FusionIAM issueshttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues2019-11-04T22:03:30Zhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/8update the ssl certificate2019-11-04T22:03:30ZBenoit Mortierupdate the ssl certificateHello @clement_oudot,
i just renewed the ssl certificate and installed them
CheersHello @clement_oudot,
i just renewed the ssl certificate and installed them
CheersBenoit MortierBenoit Mortier2019-11-04https://gitlab.ow2.org/fusioniam/fusioniam/-/issues/55Clean Fusion Directory image2023-11-03T16:32:09Zdcoutadeur dcoutadeurClean Fusion Directory imageMultiple tasks:
- [x] Remove useless dependencies:
```
- perl-Path-Class
- perl-LDAP
- perl-MIME-Base64
- perl-Digest-SHA
- perl-Crypt-CBC
- perl-Bytes-Random-Secure
- perl-Archive-Extra...Multiple tasks:
- [x] Remove useless dependencies:
```
- perl-Path-Class
- perl-LDAP
- perl-MIME-Base64
- perl-Digest-SHA
- perl-Crypt-CBC
- perl-Bytes-Random-Secure
- perl-Archive-Extract
- perl-File-Copy-Recursive
- perl-XML-Twig
```
- ~~[ ] Use rather `fusiondirectory-plugins-manager` than the script `install-plugin.sh` (must be tested before).~~
- [x] add fusiondirectory/yaml for viewing plugins list in the interface. An example of plugin path is: `/etc/fusiondirectory/yaml/mail/description.yaml`
- [x] add missing directories to copy in install-plugin.sh: `configuration dashboard export generic reports`
- [x] add these plugins by default: ldapdump,ldapmanager,newsletter,posix
Note:
`fusiondirectory-plugins-manager` is not a fully-usable solution for FusionIAM today:
- It misses the deployment of the directories listed above in `install-plugin.sh`.
- the target `--install-plugin <plugins-directory>` is difficult to automate (need a user input of which plugin to install)
- the target `--install-plugin <plugins-directory>` must be done at image build step. But it also registers the plugin to LDAP, which must be done at container run.
- it does not seem to be tested enough:
```
php -d include_path=/usr/local/share/fusiondirectory/tools /usr/local/share/fusiondirectory/tools/fusiondirectory-plugins-manager --set-var "fd_home=/usr/local/share/fusiondirectory" --set-var "fd_config_dir=/etc/fusiondirectory" --register-plugin /usr/src/fd-plugins/audit
PHP Warning: yaml_parse_file(): parsing error encountered during parsing: did not find expected key (line 12, column 3), context while parsing a block mapping (line 1, column 1) in /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/PluginsManager.php on line 161
PHP Fatal error: Uncaught TypeError: Return value of FusionDirectory\Tools\PluginsManager::parseYamlFile() must be of the type array, bool returned in /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/PluginsManager.php:164
Stack trace:
#0 /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/PluginsManager.php(171): FusionDirectory\Tools\PluginsManager->parseYamlFile()
#1 [internal function]: FusionDirectory\Tools\PluginsManager->addPluginRecord()
#2 /usr/local/share/fusiondirectory/tools/FusionDirectory/Cli/Application.php(198): call_user_func()
#3 /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/PluginsManager.php(121): FusionDirectory\Cli\Application->runCommands()
#4 /usr/local/share/fusiondirectory/tools/fusiondirectory-plugins-manager(29): FusionDirectory\Tools\PluginsManager->run()
#5 {main}
thrown in /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/PluginsManager.php on line 164
```
description.yaml:
```
/usr/src/fd-plugins/audit/contrib/yaml/description.yaml
information:
name : audit
description : Audit plugin for FusionDirectory
version : "1.4"
authors :
- "FusionDirectory"
status : Stable
screenshotUrl:
- "%to_be_define%"
logoUrl : "https://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/raw/fusiondirectory-1.4/audit/html/themes/breezy/icons/48/apps/audit.png"
tags: ["plugin", "audit", "users", "ESR", "infra", "deploy"]
license: "GPLv2"
origin: "package"
support:
provider: fusiondirectory
homeUrl : https://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins
ticketUrl : https://gitlab.fusiondirectory.org/fusiondirectory/fd-plugins/-/issues
schemaUrl: "https://schemas.fusiondirectory.org/"
contractUrl: https://www.fusiondirectory.org/abonnements-fusiondirectory/
```
The `tags` tag needs 2 extra spaces at the beginning.
