date:20100416

Re: LDAP module and password recording in DB

2010-04-16 Thread t.lem...@gmail.com


smoeker a écrit :

hola,

to avoid misunderstandings :

"I'm sure of what I said because I've tested it and the code is
straightforward: if a user has admin rights then he is authenticated
to
th OM DB and not Ldap. This means that his password will never gets
synched again later."

-> u r right, ldap admins are always authenticated against local
database and his password is never synched with LDAP Directory
-> and btw : i am also quite sure of what i am saying, cause i wrote
the main part of the ldap code ;-)
  

I trust you ;-) I'm not complaining, just explaining what I see.



"This is also something I have to change in my proposed patch"

cool, go ahead - you should also consider a solution for the admin
user that is created on install process - his password is stored in
local database, could be confusing for users to define a password for
admin, that will be ignored on login...
  
Exact, in my proposed patched (attached to the ticket), All users having 
AuthenticationType not set to LDAP will be authenticated against the 
local DB: this means not only admins but also other users.



"But there shouldn't be any trouble with the Directory server, at
least
with 2 openldap servers in synch ;-)"

we can not treat that as precondition - every software has to be
maintained or insn't available every time. hard to understand, why i
shouldn't be able to communicate using OM, if admin maintains
directory server...

but as you said : as long as its configurable, everything is
finyfine ;-)
  
In current code, if the LDAP directory is not reachable, I don't 
undersatnd how you can failback to internal DB authentication apart form 
temporarily disabling LDAP authentication. Is it what you do when LDAP 
is unreachable, or is there somwhere in the code somethinh that I 
haven't seen that takes care of this switching to internal DB when LDAP 
is unreachable ?


TIA,

Thibault




see ya

Smoeker


On 15 Apr., 20:28, t.lem...@gmail.com wrote:
  

t.lem...@gmail.com a crit :> smoeker a crit :



This will occur as soon as a Ldap user having admin privileges
changes his LDAP password. I'm sure of this <<


-> nope, i dont think so - this only causes problems, if the OM Admin
himself turns Ldap Auth off for OM and afterwards his password
changes


I'm sure of what I said because I've tested it and the code is
straightforward: if a user has admin rights then he is authenticated to
th OM DB and not Ldap. This means that his password will never gets
synched again later.

This is also something I have to change in my proposed patch



-> since the OM admin is the person turning the Ldap auth off, he is
the only one that can be aware of the problem, that his ldap password
isnt acutalized anymore within OM.


Not only his own password, but also the passwords of others.
When switching ldap config off, the  OM should decide wether to go on
authenticating users that have externalId set to Ldap or not.
Anyway, this might be a very rare case.



-> furthermore the storing of the password is a fallback for a short
time usually - i couldn't think of a scenario setting OM up with Ldap,
then switching back to local auth for ever...


I agree.



But I see now that we have 2 differents point of view on the
matter. <<


right, i am a fan of modular infrastructure


Yes me too.



- the Ldap auth was
thought as usability feature for users, that dont want to keep another
stupid password, but it shouldn't prevent them from working, if there
is trouble  with the directory server


But there shouldn't be any troubel with the Directory server, at least
with 2 openldap servers in synch ;-)

Thibault



  


--
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: Windows 2008 or Linux?

2010-04-16 Thread Marco Rojas

Debian or Ubuntu is my recomendation, requirements like Imagemagick and the
rest are a apt-get install away while in Windows they could be hard to
setup.


On Thu, Apr 15, 2010 at 3:50 AM, İbrahim ÖZKASAP  wrote:

> What are the experience and contrubution to run the openmeetings with
> Windows2008 or Linux?
>
> Any of your response would be appreciate,
>
> Best Regards,
>
> --
> You received this message because you are subscribed to the Google Groups
> "OpenMeetings User" group.
> To post to this group, send email to openmeetings-u...@googlegroups.com.
> To unsubscribe from this group, send email to
> openmeetings-user+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/openmeetings-user?hl=en.
>



-- 
Live free, live Linux!

-- 
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: LDAP module and password recording in DB

2010-04-16 Thread smoeker

hola,

to avoid misunderstandings :

"I'm sure of what I said because I've tested it and the code is
straightforward: if a user has admin rights then he is authenticated
to
th OM DB and not Ldap. This means that his password will never gets
synched again later."

-> u r right, ldap admins are always authenticated against local
database and his password is never synched with LDAP Directory
-> and btw : i am also quite sure of what i am saying, cause i wrote
the main part of the ldap code ;-)

"This is also something I have to change in my proposed patch"

cool, go ahead - you should also consider a solution for the admin
user that is created on install process - his password is stored in
local database, could be confusing for users to define a password for
admin, that will be ignored on login...

