[Citadel Development] Re: LDAP / Cit-NG

2017-09-24 Thread bennabiy
Well, it is not logging anything other than what I put below, and it is NOT exiting at the point I listed below... I wonder what is going on, because looking over the code, it should be fine. I will check back in the morning. > Sun Sep 24 2017 10:05:32 PM EDT from bennabiy @ Uncensored

[Citadel Development] Re: LDAP / Cit-NG

2017-09-24 Thread bennabiy
I put some code in to see if I can log where the failure is, but to me it looks like it is returning because   if (ctdl_ldap_initialize() != LDAP_SUCCESS) { +   return; +   } and I am not seeing any of the other messages you included in that function. Recompiling and

[Citadel Development] Re: LDAP / Cit-NG

2017-09-24 Thread bennabiy
  Sep 24 21:21:14 cit citserver[50403]: ldap: populating Citadel user database from LDAP only entry I get repeating ... something is not right. and this is logged to daemon.log, not debug > Sun Sep 24 2017 05:00:58 PM EDT from IGnatius T Foobar @ Uncensored >Subject: Re: LDAP / Cit-NG >

[Citadel Development] Re: LDAP / Cit-NG

2017-09-24 Thread bennabiy
Compiling... While we are at it, can you fix the /etc/init.d/webcit file to be compliant? It is missing the init header info. ### BEGIN INIT INFO # Provides:          webcit # Required-Start:    citadel # Required-Stop:     citadel # Default-Start:     2 3 4 5 # Default-Stop:    

[Citadel Development] Re: LDAP / Cit-NG

2017-09-24 Thread IGnatius T Foobar
Ok let's do this. I've pushed the code to *scan* the LDAP server but not to do anything with the results. Please test it on a development machine only. It should basically just show the DN's of every qualifying user in the debug log once per minute. If those results look correct we'll move on

[Citadel Development] Re: LDAP / Cit-NG

2017-09-24 Thread bennabiy
inetOrgPerson is correct for POSIX, I am not sure about AD (I refuse...)    Let me know when you have the code pushed and I will recompile   > Sun Sep 24 2017 02:52:43 PM EDT from IGnatius T Foobar @ Uncensored >Subject: Re: LDAP / Cit-NG > >Ok, I'm in the code working on some

[Citadel Development] Re: LDAP / Cit-NG

2017-09-24 Thread IGnatius T Foobar
Ok, I'm in the code working on some changes now, and am going to try to shift things over from "create the account at login" to "create all accounts all the time." For the POSIX schema it looks like we have to access all accounts with "objectClass: inetOrgPerson" , and for the Active Directory

[Citadel Development] Re: LDAP / Cit-NG

2017-09-23 Thread bennabiy
That sounds good. It would be good to be able on a system set for LDAP to be able to expose the LDAP users known on the system to a list like the host based authentication does.    Thinking about what you suggest, that would allow the system to pull the latest LDAP info for that user

[Citadel Development] Re: LDAP / Cit-NG

2017-09-20 Thread IGnatius T Foobar
Ok, I think I might have a solution to that. Perhaps instead of shimming the login command for LDAP, we can move that code to the "get user" function. That would theoretically make an LDAP query work in any location where a username is entered. Gotta think this through.

[Citadel Development] Re: LDAP / Cit-NG

2017-09-17 Thread bennabiy
And the annoying thing with the current setup. If I want to send a local message to a user from LDAP, or invite them to a room, etc, I have to use what is listed under displayName. That makes for some LONG user names, even though they log in with the uid. I wish it could be choosable what gets

[Citadel Development] Re: LDAP / Cit-NG

2017-09-17 Thread bennabiy
With certain information changed, for good reason :) > > >dn: uid=bennabiy,ou=Somewhere,ou=People,dc=domain,dc=net > >objectClass: inetOrgPerson > >objectClass: posixAccount > >objectClass: shadowAccount > >cn: ben-Nabiy Derush of Somewhere > >displayName: ben-Nabiy Derush of

[Citadel Development] Re: LDAP / Cit-NG

2017-09-17 Thread IGnatius T Foobar
Would it be possible to get an LDIF export of a sample user from your directory, who has multiple email addresses? I suspect I'm not getting the format in correctly. The "cit[n]@[domain]" format is an automatically generated default address. It should get replaced by a correct address if

[Citadel Development] Re: LDAP / Cit-NG

2017-09-14 Thread bennabiy
Ok, so with an edit to my FQDN and which hosts citadel is allowed to receive mail for, it pulled in the addresses for the from box, but only the primary address is working, internet aliases are not. > Fri Sep 15 2017 01:28:50 AM EDT from bennabiy @ Uncensored Subject: Re: >LDAP / Cit-NG > >

[Citadel Development] Re: LDAP / Cit-NG

2017-09-14 Thread IGnatius T Foobar
Right. It filters for email addresses that are actually valid on the Citadel host.

