FusionIAM issueshttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues2024-02-12T18:13:00Zhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/60OpenLDAP LTB container : Allow the change of the root domain2024-02-12T18:13:00ZAlban Espié-GuillonOpenLDAP LTB container : Allow the change of the root domainActually, the root domain is hard coded as `dc=fusioniam,dc=org`.
We should be able to customize this value at the initialization of the OpenLDAP LTB containerActually, the root domain is hard coded as `dc=fusioniam,dc=org`.
We should be able to customize this value at the initialization of the OpenLDAP LTB containerhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/63OpenLDAP LTB: TLS setup feature2024-01-15T11:09:10ZAlban Espié-GuillonOpenLDAP LTB: TLS setup featureCurrent OpenlDAP-LTB container does not support TLS/StartTLS connections.
It would be great to be able to enable TLS and StartTLS at run. We could for example have the following variables:
- LDAP_TLS
- LDAP_TLS_PORT
- LDAP_STARTTLS
- L...Current OpenlDAP-LTB container does not support TLS/StartTLS connections.
It would be great to be able to enable TLS and StartTLS at run. We could for example have the following variables:
- LDAP_TLS
- LDAP_TLS_PORT
- LDAP_STARTTLS
- LDAP_CERTIFICATE
- LDAP_CERTIFICATE_KEY
- LDAP_CERTIFICATE_CAhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/64assert tasks failing in FD, SD and WP containers2024-01-05T18:00:17Zdcoutadeur dcoutadeurassert tasks failing in FD, SD and WP containerswith last ansible version, there is a new error:
```
TASK [Assert variables] ***************************************************************************************************************************************************************...with last ansible version, there is a new error:
```
TASK [Assert variables] **************************************************************************************************************************************************************************************************************
[WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: {{ item.value | length }} > 0
fatal: [localhost]: FAILED! => {"msg": "The conditional check '{{ item.value | length }} > 0' failed. The error was: Conditional is marked as unsafe, and cannot be evaluated."}
```
seems due to these kind of tasks in FD, SD, and WP:
```
assert:
that:
- '"{{ item.value }}" is defined'
- '{{ item.value | length }} > 0'
quiet: True
fail_msg: '{{ item.name }} is missing or empty'
loop:
- name: 'CUSTOMERID'
value: '{{ CUSTOMERID }}'
```dcoutadeur dcoutadeurdcoutadeur dcoutadeurhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/62Fusion Directory dyngroups plugin2023-11-21T10:08:44Zdcoutadeur dcoutadeurFusion Directory dyngroups pluginAdding dyngroups plugin, for managing openldap dynamic groups.Adding dyngroups plugin, for managing openldap dynamic groups.v1.0dcoutadeur dcoutadeurdcoutadeur dcoutadeurhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/61FusionDirectory Community Plugin2023-11-21T10:06:13ZAlban Espié-GuillonFusionDirectory Community PluginHello,
We would need the `fusiondirectory-plugin-community` as well for OW2, I forgot to mention it in the previous issue we had about missing plugins.
Could it be possible to add it as well ?
ThanksHello,
We would need the `fusiondirectory-plugin-community` as well for OW2, I forgot to mention it in the previous issue we had about missing plugins.
Could it be possible to add it as well ?
Thankshttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/59Fix CVE-2022-408972023-11-03T17:32:23Zdcoutadeur dcoutadeurFix CVE-2022-40897Upgrading to last releases made the FusionIAM much more secured:
- rockylinux 9
- llng 2.17.1
- Fusion Directory 1.4
- OpenLDAP 2.5
- service-desk 0.5.1
- white-pages 0.4
All critical issues have disappeared.
Only one high issue is rem...Upgrading to last releases made the FusionIAM much more secured:
- rockylinux 9
- llng 2.17.1
- Fusion Directory 1.4
- OpenLDAP 2.5
- service-desk 0.5.1
- white-pages 0.4
All critical issues have disappeared.
