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130121154633.GA4457@schweer-online.local
Re: Wheezy Gosa² setup
Hi, On Montag, 21. Januar 2013, Wolfgang Schweer wrote: > > > New Revision: 78794 > > > +# FIXME: Check this for jessie > > why do we need this plugin again? didnt we do this already for squeeze? > gosa-plugin-netgroups isn't available in wheezy (bug #682747). for > squeeze there was am imo ugly solution > (debian-edu-gosa-plugin-netgrups). why do you think this was ugly and how did you implement this differently now? > this was detected by some script and > as a consequence you removed it for wheezy. rather, the new gosa version includes this plugin now (or was said to), so thats why we had those "Breaks:"-releationships and so I removed it. > without the plugin the > main-server is badly crippled. why dont we add this plugin the old way then? > there's yet another big problem: in gosa-plugin-ldapmanager the import > feature has been dropped upstream since version 2.7. it was "not widely > used" (or some such) and so porting cut to limit workload. that's sort > of a great loss for local school admins. what functionality does that plugin provide? > > will this work (=calling update-gosa without path) ? > path is included, though hard to see due to line wrapping. ah, good. > > this also didnt really answer the question (much), but fine... > > > > - * finish-install: prevent configured network interfaces file from > > being deleted by d-i. > > -Don't delete file, only zero content, to avoid error message > > -in log file. > > last two lines only understandable as sort of a reply to a proposal by > pere (delete file as one of five options to solve the problem) -- so > nothing was really changed. debian/changelog entries should be self-explainatory! :-) cheers, Holger -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/201301211525.25258.hol...@layer-acht.org