Maybe the debian package of FD 1.4 propose a better solution for plugin integration. This will be discussed in other issues.
See also: https://gitlab.ow2.org/fusioniam/fusioniam/-/issues/58v1.0dcoutadeur dcoutadeurdcoutadeur dcoutadeurhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/52Continuous integration of FusionIAM docker images2023-10-02T14:47:03ZAlban Espié-GuillonContinuous integration of FusionIAM docker imagesHello there.
I took a relative quick review of the project and I'm pretty happy with everything I saw. So, first of all, congrats for everything.
I definitely want to use FusionIAM to replace our current stack of slapd/FusionDirectory ...Hello there.
I took a relative quick review of the project and I'm pretty happy with everything I saw. So, first of all, congrats for everything.
I definitely want to use FusionIAM to replace our current stack of slapd/FusionDirectory at OW2, and also thinking about using FusionIAM for the others ldap stacks I'm maintaining.
Currently I see only two things missing for my use case:
- A more complete documentation as described in #50
- And more importantly, a new docker image built at each tag (and at each new commit in master would be great)
I may have understood that the 1.0.0 release was near, and I would love to help you guys speed it up, without stepping on your toes. How can I help ?v1.0https://gitlab.ow2.org/fusioniam/fusioniam/-/issues/31Keep same logout behavior between all components2023-06-07T14:21:11ZClément OUDOTKeep same logout behavior between all componentsCurrently, logout from FD is doing a SSO logout, and logout from WP and SD return on portal menu.
I propose to return on portal menu for each component.Currently, logout from FD is doing a SSO logout, and logout from WP and SD return on portal menu.
I propose to return on portal menu for each component.v1.0Clément OUDOTClément OUDOThttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/64assert tasks failing in FD, SD and WP containers2024-01-05T18:00:17Zdcoutadeur dcoutadeurassert tasks failing in FD, SD and WP containerswith last ansible version, there is a new error:
```
TASK [Assert variables] ***************************************************************************************************************************************************************...with last ansible version, there is a new error:
```
TASK [Assert variables] **************************************************************************************************************************************************************************************************************
[WARNING]: conditional statements should not include jinja2 templating delimiters such as {{ }} or {% %}. Found: {{ item.value | length }} > 0
fatal: [localhost]: FAILED! => {"msg": "The conditional check '{{ item.value | length }} > 0' failed. The error was: Conditional is marked as unsafe, and cannot be evaluated."}
```
seems due to these kind of tasks in FD, SD, and WP:
```
assert:
that:
- '"{{ item.value }}" is defined'
- '{{ item.value | length }} > 0'
quiet: True
fail_msg: '{{ item.name }} is missing or empty'
loop:
- name: 'CUSTOMERID'
value: '{{ CUSTOMERID }}'
```dcoutadeur dcoutadeurdcoutadeur dcoutadeurhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/63OpenLDAP LTB: TLS setup feature2024-01-15T11:09:10ZAlban Espié-GuillonOpenLDAP LTB: TLS setup featureCurrent OpenlDAP-LTB container does not support TLS/StartTLS connections.
It would be great to be able to enable TLS and StartTLS at run. We could for example have the following variables:
- LDAP_TLS
- LDAP_TLS_PORT
- LDAP_STARTTLS
- L...Current OpenlDAP-LTB container does not support TLS/StartTLS connections.
It would be great to be able to enable TLS and StartTLS at run. We could for example have the following variables:
- LDAP_TLS
- LDAP_TLS_PORT
- LDAP_STARTTLS
- LDAP_CERTIFICATE
- LDAP_CERTIFICATE_KEY
- LDAP_CERTIFICATE_CAhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/62Fusion Directory dyngroups plugin2023-11-21T10:08:44Zdcoutadeur dcoutadeurFusion Directory dyngroups pluginAdding dyngroups plugin, for managing openldap dynamic groups.Adding dyngroups plugin, for managing openldap dynamic groups.v1.0dcoutadeur dcoutadeurdcoutadeur dcoutadeurhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/61FusionDirectory Community Plugin2023-11-21T10:06:13ZAlban Espié-GuillonFusionDirectory Community PluginHello,
We would need the `fusiondirectory-plugin-community` as well for OW2, I forgot to mention it in the previous issue we had about missing plugins.