Only one high issue is remaining in base image: https://avd.aquasec.com/nvd/2022/cve-2022-40897/
We need to check and fix this.v1.0https://gitlab.ow2.org/fusioniam/fusioniam/-/issues/57upgrade to rockylinux 92023-11-03T16:37:59Zdcoutadeur dcoutadeurupgrade to rockylinux 9upgrade from rockylinux 8 to 9 (minimal)upgrade from rockylinux 8 to 9 (minimal)v1.0dcoutadeur dcoutadeurdcoutadeur dcoutadeurhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/55Clean Fusion Directory image2023-11-03T16:32:09Zdcoutadeur dcoutadeurClean Fusion Directory imageMultiple tasks:
- [x] Remove useless dependencies:
```
- perl-Path-Class
- perl-LDAP
- perl-MIME-Base64
- perl-Digest-SHA
- perl-Crypt-CBC
- perl-Bytes-Random-Secure
- perl-Archive-Extra...Multiple tasks:
- [x] Remove useless dependencies:
```
- perl-Path-Class
- perl-LDAP
- perl-MIME-Base64
- perl-Digest-SHA
- perl-Crypt-CBC
- perl-Bytes-Random-Secure
- perl-Archive-Extract
- perl-File-Copy-Recursive
- perl-XML-Twig
```
- ~~[ ] Use rather `fusiondirectory-plugins-manager` than the script `install-plugin.sh` (must be tested before).~~
- [x] add fusiondirectory/yaml for viewing plugins list in the interface. An example of plugin path is: `/etc/fusiondirectory/yaml/mail/description.yaml`
- [x] add missing directories to copy in install-plugin.sh: `configuration dashboard export generic reports`
- [x] add these plugins by default: ldapdump,ldapmanager,newsletter,posix
Note:
`fusiondirectory-plugins-manager` is not a fully-usable solution for FusionIAM today:
- It misses the deployment of the directories listed above in `install-plugin.sh`.
- the target `--install-plugin <plugins-directory>` is difficult to automate (need a user input of which plugin to install)
- the target `--install-plugin <plugins-directory>` must be done at image build step. But it also registers the plugin to LDAP, which must be done at container run.
- it does not seem to be tested enough:
```
php -d include_path=/usr/local/share/fusiondirectory/tools /usr/local/share/fusiondirectory/tools/fusiondirectory-plugins-manager --set-var "fd_home=/usr/local/share/fusiondirectory" --set-var "fd_config_dir=/etc/fusiondirectory" --register-plugin /usr/src/fd-plugins/audit
PHP Warning: yaml_parse_file(): parsing error encountered during parsing: did not find expected key (line 12, column 3), context while parsing a block mapping (line 1, column 1) in /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/PluginsManager.php on line 161
PHP Fatal error: Uncaught TypeError: Return value of FusionDirectory\Tools\PluginsManager::parseYamlFile() must be of the type array, bool returned in /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/PluginsManager.php:164
Stack trace:
#0 /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/PluginsManager.php(171): FusionDirectory\Tools\PluginsManager->parseYamlFile()
#1 [internal function]: FusionDirectory\Tools\PluginsManager->addPluginRecord()
#2 /usr/local/share/fusiondirectory/tools/FusionDirectory/Cli/Application.php(198): call_user_func()
#3 /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/PluginsManager.php(121): FusionDirectory\Cli\Application->runCommands()
#4 /usr/local/share/fusiondirectory/tools/fusiondirectory-plugins-manager(29): FusionDirectory\Tools\PluginsManager->run()
#5 {main}
thrown in /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/PluginsManager.php on line 164
```
description.yaml:
```
/usr/src/fd-plugins/audit/contrib/yaml/description.yaml
information:
name : audit
description : Audit plugin for FusionDirectory
version : "1.4"
authors :
- "FusionDirectory"
status : Stable
screenshotUrl:
- "%to_be_define%"
logoUrl : "https://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/raw/fusiondirectory-1.4/audit/html/themes/breezy/icons/48/apps/audit.png"
tags: ["plugin", "audit", "users", "ESR", "infra", "deploy"]
license: "GPLv2"
origin: "package"
support:
provider: fusiondirectory
homeUrl : https://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins
ticketUrl : https://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues
schemaUrl: "https://schemas.fusiondirectory.org/"
contractUrl: https://www.fusiondirectory.org/abonnements-fusiondirectory/
```
The `tags` tag needs 2 extra spaces at the beginning.
Maybe the debian package of FD 1.4 propose a better solution for plugin integration. This will be discussed in other issues.
