lam-public Mailing List for LDAP Account Manager (Page 2)
Brought to you by:
gruberroland
You can subscribe to this list here.
2003 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
(7) |
Aug
(4) |
Sep
(17) |
Oct
(25) |
Nov
(51) |
Dec
(12) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2004 |
Jan
(32) |
Feb
(20) |
Mar
(26) |
Apr
(29) |
May
(17) |
Jun
(34) |
Jul
(11) |
Aug
(22) |
Sep
(22) |
Oct
(20) |
Nov
(34) |
Dec
(7) |
2005 |
Jan
(25) |
Feb
(18) |
Mar
(14) |
Apr
(3) |
May
(20) |
Jun
(14) |
Jul
(38) |
Aug
(70) |
Sep
(101) |
Oct
(42) |
Nov
(63) |
Dec
(43) |
2006 |
Jan
(46) |
Feb
(87) |
Mar
(36) |
Apr
(38) |
May
(77) |
Jun
(48) |
Jul
(19) |
Aug
(24) |
Sep
(43) |
Oct
(25) |
Nov
(18) |
Dec
(9) |
2007 |
Jan
(38) |
Feb
(7) |
Mar
(7) |
Apr
(6) |
May
(7) |
Jun
(20) |
Jul
(18) |
Aug
(32) |
Sep
(21) |
Oct
(21) |
Nov
(14) |
Dec
(25) |
2008 |
Jan
(16) |
Feb
(21) |
Mar
(13) |
Apr
(12) |
May
(31) |
Jun
(4) |
Jul
(20) |
Aug
(33) |
Sep
(7) |
Oct
(4) |
Nov
(5) |
Dec
(18) |
2009 |
Jan
(6) |
Feb
(21) |
Mar
(4) |
Apr
(24) |
May
(14) |
Jun
(11) |
Jul
(12) |
Aug
(3) |
Sep
(21) |
Oct
(26) |
Nov
(22) |
Dec
(28) |
2010 |
Jan
(10) |
Feb
(25) |
Mar
(21) |
Apr
(5) |
May
(12) |
Jun
(16) |
Jul
(22) |
Aug
(22) |
Sep
(29) |
Oct
(11) |
Nov
(8) |
Dec
(7) |
2011 |
Jan
(32) |
Feb
(23) |
Mar
(20) |
Apr
(16) |
May
(36) |
Jun
(2) |
Jul
(28) |
Aug
(7) |
Sep
(26) |
Oct
(5) |
Nov
(25) |
Dec
(15) |
2012 |
Jan
(30) |
Feb
(30) |
Mar
(20) |
Apr
(15) |
May
(44) |
Jun
(33) |
Jul
(17) |
Aug
(12) |
Sep
(12) |
Oct
(12) |
Nov
(8) |
Dec
(23) |
2013 |
Jan
(31) |
Feb
(11) |
Mar
(13) |
Apr
(14) |
May
(14) |
Jun
(19) |
Jul
(22) |
Aug
(4) |
Sep
(28) |
Oct
(5) |
Nov
(34) |
Dec
(17) |
2014 |
Jan
(26) |
Feb
(11) |
Mar
(4) |
Apr
(25) |
May
(8) |
Jun
(11) |
Jul
(21) |
Aug
(29) |
Sep
(38) |
Oct
(47) |
Nov
(21) |
Dec
(21) |
2015 |
Jan
(13) |
Feb
(22) |
Mar
(25) |
Apr
(9) |
May
(27) |
Jun
(32) |
Jul
(8) |
Aug
(11) |
Sep
(2) |
Oct
(9) |
Nov
(20) |
Dec
(22) |
2016 |
Jan
(6) |
Feb
(6) |
Mar
(11) |
Apr
(4) |
May
(5) |
Jun
(13) |
Jul
(9) |
Aug
(31) |
Sep
(24) |
Oct
(2) |
Nov
(5) |
Dec
(9) |
2017 |
Jan
(10) |
Feb
(13) |
Mar
(10) |
Apr
(4) |
May
(3) |
Jun
(22) |
Jul
(11) |
Aug
(33) |
Sep
(14) |
Oct
(8) |
Nov
(6) |
Dec
(13) |
2018 |
Jan
(4) |
Feb
(26) |
Mar
(16) |
Apr
(2) |
May
(12) |
Jun
(11) |
Jul
(6) |
Aug
(4) |
Sep
(4) |
Oct
(1) |
Nov
(4) |
Dec
(3) |
2019 |
Jan
(14) |
Feb
(4) |
Mar
(19) |
Apr
(8) |
May
(4) |
Jun
(4) |
Jul
(6) |
Aug
(2) |
Sep
(34) |
Oct
(9) |
Nov
(10) |
Dec
(4) |
2020 |
Jan
(2) |
Feb
(12) |
Mar
(16) |
Apr
(17) |
May
(4) |
Jun
(16) |
Jul
(11) |
Aug
(6) |
Sep
(6) |
Oct
(9) |
Nov
(32) |
Dec
(2) |
2021 |
Jan
(2) |
Feb
(8) |
Mar
(6) |
Apr
(9) |
May
(4) |
Jun
(16) |
Jul
(10) |
Aug
(2) |
Sep
(13) |
Oct
(14) |
Nov
(16) |
Dec
(2) |
2022 |
Jan
(8) |
Feb
(8) |
Mar
(5) |
Apr
(5) |
May
(4) |
Jun
(21) |
Jul
(12) |
Aug
(29) |
Sep
(4) |
Oct
(6) |
Nov
(16) |
Dec
(1) |
2023 |
Jan
(2) |
Feb
(2) |
Mar
(2) |
Apr
(5) |
May
(6) |
Jun
(12) |
Jul
(16) |
Aug
(11) |
Sep
(2) |
Oct
|
Nov
(2) |
Dec
(5) |
2024 |
Jan
(2) |
Feb
(4) |
Mar
(15) |
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
(35) |
Oct
(2) |
Nov
|
Dec
|
From: Jose A. B. Jr <ba...@bl...> - 2024-09-16 21:40:06
|
Yes. Got the schema configured. Now I know I need to add schema every time I add a module. I was able to add dns entries using LAM. However, DNS is not working on the server. I don't see bind configuration files getting updated. I do see named is running. Did I miss anything? Thanks, Jose -----Original Message----- From: Roland Gruber <po...@ro...> Sent: Monday, September 16, 2024 2:05 PM To: lam...@li... Subject: Re: [Lam-public] Add DNS entry error Hi Jose, did you install the Bind DLZ schema? You can run Schema test tool inside LAM: https://www.ldap-account-manager.org/static/doc/manual/ch05s11.html#idm5091 Best regards Roland Am 16.09.24 um 18:22 schrieb Jose Antonio Baduria Jr via Lam-public: > Got it fixed but still the same error: > > Was unable to create DN: dlzHostName=sdc-ops-for01,ou=dns,dc=bd,dc=internal. > LDAP error, server says: Invalid DN syntax - invalid DN > > > From: Jose Antonio Baduria Jr > Sent: Monday, September 16, 2024 12:15 PM > To: 'lam...@li...' <lam...@li...> > Subject: RE: Add DNS entry error > > I already updated the suffix to ou=bind,dc=bd,dc=internal but still is using the old one. > > Jose > > From: Jose Antonio Baduria Jr > Sent: Monday, September 16, 2024 11:59 AM > To: lam...@li...<mailto:lam...@li...> > Subject: Add DNS entry error > > HI, > > I am getting the following issue when adding a DNS entry. I followed the instructions and added the schema to /etc/ldap/schema. > > Was unable to create DN: dlzHostName=sdc-ops-for01,ou=bind,o=bd,c=internal. > > LDAP error, server says: Invalid DN syntax - invalid DN > > Jose > > > > _______________________________________________ > Lam-public mailing list > Lam...@li... > https://lists.sourceforge.net/lists/listinfo/lam-public _______________________________________________ Lam-public mailing list Lam...@li... https://lists.sourceforge.net/lists/listinfo/lam-public |