[Citadel Development] Re: LDAP / Cit-NG

2017-09-14 Thread bennabiy
Valid for citadel meaning according to what is set in settings for allowed domains... > Thu Sep 14 2017 03:07:41 PM EDT from bennabiy @ Uncensored Subject: Re: >LDAP / Cit-NG > > > >And by valid, meaning valid for citadel, or valid by LDAP schema? >> Thu Sep 14 2017 10:53:45 AM EDT from

[Citadel Development] Re: LDAP / Cit-NG

2017-09-14 Thread bennabiy
And by valid, meaning valid for citadel, or valid by LDAP schema? > Thu Sep 14 2017 10:53:45 AM EDT from IGnatius T Foobar @ Uncensored >Subject: Re: LDAP / Cit-NG > >The current expected behavior is that it ought to copy all valid email >addresses from LDAP to the Citadel account at the

[Citadel Development] Re: LDAP / Cit-NG

2017-09-14 Thread IGnatius T Foobar
The current expected behavior is that it ought to copy all valid email addresses from LDAP to the Citadel account at the moment the account is created or when the user logs in.

[Citadel Development] Re: LDAP / Cit-NG

2017-09-13 Thread bennabiy
So what is the current expected behavior?  I am getting the tester up this afternoon / tomorrow. > Wed Sep 13 2017 09:41:02 AM EDT from IGnatius T Foobar @ Uncensored >Subject: Re: LDAP / Cit-NG > > >Making the Citadel system behave more seamlessly in an LDAP world is a good >idea. But

[Citadel Development] Re: LDAP / Cit-NG

2017-09-13 Thread IGnatius T Foobar
Making the Citadel system behave more seamlessly in an LDAP world is a good idea. But right now let's just test what we have :)

[Citadel Development] Re: LDAP / Cit-NG

2017-09-11 Thread bennabiy
Also, with this, LDAP is treated as second class citizen by not exposing LDAP users to be able to select them for room invites, etc. It would be good to be able to set which field is used to generate what the "local" account is. Some prefer uid (like us) and others like Full Name, some Last, First

[Citadel Development] Re: LDAP / Cit-NG

2017-09-11 Thread IGnatius T Foobar
>Site configurable, as in whether to bring in all addresses which match the >citadel configuration? I am not sure what you are thinking when you say site >configurable. As in do you copy the address at all, or at each login, etc? Yes, exactly ... I'm thinking we probably are going

[Citadel Development] Re: LDAP / Cit-NG

2017-09-11 Thread bennabiy
Will give this a spin on my test server.    Site configurable, as in whether to bring in all addresses which match the citadel configuration? I am not sure what you are thinking when you say site configurable. As in do you copy the address at all, or at each login, etc?   Also, as to

[Citadel Development] Re: LDAP / Cit-NG

2017-09-10 Thread IGnatius T Foobar
Ok, the code has been uploaded to git, to copy email addresses from LDAP to Citadel when a user logs in. Give it a try. We probably need to do a couple of other things: * Make it a site-configurable setting * Make it happen automatically/periodically instead of just when the user

[Citadel Development] Re: LDAP / Cit-NG

2017-09-10 Thread IGnatius T Foobar
Ok I guess it's legal :) I've got the code written to extract the email addresses from LDAP. Also found the place where it needs to be called. Now I just have to figure out the conditions under which it should be called. I'd like to do this with as few configuration options as possible

[Citadel Development] Re: LDAP / Cit-NG

2017-09-10 Thread IGnatius T Foobar
Multiple attributes with the same name? Is that even legal?

[Citadel Development] Re: LDAP / Cit-NG

2017-09-09 Thread bennabiy
mail = yes and it is able to have multiple entries so mail=b...@foo.net mail=bl...@foo.net etc (where there can be more than one mail field) I do not think it supports typically multiple addresses within one field so you would just need to parse as many mail fields into an array and then read them

[Citadel Development] Re: LDAP / Cit-NG

2017-09-09 Thread IGnatius T Foobar
>IG: I am using OpenLDAP with my users using the basics of >inetorgperson.schema I spent some time looking through this tonight and I want to be 100% sure that we get the right attributes. As far as I can tell, in both RFC2307 and Active Directory, the email address is stored in

[Citadel Development] Re: LDAP / Cit-NG

2017-08-29 Thread bennabiy
IG: I am using OpenLDAP with my users using the basics of inetorgperson.schema   # Schema and objectClass definitions include         /etc/ldap/schema/core.schema include         /etc/ldap/schema/cosine.schema include         /etc/ldap/schema/nis.schema include        

[Citadel Development] Re: LDAP / Cit-NG

2017-08-28 Thread IGnatius T Foobar
bennabiy: question for you! I know you're using LDAP on your system, but which LDAP server and what does the schema look like? If we're going to pull email addresses in from LDAP at account creation time, I need to know where to pull them from. I'm guessing you're using OpenLDAP or

[Citadel Development] Re: LDAP / Cit-NG

2017-08-15 Thread bennabiy
And for the aide user, the viewable flag should not apply to them. They should be able to see the list of anyone. > Tue Aug 15 2017 02:19:05 PM EDT from bennabiy @ Uncensored Subject: Re: >LDAP / Cit-NG > > > >I also forgot to post in my LDAP rant, based on the viewable flag (whether

[Citadel Development] Re: LDAP / Cit-NG

2017-08-15 Thread bennabiy
I also forgot to post in my LDAP rant, based on the viewable flag (whether someone is a hidden user or not) we need LDAP users to populate an address book list so that room permissions and such can be set from a list (like the contact list, but without having to strip out the email address part).