See also: https://gitlab.ow2.org/fusioniam/fusioniam/-/issues/58v1.0dcoutadeur dcoutadeurdcoutadeur dcoutadeurhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/43Provide a unique method for launching containers2023-10-31T11:05:22Zdcoutadeur dcoutadeurProvide a unique method for launching containersCurrently, we have 3 methods for launching the containers:
- docker-compose
- manual commands described in the README
- script `start-all.sh`, `stop-all.sh`
we should have only one advised methodCurrently, we have 3 methods for launching the containers:
- docker-compose
- manual commands described in the README
- script `start-all.sh`, `stop-all.sh`
we should have only one advised methodv1.0https://gitlab.ow2.org/fusioniam/fusioniam/-/issues/56podman containers are slow to stop2023-10-30T15:39:51Zdcoutadeur dcoutadeurpodman containers are slow to stop```
make stoplemon
podman stop "fusioniam-access-manager-nginx" "fusioniam-access-manager-fastcgi-server" "fusioniam-access-manager-cron" "fusioniam-database" || echo "Lemon not started"
WARN[0010] StopSignal SIGTERM failed to stop conta...```
make stoplemon
podman stop "fusioniam-access-manager-nginx" "fusioniam-access-manager-fastcgi-server" "fusioniam-access-manager-cron" "fusioniam-database" || echo "Lemon not started"
WARN[0010] StopSignal SIGTERM failed to stop container fusioniam-access-manager-cron in 10 seconds, resorting to SIGKILL
WARN[0010] StopSignal SIGTERM failed to stop container fusioniam-access-manager-nginx in 10 seconds, resorting to SIGKILL
WARN[0010] StopSignal SIGTERM failed to stop container fusioniam-access-manager-fastcgi-server in 10 seconds, resorting to SIGKILL
fusioniam-access-manager-cron
fusioniam-database
fusioniam-access-manager-nginx
fusioniam-access-manager-fastcgi-server
```
This behavior is due to the process not being launched by a dumb-init, pid1 or tini wrapper
We must integrate this kind of mechanism.v1.0dcoutadeur dcoutadeurdcoutadeur dcoutadeurhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/53--entrypoint syntax in Makefile invalid for Docker2023-10-18T16:49:17ZAntoine Mottier--entrypoint syntax in Makefile invalid for DockerThe syntax is for example the following: `--entrypoint='["/bin/bash","/run-ct.sh","php-fpm"]'`
This syntax can be found in [Podman documentation](https://docs.podman.io/en/latest/markdown/podman-run.1.html#entrypoint-command-command-arg...The syntax is for example the following: `--entrypoint='["/bin/bash","/run-ct.sh","php-fpm"]'`
This syntax can be found in [Podman documentation](https://docs.podman.io/en/latest/markdown/podman-run.1.html#entrypoint-command-command-arg1) but not in [Docker documentation](https://docs.docker.com/engine/reference/run/#entrypoint-default-command-to-execute-at-runtime).
For Docker a valid syntax would be for example (parameters need to be at the end of the line): `docker run --entrypoint="/bin/sh" gitlab.ow2.org:4567/fusioniam/fusioniam/fusioniam-fusiondirectory:snapshot -c 'bash /run-ct.sh php-fpm'`dcoutadeur dcoutadeurdcoutadeur dcoutadeurhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/54PHP Fatal error: Uncaught FusionDirectory\\Ldap\\Exception: Invalid credenti...2023-10-17T12:08:55ZAlban Espié-GuillonPHP Fatal error: Uncaught FusionDirectory\\Ldap\\Exception: Invalid credentials (49)Following #53, I was able to run correctly the FusionDirectory php-fpm container. While starting, the container runs the script deploy-schema.sh, and it seems the script is unable to connect the ldap schemas, here is the container output...Following #53, I was able to run correctly the FusionDirectory php-fpm container. While starting, the container runs the script deploy-schema.sh, and it seems the script is unable to connect the ldap schemas, here is the container output (I let the passwords visible, there may be a bad character I didnt know about, I will change them afterwards):
```
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that
the implicit localhost does not match 'all'
PLAY [localhost] ***************************************************************