"But there shouldn't be any trouble with the Directory server, at
least
with 2 openldap servers in synch ;-)"

we can not treat that as precondition - every software has to be
maintained or insn't available every time. hard to understand, why i
shouldn't be able to communicate using OM, if admin maintains
directory server...

but as you said : as long as its configurable, everything is
finyfine ;-)



see ya

Smoeker


On 15 Apr., 20:28, t.lem...@gmail.com wrote:
> t.lem...@gmail.com a crit :> smoeker a crit :
>
>  This will occur as soon as a Ldap user having admin privileges
>  changes his LDAP password. I'm sure of this <<
>
> >> -> nope, i dont think so - this only causes problems, if the OM Admin
> >> himself turns Ldap Auth off for OM and afterwards his password
> >> changes
>
> I'm sure of what I said because I've tested it and the code is
> straightforward: if a user has admin rights then he is authenticated to
> th OM DB and not Ldap. This means that his password will never gets
> synched again later.
>
> This is also something I have to change in my proposed patch
>
> >> -> since the OM admin is the person turning the Ldap auth off, he is
> >> the only one that can be aware of the problem, that his ldap password
> >> isnt acutalized anymore within OM.
>
> Not only his own password, but also the passwords of others.
> When switching ldap config off, the  OM should decide wether to go on
> authenticating users that have externalId set to Ldap or not.
> Anyway, this might be a very rare case.
>
> >> -> furthermore the storing of the password is a fallback for a short
> >> time usually - i couldn't think of a scenario setting OM up with Ldap,
> >> then switching back to local auth for ever...
> I agree.
>
>  But I see now that we have 2 differents point of view on the
>  matter. <<
>
> >> right, i am a fan of modular infrastructure
>
> Yes me too.
>
> >> - the Ldap auth was
> >> thought as usability feature for users, that dont want to keep another
> >> stupid password, but it shouldn't prevent them from working, if there
> >> is trouble  with the directory server
>
> But there shouldn't be any troubel with the Directory server, at least
> with 2 openldap servers in synch ;-)
>
> Thibault

-- 
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: soap methodgateway or methodgateway

2010-04-16 Thread Bicho4191

hi again,

ok use soap its really easy just call the methods and shows the
results, thx for the help i wanna make some test and try do this
funtional

grettings

On 13 abr, 14:38, Bicho4191  wrote:
> thx Sebastian
>
> I start to use php like a extern system to connect openmeetings, i
> will try to use this library
>
> http://openmeetings.googlecode.com/svn/trunk/plugins/moodle_plugin/li...
>
> but i dont know how start
>
> thank you
>
> On 13 abr, 13:36, Sebastian Wagner  wrote:
>
>
>
> > hi Bicho,
>
> > the methode Gateway was a workaround for a users that are not able to use
> > theSOAPGateway. If you can you should always use theSOAPGateway!
>
> > Sebastian
>
> > 2010/4/13 Bicho4191 
>
> > > Hi everyone
>
> > > I'm trying to decide what suits me more usesoapgateway or just
> > > gateway method the question is that I need only generate the hash of a
> > > room, and access to it, but it is not possible with just mehotd
> > > gateway, I can only use the method setuserobject but I can not use
> > > setuserobjectandgenerateroomhashbyurl
>
> > > greetings and thanks
>
> > > --
> > > You received this message because you are subscribed to the Google Groups
> > > "OpenMeetings User" group.
> > > To post to this group, send email to openmeetings-u...@googlegroups.com.
> > > To unsubscribe from this group, send email to
> > > openmeetings-user+unsubscr...@googlegroups.com > >  i...@googlegroups.com>
> > > .
> > > For more options, visit this group at
> > >http://groups.google.com/group/openmeetings-user?hl=en.
>
> > --
> > Sebastian 
> > Wagnerhttp://www.webbase-design.dehttp://openmeetings.googlecode.comhttp://...
> > seba.wag...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: Deleting users

2010-04-16 Thread t . lemeur

Sebastian Wagner a écrit :

In which organization object?
I meant that while looking at an organisation in the GUI, the "Users"
select box that lists all users belonging to the orgnaisation is filled
with active _and_ deleted users.