From: Jose A. B. Jr <ba...@bl...> - 2024-09-16 19:50:28
|
Ssh public key issue has been resolved by adding ssh public key schema to open ldap. Still having issues with host module. Not sure what schema to use on it. I have the error below. The object class hostObject is not supported by your LDAP server. From: Jose Antonio Baduria Jr Sent: Monday, September 16, 2024 11:50 AM To: lam...@li... Subject: Issue on adding ssh public key and hosts Hi, I am running Ubuntu 22.04 and LAM Pro 8.2. I am getting the following error message when I try to add a ssh public key and hosts. I am new to ldap and LAM. Was unable to add attributes to DN: uid=baduria,ou=users,dc=bd,dc=internal. LDAP error, server says: Invalid syntax - objectClass: value #0 invalid per syntax Thanks, Jose |
From: Jose A. B. Jr <ba...@bl...> - 2024-09-16 19:32:59
|
This issue has been resolved. I have to add dlz schema to openldap. From: Jose Antonio Baduria Jr Sent: Monday, September 16, 2024 11:59 AM To: lam...@li... Subject: Add DNS entry error HI, I am getting the following issue when adding a DNS entry. I followed the instructions and added the schema to /etc/ldap/schema. Was unable to create DN: dlzHostName=sdc-ops-for01,ou=bind,o=bd,c=internal. LDAP error, server says: Invalid DN syntax - invalid DN Jose |
From: Roland G. <po...@ro...> - 2024-09-16 18:05:01
|
Hi Jose, did you install the Bind DLZ schema? You can run Schema test tool inside LAM: https://www.ldap-account-manager.org/static/doc/manual/ch05s11.html#idm5091 Best regards Roland Am 16.09.24 um 18:22 schrieb Jose Antonio Baduria Jr via Lam-public: > Got it fixed but still the same error: > > Was unable to create DN: dlzHostName=sdc-ops-for01,ou=dns,dc=bd,dc=internal. > LDAP error, server says: Invalid DN syntax - invalid DN > > > From: Jose Antonio Baduria Jr > Sent: Monday, September 16, 2024 12:15 PM > To: 'lam...@li...' <lam...@li...> > Subject: RE: Add DNS entry error > > I already updated the suffix to ou=bind,dc=bd,dc=internal but still is using the old one. > > Jose > > From: Jose Antonio Baduria Jr > Sent: Monday, September 16, 2024 11:59 AM > To: lam...@li...<mailto:lam...@li...> > Subject: Add DNS entry error > > HI, > > I am getting the following issue when adding a DNS entry. I followed the instructions and added the schema to /etc/ldap/schema. > > Was unable to create DN: dlzHostName=sdc-ops-for01,ou=bind,o=bd,c=internal. > > LDAP error, server says: Invalid DN syntax - invalid DN > > Jose > > > > _______________________________________________ > Lam-public mailing list > Lam...@li... > https://lists.sourceforge.net/lists/listinfo/lam-public |
From: Roland G. <po...@ro...> - 2024-09-16 18:01:20
|
Hi Jose, SSH keys require to install a schema file. Please use Schema test tool to validate your installed schema: https://www.ldap-account-manager.org/static/doc/manual/ch05s11.html#idm5091 The schema is available here: https://code.google.com/archive/p/openssh-lpk/downloads Best regards Roland Am 16.09.24 um 17:49 schrieb Jose Antonio Baduria Jr via Lam-public: > Hi, > > I am running Ubuntu 22.04 and LAM Pro 8.2. I am getting the following error message when I try to add a ssh public key and hosts. I am new to ldap and LAM. > > Was unable to add attributes to DN: uid=baduria,ou=users,dc=bd,dc=internal. > LDAP error, server says: Invalid syntax - objectClass: value #0 invalid per syntax > > Thanks, > Jose > > > > > _______________________________________________ > Lam-public mailing list > Lam...@li... > https://lists.sourceforge.net/lists/listinfo/lam-public |
From: Jose A. B. Jr <ba...@bl...> - 2024-09-16 17:33:06
|
HI, I am getting the following issue when adding a DNS entry. I followed the instructions and added the schema to /etc/ldap/schema. Was unable to create DN: dlzHostName=sdc-ops-for01,ou=bind,o=bd,c=internal. LDAP error, server says: Invalid DN syntax - invalid DN Jose |
From: Jose A. B. Jr <ba...@bl...> - 2024-09-16 16:48:31
|
I already updated the suffix to ou=bind,dc=bd,dc=internal but still is using the old one. Jose From: Jose Antonio Baduria Jr Sent: Monday, September 16, 2024 11:59 AM To: lam...@li... Subject: Add DNS entry error HI, I am getting the following issue when adding a DNS entry. I followed the instructions and added the schema to /etc/ldap/schema. Was unable to create DN: dlzHostName=sdc-ops-for01,ou=bind,o=bd,c=internal. LDAP error, server says: Invalid DN syntax - invalid DN Jose |
From: Jose A. B. Jr <ba...@bl...> - 2024-09-16 16:36:53
|