TASK [Gathering Facts] *********************************************************
ok: [localhost]
TASK [Assert variables] ********************************************************
ok: [localhost] => (item={'name': 'CUSTOMERID', 'value': 'OW2'})
ok: [localhost] => (item={'name': 'LDAP_HOST', 'value': 'fusioniam-openldap-ltb'})
ok: [localhost] => (item={'name': 'LDAP_PORT', 'value': '33389'})
ok: [localhost] => (item={'name': 'LDAP_PROTO', 'value': 'ldap'})
ok: [localhost] => (item={'name': 'LDAP_STARTTLS', 'value': 'true'})
ok: [localhost] => (item={'name': 'SSO_DOMAIN', 'value': 'sso.ow2.org'})
ok: [localhost] => (item={'name': 'VHOST_NAME', 'value': 'fusiondirectory.ow2.org'})
ok: [localhost] => (item={'name': 'FUSIONDIRECTORY_LDAP_PASSWORD', 'value': 'm8sY?v3RzQ@?Nyty'})
ok: [localhost] => (item={'name': 'FUSIONDIRECTORY_LDAP_USERNAME', 'value': 'fd-admin'})
ok: [localhost] => (item={'name': 'ACCCONFIGROOTPW', 'value': 'Hy!d32G936&bjl?AZadkfj'})
TASK [Deploy fusiondirectory.conf file] ****************************************
changed: [localhost]
TASK [Deploy vhost] ************************************************************
changed: [localhost]
TASK [Deploy / redeploy schemas] ***********************************************
failed: [localhost] (item=audit-fd-conf) => {"ansible_loop_var": "item", "changed": true, "cmd": "/deploy-schema.sh \"audit-fd-conf\"", "delta": "0:00:00.210142", "end": "2023-10-17 07:42:34.147243", "item": "audit-fd-conf", "msg": "non-zero return code", "rc": 1, "start": "2023-10-17 07:42:33.937101", "stderr": "PHP Fatal error: Uncaught FusionDirectory\\Ldap\\Exception: Invalid credentials (49) in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php:117\nStack trace:\n#0 /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Link.php(111): FusionDirectory\\Ldap\\Result->assert()\n#1 /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/InsertSchema.php(117): FusionDirectory\\Ldap\\Link->bind()\n#2 /usr/local/share/fusiondirectory/tools/fusiondirectory-schema-manager(29): FusionDirectory\\Tools\\InsertSchema->run()\n#3 {main}\n thrown in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php on line 117", "stderr_lines": ["PHP Fatal error: Uncaught FusionDirectory\\Ldap\\Exception: Invalid credentials (49) in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php:117", "Stack trace:", "#0 /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Link.php(111): FusionDirectory\\Ldap\\Result->assert()", "#1 /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/InsertSchema.php(117): FusionDirectory\\Ldap\\Link->bind()", "#2 /usr/local/share/fusiondirectory/tools/fusiondirectory-schema-manager(29): FusionDirectory\\Tools\\InsertSchema->run()", "#3 {main}", " thrown in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php on line 117"], "stdout": "Deploying schema: audit-fd-conf\nProblem while getting installed schema, aborting", "stdout_lines": ["Deploying schema: audit-fd-conf", "Problem while getting installed schema, aborting"]}
failed: [localhost] (item=audit-fd) => {"ansible_loop_var": "item", "changed": true, "cmd": "/deploy-schema.sh \"audit-fd\"", "delta": "0:00:00.248826", "end": "2023-10-17 07:42:34.703880", "item": "audit-fd", "msg": "non-zero return code", "rc": 1, "start": "2023-10-17 07:42:34.455054", "stderr": "PHP Fatal error: Uncaught FusionDirectory\\Ldap\\Exception: Invalid credentials (49) in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php:117\nStack trace:\n#0 /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Link.php(111): FusionDirectory\\Ldap\\Result->assert()\n#1 /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/InsertSchema.php(117): FusionDirectory\\Ldap\\Link->bind()\n#2 /usr/local/share/fusiondirectory/tools/fusiondirectory-schema-manager(29): FusionDirectory\\Tools\\InsertSchema->run()\n#3 {main}\n thrown in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php on line 117", "stderr_lines": ["PHP Fatal error: Uncaught FusionDirectory\\Ldap\\Exception: Invalid credentials (49) in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php:117", "Stack trace:", "#0 /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Link.php(111): FusionDirectory\\Ldap\\Result->assert()", "#1 /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/InsertSchema.php(117): FusionDirectory\\Ldap\\Link->bind()", "#2 /usr/local/share/fusiondirectory/tools/fusiondirectory-schema-manager(29): FusionDirectory\\Tools\\InsertSchema->run()", "#3 {main}", " thrown in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php on line 117"], "stdout": "Deploying schema: audit-fd\nProblem while getting installed schema, aborting", "stdout_lines": ["Deploying schema: audit-fd", "Problem while getting installed schema, aborting"]}