Could it be possible to add it as well ?
ThanksHello,
We would need the `fusiondirectory-plugin-community` as well for OW2, I forgot to mention it in the previous issue we had about missing plugins.
Could it be possible to add it as well ?
Thankshttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/60OpenLDAP LTB container : Allow the change of the root domain2024-02-12T18:13:00ZAlban Espié-GuillonOpenLDAP LTB container : Allow the change of the root domainActually, the root domain is hard coded as `dc=fusioniam,dc=org`.
We should be able to customize this value at the initialization of the OpenLDAP LTB containerActually, the root domain is hard coded as `dc=fusioniam,dc=org`.
We should be able to customize this value at the initialization of the OpenLDAP LTB containerhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/59Fix CVE-2022-408972023-11-03T17:32:23Zdcoutadeur dcoutadeurFix CVE-2022-40897Upgrading to last releases made the FusionIAM much more secured:
- rockylinux 9
- llng 2.17.1
- Fusion Directory 1.4
- OpenLDAP 2.5
- service-desk 0.5.1
- white-pages 0.4
All critical issues have disappeared.
Only one high issue is rem...Upgrading to last releases made the FusionIAM much more secured:
- rockylinux 9
- llng 2.17.1
- Fusion Directory 1.4
- OpenLDAP 2.5
- service-desk 0.5.1
- white-pages 0.4
All critical issues have disappeared.
Only one high issue is remaining in base image: https://avd.aquasec.com/nvd/2022/cve-2022-40897/
We need to check and fix this.v1.0https://gitlab.ow2.org/fusioniam/fusioniam/-/issues/57upgrade to rockylinux 92023-11-03T16:37:59Zdcoutadeur dcoutadeurupgrade to rockylinux 9upgrade from rockylinux 8 to 9 (minimal)upgrade from rockylinux 8 to 9 (minimal)v1.0dcoutadeur dcoutadeurdcoutadeur dcoutadeurhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/56podman containers are slow to stop2023-10-30T15:39:51Zdcoutadeur dcoutadeurpodman containers are slow to stop```
make stoplemon
podman stop "fusioniam-access-manager-nginx" "fusioniam-access-manager-fastcgi-server" "fusioniam-access-manager-cron" "fusioniam-database" || echo "Lemon not started"
WARN[0010] StopSignal SIGTERM failed to stop conta...```
make stoplemon
podman stop "fusioniam-access-manager-nginx" "fusioniam-access-manager-fastcgi-server" "fusioniam-access-manager-cron" "fusioniam-database" || echo "Lemon not started"
WARN[0010] StopSignal SIGTERM failed to stop container fusioniam-access-manager-cron in 10 seconds, resorting to SIGKILL
WARN[0010] StopSignal SIGTERM failed to stop container fusioniam-access-manager-nginx in 10 seconds, resorting to SIGKILL
WARN[0010] StopSignal SIGTERM failed to stop container fusioniam-access-manager-fastcgi-server in 10 seconds, resorting to SIGKILL
fusioniam-access-manager-cron
fusioniam-database
fusioniam-access-manager-nginx
fusioniam-access-manager-fastcgi-server
```
This behavior is due to the process not being launched by a dumb-init, pid1 or tini wrapper
We must integrate this kind of mechanism.v1.0dcoutadeur dcoutadeurdcoutadeur dcoutadeurhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/54PHP Fatal error: Uncaught FusionDirectory\\Ldap\\Exception: Invalid credenti...2023-10-17T12:08:55ZAlban Espié-GuillonPHP Fatal error: Uncaught FusionDirectory\\Ldap\\Exception: Invalid credentials (49)Following #53, I was able to run correctly the FusionDirectory php-fpm container. While starting, the container runs the script deploy-schema.sh, and it seems the script is unable to connect the ldap schemas, here is the container output...Following #53, I was able to run correctly the FusionDirectory php-fpm container. While starting, the container runs the script deploy-schema.sh, and it seems the script is unable to connect the ldap schemas, here is the container output (I let the passwords visible, there may be a bad character I didnt know about, I will change them afterwards):
```
[WARNING]: No inventory was parsed, only implicit localhost is available
[WARNING]: provided hosts list is empty, only localhost is available. Note that
the implicit localhost does not match 'all'
PLAY [localhost] ***************************************************************