Got it fixed but still the same error: Was unable to create DN: dlzHostName=sdc-ops-for01,ou=dns,dc=bd,dc=internal. LDAP error, server says: Invalid DN syntax - invalid DN From: Jose Antonio Baduria Jr Sent: Monday, September 16, 2024 12:15 PM To: 'lam...@li...' <lam...@li...> Subject: RE: Add DNS entry error I already updated the suffix to ou=bind,dc=bd,dc=internal but still is using the old one. Jose From: Jose Antonio Baduria Jr Sent: Monday, September 16, 2024 11:59 AM To: lam...@li...<mailto:lam...@li...> Subject: Add DNS entry error HI, I am getting the following issue when adding a DNS entry. I followed the instructions and added the schema to /etc/ldap/schema. Was unable to create DN: dlzHostName=sdc-ops-for01,ou=bind,o=bd,c=internal. LDAP error, server says: Invalid DN syntax - invalid DN Jose |
From: Jose A. B. Jr <ba...@bl...> - 2024-09-16 16:05:41
|
Hi, I am running Ubuntu 22.04 and LAM Pro 8.2. I am getting the following error message when I try to add a ssh public key and hosts. I am new to ldap and LAM. Was unable to add attributes to DN: uid=baduria,ou=users,dc=bd,dc=internal. LDAP error, server says: Invalid syntax - objectClass: value #0 invalid per syntax Thanks, Jose |
From: Roland G. <po...@ro...> - 2024-09-10 17:59:02
|
Hi Jürgen, no, this is still open. It requires more investigation and will not be fixed with 8.9. I think it can be fixed in 9.0 (December). Best regards Roland Am 10.09.24 um 19:22 schrieb Juergen Holm: > Hi, > > is Bug https://github.com/LDAPAccountManager/lam/issues/358# alredy > fixed? > Cannot find it in the changelog. > > > On Mon, 2024-09-09 at 21:06 +0200, Roland Gruber wrote: >> Announcement: >> >> The "Request access" module allows to specify an expiration time and >> supports an additional owner group. Custom scripts can use a wildcard >> for the server/self-service profile. The room number and personal >> title >> can be managed for Windows users. >> >> This is a test release. Please report any issues till 2024-09-22. >> >> >> Full changelog: >> >> https://www.ldap-account-manager.org/lamcms/changelog >> >> >> Download: >> >> https://www.ldap-account-manager.org/lamcms/releases >> >> >> Features: >> >> * management of various account types >> * Unix >> * Samba 4/Active Directory >> * Asterisk >> * Kopano >> * DHCP >> * SSH keys >> * ... >> * profiles for account creation >> * account creation via file upload >> * automatic creation/deletion of home directories >> * setting quotas >> * PDF output for all accounts >> * editor for organizational units >> * schema browser >> * tree view >> * 2FA support >> >> >> Demo installation: >> >> You can try our demo installation online. >> >> https://www.ldap-account-manager.org/lamcms/liveDemo >> >> >> Authors & Copyright: >> >> Copyright (C) 2003 - 2024: >> Roland Gruber <po...@ro...> >> LAM is published under the GNU General Public License. >> The complete list of licenses can be found in the copyright file. >> >> >> _______________________________________________ >> Lam-public mailing list >> Lam...@li... >> https://lists.sourceforge.net/lists/listinfo/lam-public >> > > > > _______________________________________________ > Lam-public mailing list > Lam...@li... > https://lists.sourceforge.net/lists/listinfo/lam-public |
From: Juergen H. <ho...@th...> - 2024-09-10 17:41:46
|
Hi, is Bug https://github.com/LDAPAccountManager/lam/issues/358# alredy fixed? Cannot find it in the changelog. On Mon, 2024-09-09 at 21:06 +0200, Roland Gruber wrote: > Announcement: > > The "Request access" module allows to specify an expiration time and > supports an additional owner group. Custom scripts can use a wildcard > for the server/self-service profile. The room number and personal > title > can be managed for Windows users. > > This is a test release. Please report any issues till 2024-09-22. > > > Full changelog: > > https://www.ldap-account-manager.org/lamcms/changelog > > > Download: > > https://www.ldap-account-manager.org/lamcms/releases > > > Features: > > * management of various account types > * Unix > * Samba 4/Active Directory > * Asterisk > * Kopano > * DHCP > * SSH keys > * ... > * profiles for account creation > * account creation via file upload > * automatic creation/deletion of home directories > * setting quotas > * PDF output for all accounts > * editor for organizational units > * schema browser > * tree view > * 2FA support > > > Demo installation: > > You can try our demo installation online. > > https://www.ldap-account-manager.org/lamcms/liveDemo > > > Authors & Copyright: > > Copyright (C) 2003 - 2024: > Roland Gruber <po...@ro...> > LAM is published under the GNU General Public License. > The complete list of licenses can be found in the copyright file. > > > _______________________________________________ > Lam-public mailing list > Lam...@li... > https://lists.sourceforge.net/lists/listinfo/lam-public > |
From: Roland G. <po...@ro...> - 2024-09-09 19:20:15
|