failed: [localhost] (item=core-fd-conf) => {"ansible_loop_var": "item", "changed": true, "cmd": "/deploy-schema.sh \"core-fd-conf\"", "delta": "0:00:00.225598", "end": "2023-10-17 07:42:35.237168", "item": "core-fd-conf", "msg": "non-zero return code", "rc": 1, "start": "2023-10-17 07:42:35.011570", "stderr": "PHP Fatal error: Uncaught FusionDirectory\\Ldap\\Exception: Invalid credentials (49) in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php:117\nStack trace:\n#0 /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Link.php(111): FusionDirectory\\Ldap\\Result->assert()\n#1 /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/InsertSchema.php(117): FusionDirectory\\Ldap\\Link->bind()\n#2 /usr/local/share/fusiondirectory/tools/fusiondirectory-schema-manager(29): FusionDirectory\\Tools\\InsertSchema->run()\n#3 {main}\n thrown in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php on line 117", "stderr_lines": ["PHP Fatal error: Uncaught FusionDirectory\\Ldap\\Exception: Invalid credentials (49) in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php:117", "Stack trace:", "#0 /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Link.php(111): FusionDirectory\\Ldap\\Result->assert()", "#1 /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/InsertSchema.php(117): FusionDirectory\\Ldap\\Link->bind()", "#2 /usr/local/share/fusiondirectory/tools/fusiondirectory-schema-manager(29): FusionDirectory\\Tools\\InsertSchema->run()", "#3 {main}", " thrown in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php on line 117"], "stdout": "Deploying schema: core-fd-conf\nProblem while getting installed schema, aborting", "stdout_lines": ["Deploying schema: core-fd-conf", "Problem while getting installed schema, aborting"]}
failed: [localhost] (item=core-fd) => {"ansible_loop_var": "item", "changed": true, "cmd": "/deploy-schema.sh \"core-fd\"", "delta": "0:00:00.236035", "end": "2023-10-17 07:42:35.789645", "item": "core-fd", "msg": "non-zero return code", "rc": 1, "start": "2023-10-17 07:42:35.553610", "stderr": "PHP Fatal error: Uncaught FusionDirectory\\Ldap\\Exception: Invalid credentials (49) in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php:117\nStack trace:\n#0 /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Link.php(111): FusionDirectory\\Ldap\\Result->assert()\n#1 /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/InsertSchema.php(117): FusionDirectory\\Ldap\\Link->bind()\n#2 /usr/local/share/fusiondirectory/tools/fusiondirectory-schema-manager(29): FusionDirectory\\Tools\\InsertSchema->run()\n#3 {main}\n thrown in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php on line 117", "stderr_lines": ["PHP Fatal error: Uncaught FusionDirectory\\Ldap\\Exception: Invalid credentials (49) in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php:117", "Stack trace:", "#0 /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Link.php(111): FusionDirectory\\Ldap\\Result->assert()", "#1 /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/InsertSchema.php(117): FusionDirectory\\Ldap\\Link->bind()", "#2 /usr/local/share/fusiondirectory/tools/fusiondirectory-schema-manager(29): FusionDirectory\\Tools\\InsertSchema->run()", "#3 {main}", " thrown in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php on line 117"], "stdout": "Deploying schema: core-fd\nProblem while getting installed schema, aborting", "stdout_lines": ["Deploying schema: core-fd", "Problem while getting installed schema, aborting"]}
[...]