TASK [Gathering Facts] *********************************************************
ok: [localhost]
TASK [Assert variables] ********************************************************
ok: [localhost] => (item={'name': 'CUSTOMERID', 'value': 'OW2'})
ok: [localhost] => (item={'name': 'LDAP_HOST', 'value': 'fusioniam-openldap-ltb'})
ok: [localhost] => (item={'name': 'LDAP_PORT', 'value': '33389'})
ok: [localhost] => (item={'name': 'LDAP_PROTO', 'value': 'ldap'})
ok: [localhost] => (item={'name': 'LDAP_STARTTLS', 'value': 'true'})
ok: [localhost] => (item={'name': 'SSO_DOMAIN', 'value': 'sso.ow2.org'})
ok: [localhost] => (item={'name': 'VHOST_NAME', 'value': 'fusiondirectory.ow2.org'})
ok: [localhost] => (item={'name': 'FUSIONDIRECTORY_LDAP_PASSWORD', 'value': 'm8sY?v3RzQ@?Nyty'})
ok: [localhost] => (item={'name': 'FUSIONDIRECTORY_LDAP_USERNAME', 'value': 'fd-admin'})
ok: [localhost] => (item={'name': 'ACCCONFIGROOTPW', 'value': 'Hy!d32G936&bjl?AZadkfj'})
TASK [Deploy fusiondirectory.conf file] ****************************************
changed: [localhost]
TASK [Deploy vhost] ************************************************************
changed: [localhost]
TASK [Deploy / redeploy schemas] ***********************************************
failed: [localhost] (item=audit-fd-conf) => {"ansible_loop_var": "item", "changed": true, "cmd": "/deploy-schema.sh \"audit-fd-conf\"", "delta": "0:00:00.210142", "end": "2023-10-17 07:42:34.147243", "item": "audit-fd-conf", "msg": "non-zero return code", "rc": 1, "start": "2023-10-17 07:42:33.937101", "stderr": "PHP Fatal error: Uncaught FusionDirectory\\Ldap\\Exception: Invalid credentials (49) in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php:117\nStack trace:\n#0 /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Link.php(111): FusionDirectory\\Ldap\\Result->assert()\n#1 /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/InsertSchema.php(117): FusionDirectory\\Ldap\\Link->bind()\n#2 /usr/local/share/fusiondirectory/tools/fusiondirectory-schema-manager(29): FusionDirectory\\Tools\\InsertSchema->run()\n#3 {main}\n thrown in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php on line 117", "stderr_lines": ["PHP Fatal error: Uncaught FusionDirectory\\Ldap\\Exception: Invalid credentials (49) in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php:117", "Stack trace:", "#0 /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Link.php(111): FusionDirectory\\Ldap\\Result->assert()", "#1 /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/InsertSchema.php(117): FusionDirectory\\Ldap\\Link->bind()", "#2 /usr/local/share/fusiondirectory/tools/fusiondirectory-schema-manager(29): FusionDirectory\\Tools\\InsertSchema->run()", "#3 {main}", " thrown in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php on line 117"], "stdout": "Deploying schema: audit-fd-conf\nProblem while getting installed schema, aborting", "stdout_lines": ["Deploying schema: audit-fd-conf", "Problem while getting installed schema, aborting"]}
failed: [localhost] (item=audit-fd) => {"ansible_loop_var": "item", "changed": true, "cmd": "/deploy-schema.sh \"audit-fd\"", "delta": "0:00:00.248826", "end": "2023-10-17 07:42:34.703880", "item": "audit-fd", "msg": "non-zero return code", "rc": 1, "start": "2023-10-17 07:42:34.455054", "stderr": "PHP Fatal error: Uncaught FusionDirectory\\Ldap\\Exception: Invalid credentials (49) in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php:117\nStack trace:\n#0 /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Link.php(111): FusionDirectory\\Ldap\\Result->assert()\n#1 /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/InsertSchema.php(117): FusionDirectory\\Ldap\\Link->bind()\n#2 /usr/local/share/fusiondirectory/tools/fusiondirectory-schema-manager(29): FusionDirectory\\Tools\\InsertSchema->run()\n#3 {main}\n thrown in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php on line 117", "stderr_lines": ["PHP Fatal error: Uncaught FusionDirectory\\Ldap\\Exception: Invalid credentials (49) in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php:117", "Stack trace:", "#0 /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Link.php(111): FusionDirectory\\Ldap\\Result->assert()", "#1 /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/InsertSchema.php(117): FusionDirectory\\Ldap\\Link->bind()", "#2 /usr/local/share/fusiondirectory/tools/fusiondirectory-schema-manager(29): FusionDirectory\\Tools\\InsertSchema->run()", "#3 {main}", " thrown in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php on line 117"], "stdout": "Deploying schema: audit-fd\nProblem while getting installed schema, aborting", "stdout_lines": ["Deploying schema: audit-fd", "Problem while getting installed schema, aborting"]}
failed: [localhost] (item=core-fd-conf) => {"ansible_loop_var": "item", "changed": true, "cmd": "/deploy-schema.sh \"core-fd-conf\"", "delta": "0:00:00.225598", "end": "2023-10-17 07:42:35.237168", "item": "core-fd-conf", "msg": "non-zero return code", "rc": 1, "start": "2023-10-17 07:42:35.011570", "stderr": "PHP Fatal error: Uncaught FusionDirectory\\Ldap\\Exception: Invalid credentials (49) in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php:117\nStack trace:\n#0 /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Link.php(111): FusionDirectory\\Ldap\\Result->assert()\n#1 /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/InsertSchema.php(117): FusionDirectory\\Ldap\\Link->bind()\n#2 /usr/local/share/fusiondirectory/tools/fusiondirectory-schema-manager(29): FusionDirectory\\Tools\\InsertSchema->run()\n#3 {main}\n thrown in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php on line 117", "stderr_lines": ["PHP Fatal error: Uncaught FusionDirectory\\Ldap\\Exception: Invalid credentials (49) in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php:117", "Stack trace:", "#0 /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Link.php(111): FusionDirectory\\Ldap\\Result->assert()", "#1 /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/InsertSchema.php(117): FusionDirectory\\Ldap\\Link->bind()", "#2 /usr/local/share/fusiondirectory/tools/fusiondirectory-schema-manager(29): FusionDirectory\\Tools\\InsertSchema->run()", "#3 {main}", " thrown in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php on line 117"], "stdout": "Deploying schema: core-fd-conf\nProblem while getting installed schema, aborting", "stdout_lines": ["Deploying schema: core-fd-conf", "Problem while getting installed schema, aborting"]}
failed: [localhost] (item=core-fd) => {"ansible_loop_var": "item", "changed": true, "cmd": "/deploy-schema.sh \"core-fd\"", "delta": "0:00:00.236035", "end": "2023-10-17 07:42:35.789645", "item": "core-fd", "msg": "non-zero return code", "rc": 1, "start": "2023-10-17 07:42:35.553610", "stderr": "PHP Fatal error: Uncaught FusionDirectory\\Ldap\\Exception: Invalid credentials (49) in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php:117\nStack trace:\n#0 /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Link.php(111): FusionDirectory\\Ldap\\Result->assert()\n#1 /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/InsertSchema.php(117): FusionDirectory\\Ldap\\Link->bind()\n#2 /usr/local/share/fusiondirectory/tools/fusiondirectory-schema-manager(29): FusionDirectory\\Tools\\InsertSchema->run()\n#3 {main}\n thrown in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php on line 117", "stderr_lines": ["PHP Fatal error: Uncaught FusionDirectory\\Ldap\\Exception: Invalid credentials (49) in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php:117", "Stack trace:", "#0 /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Link.php(111): FusionDirectory\\Ldap\\Result->assert()", "#1 /usr/local/share/fusiondirectory/tools/FusionDirectory/Tools/InsertSchema.php(117): FusionDirectory\\Ldap\\Link->bind()", "#2 /usr/local/share/fusiondirectory/tools/fusiondirectory-schema-manager(29): FusionDirectory\\Tools\\InsertSchema->run()", "#3 {main}", " thrown in /usr/local/share/fusiondirectory/tools/FusionDirectory/Ldap/Result.php on line 117"], "stdout": "Deploying schema: core-fd\nProblem while getting installed schema, aborting", "stdout_lines": ["Deploying schema: core-fd", "Problem while getting installed schema, aborting"]}
[...]