Announcement: The "Request access" module allows to specify an expiration time and supports an additional owner group. Custom scripts can use a wildcard for the server/self-service profile. The room number and personal title can be managed for Windows users. This is a test release. Please report any issues till 2024-09-22. Full changelog: https://www.ldap-account-manager.org/lamcms/changelog Download: https://www.ldap-account-manager.org/lamcms/releases Features: * management of various account types * Unix * Samba 4/Active Directory * Asterisk * Kopano * DHCP * SSH keys * ... * profiles for account creation * account creation via file upload * automatic creation/deletion of home directories * setting quotas * PDF output for all accounts * editor for organizational units * schema browser * tree view * 2FA support Demo installation: You can try our demo installation online. https://www.ldap-account-manager.org/lamcms/liveDemo Authors & Copyright: Copyright (C) 2003 - 2024: Roland Gruber <po...@ro...> LAM is published under the GNU General Public License. The complete list of licenses can be found in the copyright file. |
From: Roland G. <po...@ro...> - 2024-06-22 18:57:42
|
Announcement: LAM requires at least PHP 8.1 now. There were several enhancements to request access like history and possibility to request owner access. The new altSecurityIdentities module supports to manage SSH keys in AD/Samba 4. Full changelog: https://www.ldap-account-manager.org/lamcms/changelog Download: https://www.ldap-account-manager.org/lamcms/releases Features: * management of various account types * Unix * Samba 4/Active Directory * Asterisk * Kopano * DHCP * SSH keys * ... * profiles for account creation * account creation via file upload * automatic creation/deletion of home directories * setting quotas * PDF output for all accounts * editor for organizational units * schema browser * tree view * 2FA support Demo installation: You can try our demo installation online. https://www.ldap-account-manager.org/lamcms/liveDemo Authors & Copyright: Copyright (C) 2003 - 2024: Roland Gruber <po...@ro...> LAM is published under the GNU General Public License. The complete list of licenses can be found in the copyright file. |
From: Roland G. <po...@ro...> - 2024-06-07 18:48:39
|
Announcement: LAM requires at least PHP 8.1 now. There were several enhancements to request access like history and possibility to request owner access. The new altSecurityIdentities module supports to manage SSH keys in AD/Samba 4. This is a test release. Please report any issues till 21st June. Full changelog: https://www.ldap-account-manager.org/lamcms/changelog Download: https://www.ldap-account-manager.org/lamcms/releases Features: * management of various account types * Unix * Samba 4/Active Directory * Asterisk * Kopano * DHCP * SSH keys * ... * profiles for account creation * account creation via file upload * automatic creation/deletion of home directories * setting quotas * PDF output for all accounts * editor for organizational units * schema browser * tree view * 2FA support Demo installation: You can try our demo installation online. https://www.ldap-account-manager.org/lamcms/liveDemo Authors & Copyright: Copyright (C) 2003 - 2024: Roland Gruber <po...@ro...> LAM is published under the GNU General Public License. The complete list of licenses can be found in the copyright file. |
From: Roland G. <po...@ro...> - 2024-03-21 19:06:01
|
Hi Mark, LDAP sync is not part of LAM's functionality. Our partners might be able to help you: https://www.ldap-account-manager.org/lamcms/partners Best regards Roland Am 21.03.24 um 12:31 schrieb Mark Sigsbee: > I want to periodically pull from both AD forests into the LDAP database and have the IdP reference the LDAP database as authoritative. The IdP never reaches out to the AD databases directly, thus never exposing them. > > The periodicity, though required for account changes, isn't a huge factor. I figured cron jobs can do that. > > > Mark R. Sigsbee, CISSP > > > > SUNet PKI Support Team > > Mark@ZTISolutions.com<mailto:Mark@ZTISolutions.com> > > (301)509-7592 (cell) > > > > [cid:9f752961-1d5e-4e9c-a743-10c61a2ba214] > > > > ________________________________ > From: Roland Gruber <po...@ro...> > Sent: Thursday, March 21, 2024 2:38 AM > To: Mark Sigsbee <ma...@zt...>; lam...@li... <lam...@li...> > Subject: Re: [Lam-public] Local Copy of AD Forests > > Hi Mark, > > can you provide more details what you mean with "I want the LDAP > databases for both forests on the Ubuntu host"? > Do you just want to manage them from one central system? In this case, > LAM is a good fit. You can create a server profile for each forest and > manage all of them with one LAM instance. > > > Best regards > Roland > > > Am 20.03.24 um 20:41 schrieb Mark Sigsbee: >> I'm not a Unix expert, I'm the AD guy. I have no clue what tool you are referring to. >> >> Can you make a recommendation? >> >> Mark R. Sigsbee, CISSP >> >> >> >> SUNet PKI Support Team >> >> Mark@ZTISolutions.com<mailto:Mark@ZTISolutions.com> >> >> (301)509-7592 (cell) >> >> >> >> [cid:11ffa6ef-57a0-4260-8b6d-8bc96f25c5e0] >> >> >> >> ________________________________ >> From: Roland Gruber <po...