PLAY RECAP *********************************************************************
localhost : ok=4 changed=2 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
```
I'm using Ansible to deploy the containers:
```yaml
- name: fusioniam-openldap-ltb
image: gitlab.ow2.org:4567/fusioniam/fusioniam/fusioniam-openldap-ltb:snapshot
hostname: fusioniam-openldap-ltb
restart_policy: unless-stopped
security_opts:
- no-new-privileges=true
networks:
- name: net-openldap
aliases:
- fusioniam-openldap-ltb
- fusioniam-openldap-ltb.{{ docker_fqdn }}
volumes:
- fusioniam-openldap-ltb-data:/usr/local/openldap/var/openldap-data
- fusioniam-openldap-ltb-ldap-config:/usr/local/openldap/etc/openldap/slapd.d
ports:
- 127.0.0.1:33389:33389
env:
CUSTOMERID: OW2
ACCCONFIGROOTPW: '{{ ldap_configrootpw }}'
ACCDATAROOTPW: '{{ ldap_datarootpw }}'
ADMIN_LDAP_PASSWORD: '{{ ldap_admin_account_pwd }}'
# Services account for ldap apps
FUSIONDIRECTORY_LDAP_PASSWORD: '{{ ldap_fusiondirectory_pwd }}'
FUSIONDIRECTORY_LDAP_USERNAME: fd-admin
LEMONLDAP2_LDAP_PASSWORD: '{{ ldap_lemonldap2_pwd }}'
LEMONLDAP2_LDAP_USERNAME: lemonldap2
LSC_LDAP_PASSWORD: '{{ ldap_lsc_pwd }}'
LSC_LDAP_USERNAME: lsc
SERVICEDESK_LDAP_PASSWORD: '{{ ldap_servicedesk_pwd }}'
SERVICEDESK_LDAP_USERNAME: servicedesk
WHITEPAGES_LDAP_PASSWORD: '{{ ldap_whitepages_pwd }}'
WHITEPAGES_LDAP_USERNAME: whitepages
- name: fusioniam-fusiondirectory-php-fpm
image: gitlab.ow2.org:4567/fusioniam/fusioniam/fusioniam-fusiondirectory:snapshot
hostname: fusioniam-fusiondirectory-php-fpm
restart_policy: unless-stopped
security_opts:
- no-new-privileges=true
entrypoint: '/bin/bash'
command: '/run-ct.sh php-fpm'
networks:
- name: net-openldap
aliases:
- fusioniam-fusiondirectory-php-fpm
- fusioniam-fusiondirectory-php-fpm.{{ docker_fqdn }}
volumes:
- fd-run:/run/php-fpm
env:
CUSTOMERID: OW2
LDAP_HOST: fusioniam-openldap-ltb
LDAP_PORT: '33389'
LDAP_PROTO: ldap
LDAP_STARTTLS: 'true'
SSO_DOMAIN: sso.ow2.org
FUSIONDIRECTORY_NAME: fusiondirectory.ow2.org
FUSIONDIRECTORY_LDAP_PASSWORD: '{{ ldap_fusiondirectory_pwd }}'
FUSIONDIRECTORY_LDAP_USERNAME: fd-admin
ACCCONFIGROOTPW: '{{ ldap_configrootpw }}'
```https://gitlab.ow2.org/fusioniam/fusioniam/-/issues/52Continuous integration of FusionIAM docker images2023-10-02T14:47:03ZAlban Espié-GuillonContinuous integration of FusionIAM docker imagesHello there.
I took a relative quick review of the project and I'm pretty happy with everything I saw. So, first of all, congrats for everything.
I definitely want to use FusionIAM to replace our current stack of slapd/FusionDirectory ...Hello there.
I took a relative quick review of the project and I'm pretty happy with everything I saw. So, first of all, congrats for everything.
I definitely want to use FusionIAM to replace our current stack of slapd/FusionDirectory at OW2, and also thinking about using FusionIAM for the others ldap stacks I'm maintaining.