Thibault

Cause in the Database Mapped Object(s) there is no link to Users:
http://openmeetings.googlecode.com/svn/trunk/singlewebapp/src/app/org/openmeetings/app/hibernate/beans/domain/Organisation.java
http://openmeetings.googlecode.com/svn/trunk/singlewebapp/src/app/org/openmeetings/app/hibernate/beans/domain/Organisation_Users.java

Sebastian

2010/4/16 mailto:t.lem...@gmail.com>>

Hi Sebastian,

Sebastian Wagner a écrit :

hi Thibault,

yes records are all just marked as deleted. Otherwise foreign
key contraints are violated (Except you are using MySQL MYISAM
where there are no foreign keys).
So adding a flag to mark as deleted is a common way of doing that.
Of course some kind of cron jobs to clean up the database with
orphan objects would be a plus for the future but for now we
will do it with the flag.

This is no problem to me, the only strange thing is that we
continue to see deleted users in the Organisation object.

Thibault

Sebastian

2010/4/16 mailto:t.lem...@gmail.com>
>>

Hi,

When an administrator deletes a user, his entry is not
deleted in
DB (marked as deleted only). I guess this is because we need to
keep track of this user's ressources on the system. Am I
right ?

Is it for the same reason that the mapping between deleted
users
and organizations persists after user deletion ?

Thanks in advance,
Thibault

-- You received this message because you are subscribed
to the Google
Groups "OpenMeetings User" group.
To post to this group, send email to
openmeetings-user@googlegroups.com

To unsubscribe from this group, send email to
openmeetings-user+unsubscr...@googlegroups.com

For more options, visit this group at
http://groups.google.com/group/openmeetings-user?hl=en.

--
Sebastian Wagner

http://www.webbase-design.de
http://openmeetings.googlecode.com
http://www.laszlo-forum.de
seba.wag...@gmail.com
>

--
You received this message because you are subscribed to the

Google Groups "OpenMeetings User" group.
To post to this group, send email to
openmeetings-user@googlegroups.com
.
To unsubscribe from this group, send email to
openmeetings-user+unsubscr...@googlegroups.com
.
For more options, visit this group at
http://groups.google.com/group/openmeetings-user?hl=en.

--
You received this message because you are subscribed to the Google

Groups "OpenMeetings User" group.
To post to this group, send email to
openmeetings-user@googlegroups.com
.
To unsubscribe from this group, send email to
openmeetings-user+unsubscr...@googlegroups.com
.
For more options, visit this group at
http://groups.google.com/group/openmeetings-user?hl=en.

--
Sebastian Wagner
http://www.webbase-design.de
http://openmeetings.googlecode.com
http://www.laszlo-forum.de
seba.wag...@gmail.com
--
You received this message because you are subscribed to the Google
Groups "OpenMeetings User" group.

To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/openmeetings-user?hl=en.

--
You received this message because you are subscribed to the Google Groups
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/openmeetings-user?hl=en.

Re: Deleting users

2010-04-16 Thread Sebastian Wagner

In which organization object?
Cause in the Database Mapped Object(s) there is no link to Users:
http://openmeetings.googlecode.com/svn/trunk/singlewebapp/src/app/org/openmeetings/app/hibernate/beans/domain/Organisation.java
http://openmeetings.googlecode.com/svn/trunk/singlewebapp/src/app/org/openmeetings/app/hibernate/beans/domain/Organisation_Users.java

Sebastian

2010/4/16 

> Hi Sebastian,
>
> Sebastian Wagner a écrit :
>
>  hi Thibault,
>>
>> yes records are all just marked as deleted. Otherwise foreign key
>> contraints are violated (Except you are using MySQL MYISAM where there are
>> no foreign keys).
>> So adding a flag to mark as deleted is a common way of doing that.
>> Of course some kind of cron jobs to clean up the database with orphan
>> objects would be a plus for the future but for now we will do it with the
>> flag.
>>
> This is no problem to me, the only strange thing is that we continue to see
> deleted users in the Organisation object.
>
> Thibault
>
>>
>> Sebastian
>>
>> 2010/4/16 mailto:t.lem...@gmail.com>>
>>
>>
>>Hi,
>>
>>When an administrator deletes a user, his entry is not deleted in
>>DB (marked as deleted only). I guess this is because we need to
>>keep track of this user's ressources on the system. Am I right ?
>>
>>Is it for the same reason that the mapping between deleted users
>>and organizations persists after user deletion ?
>>
>>Thanks in advance,
>>Thibault
>>
>>-- You received this message because you are subscribed to the
>> Google
>>Groups "OpenMeetings User" group.
>>To post to this group, send email to
>>openmeetings-user@googlegroups.com
>>.
>>
>>To unsubscribe from this group, send email to
>>
>> openmeetings-user+unsubscr...@googlegroups.com
>>
>> > >.
>>
>>For more options, visit this group at
>>http://groups.google.com/group/openmeetings-user?hl=en.
>>
>>
>>
>>
>> --
>> Sebastian Wagner
>> http://www.webbase-design.de
>> http://openmeetings.googlecode.com
>> http://www.laszlo-forum.de
>> seba.wag...@gmail.com 
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "OpenMeetings User" group.
>> To post to this group, send email to openmeetings-u...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> openmeetings-user+unsubscr...@googlegroups.com
>> .
>> For more options, visit this group at
>> http://groups.google.com/group/openmeetings-user?hl=en.
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "OpenMeetings User" group.
> To post to this group, send email to openmeetings-u...@googlegroups.com.
> To unsubscribe from this group, send email to
> openmeetings-user+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/openmeetings-user?hl=en.
>
>