@ro...> >> Sent: Wednesday, March 20, 2024 2:36 PM >> To: lam...@li... <lam...@li...> >> Subject: Re: [Lam-public] Local Copy of AD Forests >> >> Hi Mark, >> >> LAM is a GUI to manage LDAP entries. The place where these are stored is >> totally up to the LDAP server. If you need to sync data between LDAP >> servers then you will also need an additional tool. >> >> >> Best regards >> Roland >> >> >> Am 20.03.24 um 13:31 schrieb Mark Sigsbee: >>> Design: >>> >>> 1. >>> Ubuntu 20 LTS with LAM, LDAP. >>> 2. >>> DC/Contoso.local server Forest with many servers >>> 3. >>> DC/LitWareInc.local server Forest with many servers >>> 4. >>> IdP - Server farm for authentication >>> 5. >>> AWS Cloud >>> 6. >>> Azure Cloud >>> >>> I have successfully connected LAM to both DC's and can see the tree view. All is good. >>> >>> For security reasons I do not want to expose the DC's to external sources. I want the LDAP databases for both forests on the Ubuntu host. Does your tool make that happen? The IdP should only point to the LDAP server to verify authentication. The LDAP server should be getting near realtime updates of the AD changes. Ultimately I have probably 100 AD forests I need to integrate into this. >>> >>> >>> Mark R. Sigsbee, CISSP >>> >>> >>> >>> SUNet PKI Support Team >>> >>> Mark@ZTISolutions.com<mailto:Mark@ZTISolutions.com> >>> >>> (301)509-7592 (cell) >>> >>> >>> >>> [cid:2b613cae-9b8b-4cbe-a232-1a91589eec32] >>> >>> >>> >>> >>> >>> _______________________________________________ >>> Lam-public mailing list >>> Lam...@li... >>> https://lists.sourceforge.net/lists/listinfo/lam-public >> >> >> _______________________________________________ >> Lam-public mailing list >> Lam...@li... >> https://lists.sourceforge.net/lists/listinfo/lam-public >> > > > > _______________________________________________ > Lam-public mailing list > Lam...@li... > https://lists.sourceforge.net/lists/listinfo/lam-public |
From: Mark S. <ma...@zt...> - 2024-03-21 11:32:18
|
I want to periodically pull from both AD forests into the LDAP database and have the IdP reference the LDAP database as authoritative. The IdP never reaches out to the AD databases directly, thus never exposing them. The periodicity, though required for account changes, isn't a huge factor. I figured cron jobs can do that. Mark R. Sigsbee, CISSP SUNet PKI Support Team Mark@ZTISolutions.com<mailto:Mark@ZTISolutions.com> (301)509-7592 (cell) [cid:9f752961-1d5e-4e9c-a743-10c61a2ba214] ________________________________ From: Roland Gruber <po...@ro...> Sent: Thursday, March 21, 2024 2:38 AM To: Mark Sigsbee <ma...@zt...>; lam...@li... <lam...@li...> Subject: Re: [Lam-public] Local Copy of AD Forests Hi Mark, can you provide more details what you mean with "I want the LDAP databases for both forests on the Ubuntu host"? Do you just want to manage them from one central system? In this case, LAM is a good fit. You can create a server profile for each forest and manage all of them with one LAM instance. Best regards Roland Am 20.03.24 um 20:41 schrieb Mark Sigsbee: > I'm not a Unix expert, I'm the AD guy. I have no clue what tool you are referring to. > > Can you make a recommendation? > > Mark R. Sigsbee, CISSP > > > > SUNet PKI Support Team > > Mark@ZTISolutions.com<mailto:Mark@ZTISolutions.com> > > (301)509-7592 (cell) > > > > [cid:11ffa6ef-57a0-4260-8b6d-8bc96f25c5e0] > > > > ________________________________ > From: Roland Gruber <po...@ro...> > Sent: Wednesday, March 20, 2024 2:36 PM > To: lam...@li... <lam...@li...> > Subject: Re: [Lam-public] Local Copy of AD Forests > > Hi Mark, > > LAM is a GUI to manage LDAP entries. The place where these are stored is > totally up to the LDAP server. If you need to sync data between LDAP > servers then you will also need an additional tool. > > > Best regards > Roland > > > Am 20.03.24 um 13:31 schrieb Mark Sigsbee: >> Design: >> >> 1. >> Ubuntu 20 LTS with LAM, LDAP. >> 2. >> DC/Contoso.local server Forest with many servers >> 3. >> DC/LitWareInc.local server Forest with many servers >> 4. >> IdP - Server farm for authentication >> 5. >> AWS Cloud >> 6. >> Azure Cloud >> >> I have successfully connected LAM to both DC's and can see the tree view. All is good. >> >> For security reasons I do not want to expose the DC's to external sources. I want the LDAP databases for both forests on the Ubuntu host. Does your tool make that happen? The IdP should only point to the LDAP server to verify authentication. The LDAP server should be getting near realtime updates of the AD changes. Ultimately I have probably 100 AD forests I need to integrate into this. >> >> >> Mark R. Sigsbee, CISSP >> >> >> >> SUNet PKI Support Team >> >> Mark@ZTISolutions.com<mailto:Mark@ZTISolutions.com> >> >> (301)509-7592 (cell) >> >> >> >> [cid:2b613cae-9b8b-4cbe-a232-1a91589eec32] >> >> >> >> >> >> _______________________________________________ >> Lam-public mailing list >> Lam...@li... >> https://lists.sourceforge.net/lists/listinfo/lam-public > > > _______________________________________________ > Lam-public mailing list > Lam...@li... > https://lists.sourceforge.net/lists/listinfo/lam-public > |