Currently I see only two things missing for my use case:
- A more complete documentation as described in #50
- And more importantly, a new docker image built at each tag (and at each new commit in master would be great)
I may have understood that the 1.0.0 release was near, and I would love to help you guys speed it up, without stepping on your toes. How can I help ?v1.0https://gitlab.ow2.org/fusioniam/fusioniam/-/issues/51Remove reloadUrls and test vhosts by default2023-07-26T16:53:31Zdcoutadeur dcoutadeurRemove reloadUrls and test vhosts by defaultInitial configuration has defined reloadUrls parameter
There is also test1 + test2 vhosts and their equivalent in the SSO menu
There is no need for all these parameters, and we should remove them.Initial configuration has defined reloadUrls parameter
There is also test1 + test2 vhosts and their equivalent in the SSO menu
There is no need for all these parameters, and we should remove them.v1.0dcoutadeur dcoutadeurdcoutadeur dcoutadeurhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/45tag explicitely the version to use2023-07-26T11:43:03Zdcoutadeur dcoutadeurtag explicitely the version to useTag explicitely the version to install for:
- fusion directory
- service-desk
- white-pages
- maybe openldap-ltb?Tag explicitely the version to install for:
- fusion directory
- service-desk
- white-pages
- maybe openldap-ltb?v1.0https://gitlab.ow2.org/fusioniam/fusioniam/-/issues/41make Fusion Directory deploy / update his own schema when starting2023-07-26T11:43:03Zdcoutadeur dcoutadeurmake Fusion Directory deploy / update his own schema when startingWhen there are schema updates, we should be able to deploy automatically new schemas at fusiondirectory startup.When there are schema updates, we should be able to deploy automatically new schemas at fusiondirectory startup.v1.0https://gitlab.ow2.org/fusioniam/fusioniam/-/issues/23error raised in FD logs for supann plugin2023-07-26T11:43:02Zdcoutadeur dcoutadeurerror raised in FD logs for supann plugin
Supann plugin raises some errors in the logs
```
Jun 2 12:47:57 a82da6171fb2 php: FusionDirectory [fusioniam-admin]: (error) /usr/local/share/fusiondirectory/plugins/admin/supannStructures/class_supann.inc of type php : Type:2, Messag...
Supann plugin raises some errors in the logs
```
Jun 2 12:47:57 a82da6171fb2 php: FusionDirectory [fusioniam-admin]: (error) /usr/local/share/fusiondirectory/plugins/admin/supannStructures/class_supann.inc of type php : Type:2, Message:readdir() expects parameter 1 to be resource, bool given, File:/usr/local/share/fusiondirectory/plugins/admin/supannStructures/class_supann.inc, Line: 31
Jun 2 12:45:21 a82da6171fb2 php: FusionDirectory [fusioniam-admin]: (error) /usr/local/share/fusiondirectory/plugins/admin/supannStructures/class_supann.inc of type php : Type:2, Message:closedir() expects parameter 1 to be resource, bool given, File:/usr/local/share/fusiondirectory/plugins/admin/supannStructures/class_supann.inc, Line: 37
Jun 2 12:45:21 a82da6171fb2 php: FusionDirectory [fusioniam-admin]: (error) /usr/local/share/fusiondirectory/plugins/admin/supannStructures/class_supann.inc of type php : Type:2, Message:Use of undefined constant SUPANN_DIR - assumed 'SUPANN_DIR' (this will throw an Error in a future version of PHP), File:/usr/local/share/fusiondirectory/plugins/admin/supannStructures/class_supann.inc, Line: 49
```
Seems there is no impact in the web interfacedcoutadeur dcoutadeurdcoutadeur dcoutadeurhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/47modify docker-compose for running as non-privileged user2023-07-25T17:23:13Zdcoutadeur dcoutadeurmodify docker-compose for running as non-privileged userRunning container as root leads to many issues, among which permissions issues on some files, logs not redirected to correct place,...
We need to fix this by running containers as a non-privileged user.
For example:
```
diff --git a/do...Running container as root leads to many issues, among which permissions issues on some files, logs not redirected to correct place,...
We need to fix this by running containers as a non-privileged user.
For example:
```
diff --git a/docker-compose.yml b/docker-compose.yml
index 2d29def..d2700e4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -29,6 +29,7 @@ services:
depends_on:
- fusioniam-directory-server
entrypoint: [ "/bin/bash","/run-ct.sh","php-fpm" ]
+ user: ${CURRENT_UID}
# WP nginx
fusioniam-white-pages-nginx:
```
and then, run docker-compose with appropriate variable:
```
CURRENT_UID="$(id -u):$(id -g)" docker-compose up -d
```
This also require to mount all necessary volumesv1.0dcoutadeur dcoutadeurdcoutadeur dcoutadeurhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/49upgrade to openldap 2.52023-07-25T13:13:13Zdcoutadeur dcoutadeurupgrade to openldap 2.5v1.0dcoutadeur dcoutadeurdcoutadeur dcoutadeurhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/46enable audit log feature in service-desk2023-07-24T12:21:38Zdcoutadeur dcoutadeurenable audit log feature in service-desksee: https://service-desk.readthedocs.io/en/stable/audit.htmlsee: https://service-desk.readthedocs.io/en/stable/audit.htmlv1.0dcoutadeur dcoutadeurdcoutadeur dcoutadeur