PLAY RECAP *********************************************************************
localhost : ok=4 changed=2 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
```
I'm using Ansible to deploy the containers:
```yaml
- name: fusioniam-openldap-ltb
image: gitlab.ow2.org:4567/fusioniam/fusioniam/fusioniam-openldap-ltb:snapshot
hostname: fusioniam-openldap-ltb
restart_policy: unless-stopped
security_opts:
- no-new-privileges=true
networks:
- name: net-openldap
aliases:
- fusioniam-openldap-ltb
- fusioniam-openldap-ltb.{{ docker_fqdn }}
volumes:
- fusioniam-openldap-ltb-data:/usr/local/openldap/var/openldap-data
- fusioniam-openldap-ltb-ldap-config:/usr/local/openldap/etc/openldap/slapd.d
ports:
- 127.0.0.1:33389:33389
env:
CUSTOMERID: OW2
ACCCONFIGROOTPW: '{{ ldap_configrootpw }}'
ACCDATAROOTPW: '{{ ldap_datarootpw }}'
ADMIN_LDAP_PASSWORD: '{{ ldap_admin_account_pwd }}'
# Services account for ldap apps
FUSIONDIRECTORY_LDAP_PASSWORD: '{{ ldap_fusiondirectory_pwd }}'
FUSIONDIRECTORY_LDAP_USERNAME: fd-admin
LEMONLDAP2_LDAP_PASSWORD: '{{ ldap_lemonldap2_pwd }}'
LEMONLDAP2_LDAP_USERNAME: lemonldap2
LSC_LDAP_PASSWORD: '{{ ldap_lsc_pwd }}'
LSC_LDAP_USERNAME: lsc
SERVICEDESK_LDAP_PASSWORD: '{{ ldap_servicedesk_pwd }}'
SERVICEDESK_LDAP_USERNAME: servicedesk
WHITEPAGES_LDAP_PASSWORD: '{{ ldap_whitepages_pwd }}'
WHITEPAGES_LDAP_USERNAME: whitepages
- name: fusioniam-fusiondirectory-php-fpm
image: gitlab.ow2.org:4567/fusioniam/fusioniam/fusioniam-fusiondirectory:snapshot
hostname: fusioniam-fusiondirectory-php-fpm
restart_policy: unless-stopped
security_opts:
- no-new-privileges=true
entrypoint: '/bin/bash'
command: '/run-ct.sh php-fpm'
networks:
- name: net-openldap
aliases:
- fusioniam-fusiondirectory-php-fpm
- fusioniam-fusiondirectory-php-fpm.{{ docker_fqdn }}
volumes:
- fd-run:/run/php-fpm
env:
CUSTOMERID: OW2
LDAP_HOST: fusioniam-openldap-ltb
LDAP_PORT: '33389'
LDAP_PROTO: ldap
LDAP_STARTTLS: 'true'
SSO_DOMAIN: sso.ow2.org
FUSIONDIRECTORY_NAME: fusiondirectory.ow2.org
FUSIONDIRECTORY_LDAP_PASSWORD: '{{ ldap_fusiondirectory_pwd }}'
FUSIONDIRECTORY_LDAP_USERNAME: fd-admin
ACCCONFIGROOTPW: '{{ ldap_configrootpw }}'
```https://gitlab.ow2.org/fusioniam/fusioniam/-/issues/53--entrypoint syntax in Makefile invalid for Docker2023-10-18T16:49:17ZAntoine Mottier--entrypoint syntax in Makefile invalid for DockerThe syntax is for example the following: `--entrypoint='["/bin/bash","/run-ct.sh","php-fpm"]'`
This syntax can be found in [Podman documentation](https://docs.podman.io/en/latest/markdown/podman-run.1.html#entrypoint-command-command-arg...The syntax is for example the following: `--entrypoint='["/bin/bash","/run-ct.sh","php-fpm"]'`
This syntax can be found in [Podman documentation](https://docs.podman.io/en/latest/markdown/podman-run.1.html#entrypoint-command-command-arg1) but not in [Docker documentation](https://docs.docker.com/engine/reference/run/#entrypoint-default-command-to-execute-at-runtime).