From: Roland G. <po...@ro...> - 2024-03-21 06:52:04
|
Hi Mark, can you provide more details what you mean with "I want the LDAP databases for both forests on the Ubuntu host"? Do you just want to manage them from one central system? In this case, LAM is a good fit. You can create a server profile for each forest and manage all of them with one LAM instance. Best regards Roland Am 20.03.24 um 20:41 schrieb Mark Sigsbee: > I'm not a Unix expert, I'm the AD guy. I have no clue what tool you are referring to. > > Can you make a recommendation? > > Mark R. Sigsbee, CISSP > > > > SUNet PKI Support Team > > Mark@ZTISolutions.com<mailto:Mark@ZTISolutions.com> > > (301)509-7592 (cell) > > > > [cid:11ffa6ef-57a0-4260-8b6d-8bc96f25c5e0] > > > > ________________________________ > From: Roland Gruber <po...@ro...> > Sent: Wednesday, March 20, 2024 2:36 PM > To: lam...@li... <lam...@li...> > Subject: Re: [Lam-public] Local Copy of AD Forests > > Hi Mark, > > LAM is a GUI to manage LDAP entries. The place where these are stored is > totally up to the LDAP server. If you need to sync data between LDAP > servers then you will also need an additional tool. > > > Best regards > Roland > > > Am 20.03.24 um 13:31 schrieb Mark Sigsbee: >> Design: >> >> 1. >> Ubuntu 20 LTS with LAM, LDAP. >> 2. >> DC/Contoso.local server Forest with many servers >> 3. >> DC/LitWareInc.local server Forest with many servers >> 4. >> IdP - Server farm for authentication >> 5. >> AWS Cloud >> 6. >> Azure Cloud >> >> I have successfully connected LAM to both DC's and can see the tree view. All is good. >> >> For security reasons I do not want to expose the DC's to external sources. I want the LDAP databases for both forests on the Ubuntu host. Does your tool make that happen? The IdP should only point to the LDAP server to verify authentication. The LDAP server should be getting near realtime updates of the AD changes. Ultimately I have probably 100 AD forests I need to integrate into this. >> >> >> Mark R. Sigsbee, CISSP >> >> >> >> SUNet PKI Support Team >> >> Mark@ZTISolutions.com<mailto:Mark@ZTISolutions.com> >> >> (301)509-7592 (cell) >> >> >> >> [cid:2b613cae-9b8b-4cbe-a232-1a91589eec32] >> >> >> >> >> >> _______________________________________________ >> Lam-public mailing list >> Lam...@li... >> https://lists.sourceforge.net/lists/listinfo/lam-public > > > _______________________________________________ > Lam-public mailing list > Lam...@li... > https://lists.sourceforge.net/lists/listinfo/lam-public > |
From: Mark S. <ma...@zt...> - 2024-03-20 19:41:21
|
I'm not a Unix expert, I'm the AD guy. I have no clue what tool you are referring to. Can you make a recommendation? Mark R. Sigsbee, CISSP SUNet PKI Support Team Mark@ZTISolutions.com<mailto:Mark@ZTISolutions.com> (301)509-7592 (cell) [cid:11ffa6ef-57a0-4260-8b6d-8bc96f25c5e0] ________________________________ From: Roland Gruber <po...@ro...> Sent: Wednesday, March 20, 2024 2:36 PM To: lam...@li... <lam...@li...> Subject: Re: [Lam-public] Local Copy of AD Forests Hi Mark, LAM is a GUI to manage LDAP entries. The place where these are stored is totally up to the LDAP server. If you need to sync data between LDAP servers then you will also need an additional tool. Best regards Roland Am 20.03.24 um 13:31 schrieb Mark Sigsbee: > Design: > > 1. > Ubuntu 20 LTS with LAM, LDAP. > 2. > DC/Contoso.local server Forest with many servers > 3. > DC/LitWareInc.local server Forest with many servers > 4. > IdP - Server farm for authentication > 5. > AWS Cloud > 6. > Azure Cloud > > I have successfully connected LAM to both DC's and can see the tree view. All is good. > > For security reasons I do not want to expose the DC's to external sources. I want the LDAP databases for both forests on the Ubuntu host. Does your tool make that happen? The IdP should only point to the LDAP server to verify authentication. The LDAP server should be getting near realtime updates of the AD changes. Ultimately I have probably 100 AD forests I need to integrate into this. > > > Mark R. Sigsbee, CISSP > > > > SUNet PKI Support Team > > Mark@ZTISolutions.com<mailto:Mark@ZTISolutions.com> > > (301)509-7592 (cell) > > > > [cid:2b613cae-9b8b-4cbe-a232-1a91589eec32] > > > > > > _______________________________________________ > Lam-public mailing list > Lam...@li... > https://lists.sourceforge.net/lists/listinfo/lam-public _______________________________________________ Lam-public mailing list Lam...@li... https://lists.sourceforge.net/lists/listinfo/lam-public |