-- 
Sebastian Wagner
http://www.webbase-design.de
http://openmeetings.googlecode.com
http://www.laszlo-forum.de
seba.wag...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: Deleting users

2010-04-16 Thread t . lemeur


Hi Sebastian,

Sebastian Wagner a écrit :

hi Thibault,

yes records are all just marked as deleted. Otherwise foreign key 
contraints are violated (Except you are using MySQL MYISAM where there 
are no foreign keys).

So adding a flag to mark as deleted is a common way of doing that.
Of course some kind of cron jobs to clean up the database with orphan 
objects would be a plus for the future but for now we will do it with 
the flag.
This is no problem to me, the only strange thing is that we continue to 
see deleted users in the Organisation object.


Thibault


Sebastian

2010/4/16 mailto:t.lem...@gmail.com>>

Hi,

When an administrator deletes a user, his entry is not deleted in
DB (marked as deleted only). I guess this is because we need to
keep track of this user's ressources on the system. Am I right ?

Is it for the same reason that the mapping between deleted users
and organizations persists after user deletion ?

Thanks in advance,
Thibault

-- 
You received this message because you are subscribed to the Google

Groups "OpenMeetings User" group.
To post to this group, send email to
openmeetings-user@googlegroups.com
.
To unsubscribe from this group, send email to
openmeetings-user+unsubscr...@googlegroups.com
.
For more options, visit this group at
http://groups.google.com/group/openmeetings-user?hl=en.




--
Sebastian Wagner
http://www.webbase-design.de
http://openmeetings.googlecode.com
http://www.laszlo-forum.de
seba.wag...@gmail.com 
--
You received this message because you are subscribed to the Google 
Groups "OpenMeetings User" group.

To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.


--
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: Deleting users

2010-04-16 Thread Sebastian Wagner

hi Thibault,

yes records are all just marked as deleted. Otherwise foreign key contraints
are violated (Except you are using MySQL MYISAM where there are no foreign
keys).
So adding a flag to mark as deleted is a common way of doing that.
Of course some kind of cron jobs to clean up the database with orphan
objects would be a plus for the future but for now we will do it with the
flag.

Sebastian

2010/4/16 

> Hi,
>
> When an administrator deletes a user, his entry is not deleted in DB
> (marked as deleted only). I guess this is because we need to keep track of
> this user's ressources on the system. Am I right ?
>
> Is it for the same reason that the mapping between deleted users and
> organizations persists after user deletion ?
>
> Thanks in advance,
> Thibault
>
> --
> You received this message because you are subscribed to the Google Groups
> "OpenMeetings User" group.
> To post to this group, send email to openmeetings-u...@googlegroups.com.
> To unsubscribe from this group, send email to
> openmeetings-user+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/openmeetings-user?hl=en.
>
>


-- 
Sebastian Wagner
http://www.webbase-design.de
http://openmeetings.googlecode.com
http://www.laszlo-forum.de
seba.wag...@gmail.com

-- 
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Deleting users

2010-04-16 Thread t . lemeur


Hi,

When an administrator deletes a user, his entry is not deleted in DB 
(marked as deleted only). I guess this is because we need to keep track 
of this user's ressources on the system. Am I right ?


Is it for the same reason that the mapping between deleted users and 
organizations persists after user deletion ?


Thanks in advance,
Thibault

--
You received this message because you are subscribed to the Google Groups 
"OpenMeetings User" group.
To post to this group, send email to openmeetings-u...@googlegroups.com.
To unsubscribe from this group, send email to 
openmeetings-user+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/openmeetings-user?hl=en.

Re: LDAP module and password recording in DB

Re: Windows 2008 or Linux?

Re: LDAP module and password recording in DB

Re: soap methodgateway or methodgateway

Re: Deleting users

Re: Deleting users

Re: Deleting users

Re: Deleting users

Deleting users

9 matches

Site Navigation

Mail list logo

Footer information