For Docker a valid syntax would be for example (parameters need to be at the end of the line): `docker run --entrypoint="/bin/sh" gitlab.ow2.org:4567/fusioniam/fusioniam/fusioniam-fusiondirectory:snapshot -c 'bash /run-ct.sh php-fpm'`dcoutadeur dcoutadeurdcoutadeur dcoutadeurhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/51Remove reloadUrls and test vhosts by default2023-07-26T16:53:31Zdcoutadeur dcoutadeurRemove reloadUrls and test vhosts by defaultInitial configuration has defined reloadUrls parameter
There is also test1 + test2 vhosts and their equivalent in the SSO menu
There is no need for all these parameters, and we should remove them.Initial configuration has defined reloadUrls parameter
There is also test1 + test2 vhosts and their equivalent in the SSO menu
There is no need for all these parameters, and we should remove them.v1.0dcoutadeur dcoutadeurdcoutadeur dcoutadeurhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/49upgrade to openldap 2.52023-07-25T13:13:13Zdcoutadeur dcoutadeurupgrade to openldap 2.5v1.0dcoutadeur dcoutadeurdcoutadeur dcoutadeurhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/47modify docker-compose for running as non-privileged user2023-07-25T17:23:13Zdcoutadeur dcoutadeurmodify docker-compose for running as non-privileged userRunning container as root leads to many issues, among which permissions issues on some files, logs not redirected to correct place,...
We need to fix this by running containers as a non-privileged user.
For example:
```
diff --git a/do...Running container as root leads to many issues, among which permissions issues on some files, logs not redirected to correct place,...
We need to fix this by running containers as a non-privileged user.
For example:
```
diff --git a/docker-compose.yml b/docker-compose.yml
index 2d29def..d2700e4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -29,6 +29,7 @@ services:
depends_on:
- fusioniam-directory-server
entrypoint: [ "/bin/bash","/run-ct.sh","php-fpm" ]
+ user: ${CURRENT_UID}
# WP nginx
fusioniam-white-pages-nginx:
```
and then, run docker-compose with appropriate variable:
```
CURRENT_UID="$(id -u):$(id -g)" docker-compose up -d
```
This also require to mount all necessary volumesv1.0dcoutadeur dcoutadeurdcoutadeur dcoutadeurhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/46enable audit log feature in service-desk2023-07-24T12:21:38Zdcoutadeur dcoutadeurenable audit log feature in service-desksee: https://service-desk.readthedocs.io/en/stable/audit.htmlsee: https://service-desk.readthedocs.io/en/stable/audit.htmlv1.0dcoutadeur dcoutadeurdcoutadeur dcoutadeurhttps://gitlab.ow2.org/fusioniam/fusioniam/-/issues/45tag explicitely the version to use2023-07-26T11:43:03Zdcoutadeur dcoutadeurtag explicitely the version to useTag explicitely the version to install for:
- fusion directory
- service-desk
- white-pages
- maybe openldap-ltb?Tag explicitely the version to install for:
- fusion directory
- service-desk
- white-pages
- maybe openldap-ltb?v1.0https://gitlab.ow2.org/fusioniam/fusioniam/-/issues/43Provide a unique method for launching containers2023-10-31T11:05:22Zdcoutadeur dcoutadeurProvide a unique method for launching containersCurrently, we have 3 methods for launching the containers:
- docker-compose
- manual commands described in the README
- script `start-all.sh`, `stop-all.sh`
we should have only one advised methodCurrently, we have 3 methods for launching the containers:
- docker-compose
- manual commands described in the README
- script `start-all.sh`, `stop-all.sh`
we should have only one advised methodv1.0