From: Roland G. <po...@ro...> - 2024-03-20 18:36:43
|
Hi Mark, LAM is a GUI to manage LDAP entries. The place where these are stored is totally up to the LDAP server. If you need to sync data between LDAP servers then you will also need an additional tool. Best regards Roland Am 20.03.24 um 13:31 schrieb Mark Sigsbee: > Design: > > 1. > Ubuntu 20 LTS with LAM, LDAP. > 2. > DC/Contoso.local server Forest with many servers > 3. > DC/LitWareInc.local server Forest with many servers > 4. > IdP - Server farm for authentication > 5. > AWS Cloud > 6. > Azure Cloud > > I have successfully connected LAM to both DC's and can see the tree view. All is good. > > For security reasons I do not want to expose the DC's to external sources. I want the LDAP databases for both forests on the Ubuntu host. Does your tool make that happen? The IdP should only point to the LDAP server to verify authentication. The LDAP server should be getting near realtime updates of the AD changes. Ultimately I have probably 100 AD forests I need to integrate into this. > > > Mark R. Sigsbee, CISSP > > > > SUNet PKI Support Team > > Mark@ZTISolutions.com<mailto:Mark@ZTISolutions.com> > > (301)509-7592 (cell) > > > > [cid:2b613cae-9b8b-4cbe-a232-1a91589eec32] > > > > > > _______________________________________________ > Lam-public mailing list > Lam...@li... > https://lists.sourceforge.net/lists/listinfo/lam-public |
From: Mark S. <ma...@zt...> - 2024-03-20 13:06:15
|
Design: 1. Ubuntu 20 LTS with LAM, LDAP. 2. DC/Contoso.local server Forest with many servers 3. DC/LitWareInc.local server Forest with many servers 4. IdP - Server farm for authentication 5. AWS Cloud 6. Azure Cloud I have successfully connected LAM to both DC's and can see the tree view. All is good. For security reasons I do not want to expose the DC's to external sources. I want the LDAP databases for both forests on the Ubuntu host. Does your tool make that happen? The IdP should only point to the LDAP server to verify authentication. The LDAP server should be getting near realtime updates of the AD changes. Ultimately I have probably 100 AD forests I need to integrate into this. Mark R. Sigsbee, CISSP SUNet PKI Support Team Mark@ZTISolutions.com<mailto:Mark@ZTISolutions.com> (301)509-7592 (cell) [cid:2b613cae-9b8b-4cbe-a232-1a91589eec32] |
From: Mark S. <ma...@zt...> - 2024-03-19 20:05:40
|
I resolved it. Thanks Mark R. Sigsbee, CISSP SUNet PKI Support Team Mark@ZTISolutions.com<mailto:Mark@ZTISolutions.com> (301)509-7592 (cell) [cid:ff150b1a-f115-4c55-827a-eb248b3729dd] ________________________________ From: Roland Gruber <po...@ro...> Sent: Tuesday, March 19, 2024 2:57 PM To: lam...@li... <lam...@li...> Subject: Re: [Lam-public] Blank Screen when accessing LAM Hi Mark, do you get any messages in Apache's error log file? What is your PHP version? At least 8.0.2 is required. Best regards Roland Am 19.03.24 um 16:40 schrieb Mark Sigsbee: > Followed installation from your directions. > > On host server: > > 1. > I get the Apache landing page with no issues. > 2. > When I try to access http://localhost/lam with Firefox I get a blank screen. > > On second Windows 10 box > > 1. > with Edge I get Error 500 going to http://192.168.1.X/lam. > 2. > I do get the correct Apache landing page on this client. > > Ubuntu : v20.04.6 LTS > Apache : v2.4.41 > > > > Mark R. Sigsbee, CISSP > > > > SUNet PKI Support Team > > Mark@ZTISolutions.com<mailto:Mark@ZTISolutions.com> > > (301)509-7592 (cell) > > > > [cid:faed3f6a-db16-4e91-96fe-644c63feb2a3] > > > > > > _______________________________________________ > Lam-public mailing list > Lam...@li... > https://lists.sourceforge.net/lists/listinfo/lam-public _______________________________________________ Lam-public mailing list Lam...@li... https://lists.sourceforge.net/lists/listinfo/lam-public |
From: Roland G. <po...@ro...> - 2024-03-19 18:57:16
|
Hi Mark, do you get any messages in Apache's error log file? What is your PHP version? At least 8.0.2 is required. Best regards Roland Am 19.03.24 um 16:40 schrieb Mark Sigsbee: > Followed installation from your directions. > > On host server: > > 1. > I get the Apache landing page with no issues. > 2. > When I try to access http://localhost/lam with Firefox I get a blank screen. > > On second Windows 10 box > > 1. > with Edge I get Error 500 going to http://192.168.1.X/lam. > 2. > I do get the correct Apache landing page on this client. > > Ubuntu : v20.04.6 LTS > Apache : v2.4.41 > > > > Mark R. Sigsbee, CISSP > > > > SUNet PKI Support Team > > Mark@ZTISolutions.com<mailto:Mark@ZTISolutions.com> > > (301)509-7592 (cell) > > > > [cid:faed3f6a-db16-4e91-96fe-644c63feb2a3] > > > > > > _______________________________________________ > Lam-public mailing list > Lam...@li... > https://lists.sourceforge.net/lists/listinfo/lam-public |
From: Mark S. <ma...@zt...> - 2024-03-19 18:15:09
|
Followed installation from your directions. On host server: 1. I get the Apache landing page with no issues. 2. When I try to access http://localhost/lam with Firefox I get a blank screen. On second Windows 10 box 1. with Edge I get Error 500 going to http://192.168.1.X/lam. 2. I do get the correct Apache landing page on this client. Ubuntu : v20.04.6 LTS Apache : v2.4.41 Mark R. Sigsbee, CISSP SUNet PKI Support Team Mark@ZTISolutions.com<mailto:Mark@ZTISolutions.com> (301)509-7592 (cell) [cid:faed3f6a-db16-4e91-96fe-644c63feb2a3] |
From: Rue, R. <rg...@sc...> - 2024-03-18 19:10:24
|
Hi Roland, After adding the list of packages described in the original error, downgrading php-psr-log, and finding the .deb file for php-voku-portable-ascii, I'm able to install the 8.6.1 Pro .deb file. Thanks, Randy -----Original Message----- From: Roland Gruber <po...@ro...> Sent: Friday, March 15, 2024 12:02 AM To: lam...@li... Subject: Re: [Lam-public] unable to install LAM Pro to Ubuntu 22.04 CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Hi Randy, can you try to download and install php-psr-log 1.1.4 from here? https://urldefense.com/v3/__https://packages.debian.org/bookworm/all/php-psr-log/download__;!!GuAItXPztq0!mopkTLWbpx2npkdT9hTurlyQQJauDNlVZ_DJ9Nlh8A2LuMmMhNrTkCm6vUXaRZrSi8ErL8p6AH5o0G4g$ Debian and Ubuntu ship different major versions of it but an external dependency just supports the 1.x one. This will be resolved with LAM 8.8 in June (we need to increase the minimum required PHP version for this). https://urldefense.com/v3/__https://github.com/LDAPAccountManager/lam/issues/296__;!!GuAItXPztq0!mopkTLWbpx2npkdT9hTurlyQQJauDNlVZ_DJ9Nlh8A2LuMmMhNrTkCm6vUXaRZrSi8ErL8p6AMW9Cx8f$ Best regards Roland Am 14.03.24 um 22:38 schrieb Rue, Randy: > Hello, > > I'm unable to install LAM Pro 8.6-1 using the ldap-account-manager_8.6-1_all.deb file to a clean install of Ubuntu LTS 22.04. When I try to install the .deb file using "dpkg -I" as the documentation says, I get a long list of failed package dependencies. When I next run "apt-get -f install" a bunch of packages are installed and LAM is actually uninstalled. When I run dpkg again, I get another list of failed dependencies. > > I have tried installing all of the packages listed in the first error but a few of them don't appear to be in the repos. > > For a hoot I tried installing 7.7-1 from the native Ubuntu repos and then upgrading but I still get a list of failed package dependencies. > > I thought the point of dpkg and apt was to solve these dependencies automatically. > > I have attached shell output of the above failed steps. > > Can anyone tell me how to install LAM Pro 8.6-1 to an Ubuntu 22.04 LTS server? > > > Hope to hear from you, > > Randy Rue > Seattle WA USA > > > > _______________________________________________ > Lam-public mailing list > Lam...@li... > https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listin > fo/lam-public__;!!GuAItXPztq0!mopkTLWbpx2npkdT9hTurlyQQJauDNlVZ_DJ9Nlh > 8A2LuMmMhNrTkCm6vUXaRZrSi8ErL8p6AOMEZish$ _______________________________________________ Lam-public mailing list Lam...@li... https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/lam-public__;!!GuAItXPztq0!mopkTLWbpx2npkdT9hTurlyQQJauDNlVZ_DJ9Nlh8A2LuMmMhNrTkCm6vUXaRZrSi8ErL8p6AOMEZish$ |
From: Roland G. <po...@ro...> - 2024-03-16 19:31:06
|
Announcement: The self service can be configured for passwordless SSO with Okta/OpenID. PHP 8.3 is supported and a new cron job can deactivate inactive accounts based on lastBind overlay data. There is also a security fix included. Full changelog: https://www.ldap-account-manager.org/lamcms/changelog Download: https://www.ldap-account-manager.org/lamcms/releases Features: * management of various account types * Unix * Samba 4/Active Directory * Asterisk * Kopano * DHCP * SSH keys * ... * profiles for account creation * account creation via file upload * automatic creation/deletion of home directories * setting quotas * PDF output for all accounts * editor for organizational units * schema browser * tree view * 2FA support Demo installation: You can try our demo installation online. https://www.ldap-account-manager.org/lamcms/liveDemo Authors & Copyright: Copyright (C) 2003 - 2024: Roland Gruber <po...@ro...> LAM is published under the GNU General Public License. The complete list of licenses can be found in the copyright file. |