openupload-devel — Development and general discussion

Re: [openupload-devel] Active Directory

[Alessandro B. <ts...@br...>]

Andy Hester ha scritto:
> Alessandro Briosi wrote:
>>>> Please also check the "unregistered" group in the config.inc.php file, 
>>>> that should match some group in active directory so you can set rights 
>>>>   
>>>>       
>>> as above the only thing I see about an '"unregistered" group in the 
>>> config.inc.php' is this:
>>> $CONFIG['register']['nologingroup'] = 'unregistered';
>>> $CONFIG['register']['default_group'] = 'upload_users';
>>>
>>> Not sure if this is correct. 
>>>     
>>
>> if you have an 'unregistered' group in AD this is ok. It's only usefull 
>> to assign rights to not logged in users. (like download)
>>
>> the second one is the group to be assigned for User Registration which 
>> is not supported by AD authentication.
>>   
> I do not have an 'unregistered' group in AD.  Only upload_users and 
> upload_admins.  In the Rights section of the admin page it list three 
> groups:
> 
> Any
> upload_admins
> upload_users
> 
If you populated the db with the setup script then probably you have 
some rights set for the unregistered users

> I will try creating an empty group called 'unregistered' in that OU to 
> see if that fixes anything.
> 

Yes, so you can manage (or remove completly) the group rights of not 
logged in users.
I should fix this ...

Alessandro

Re: [openupload-devel] Active Directory

[Andy H. <and...@eu...>]

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Andy Hester wrote:
<blockquote cite="mid:49F...@eu..." type="cite">
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
Alessandro Briosi wrote:
  <blockquote cite="mid:49F...@br..." type="cite">
    <blockquote type="cite">
      <blockquote type="cite">
        <pre wrap="">Please also check the "unregistered" group in the config.inc.php file, 
that should match some group in active directory so you can set rights 
  
      </pre>
      </blockquote>
      <pre wrap="">as above the only thing I see about an '"unregistered" group in the 
config.inc.php' is this:
$CONFIG['register']['nologingroup'] = 'unregistered';
$CONFIG['register']['default_group'] = 'upload_users';

Not sure if this is correct. 
    </pre>
    </blockquote>
    <pre wrap=""><!---->
if you have an 'unregistered' group in AD this is ok. It's only usefull 
to assign rights to not logged in users. (like download)

the second one is the group to be assigned for User Registration which 
is not supported by AD authentication.
  </pre>
  </blockquote>
I do not have an 'unregistered' group in AD.&nbsp; Only upload_users and
upload_admins.&nbsp; In the Rights section of the admin page it list three
groups:<br>
  <br>
Any<br>
upload_admins<br>
upload_users<br>
  <br>
I will try creating an empty group called 'unregistered' in that OU to
see if that fixes anything.<br>
  <br>
-Andy<br>
</blockquote>
So I created the emptu group called 'unregistered and the Rights page
sees it and maps it to the 'unregistered' group.&nbsp; Try again and the
site still shows 'Public Files' when logged in as an upload_user or as
an upload_admin.&nbsp; All files are still visible (I had to allow 'l'
permissions for upload_users to check this)<br>
<br>
-Andy<br>
<br>
</body>
</html>

Re: [openupload-devel] Active Directory

[Alessandro B. <ts...@br...>]

Andy Hester ha scritto:
> Sorry, I misspoke.  I am already using the sAMAccountName version - it 
> doesn't seem to work at all with 'cn'.  Also, when I login, I use my AD 
> log on id which is a alpha-numeric value, but my AD display name is 
> displayed correctly in the top right side of the page.  Based on this it 
> does seem to know which user I am.
> 


Well, it uses the AD user account to check for the group info, but I'm 
quite sure the specific 'login' field is not populated.

Try changing the template file.
templates/index.tpl

insert a new line after line 23 like this: (after {$user.name} ):
<br />{$user.login}

and see if it prints something after the user name (once you log in).
If it does, then there is a bug somewhere, and I'll try AD again tomorrow.

BTW: is this a 2003 , 2000 , mixed or 2008 AD?
(I have only tested a 2003 AD domain afair, and it worked with 'cn')

Alessandro

Re: [openupload-devel] Active Directory

[Andy H. <and...@eu...>]

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Alessandro Briosi wrote:
<blockquote cite="mid:49F...@br..." type="cite">
  <blockquote type="cite">
    <blockquote type="cite">
      <pre wrap="">Please also check the "unregistered" group in the config.inc.php file, 
that should match some group in active directory so you can set rights 
  
      </pre>
    </blockquote>
    <pre wrap="">as above the only thing I see about an '"unregistered" group in the 
config.inc.php' is this:
$CONFIG['register']['nologingroup'] = 'unregistered';
$CONFIG['register']['default_group'] = 'upload_users';

Not sure if this is correct. 
    </pre>
  </blockquote>
  <pre wrap=""><!---->
if you have an 'unregistered' group in AD this is ok. It's only usefull 
to assign rights to not logged in users. (like download)

the second one is the group to be assigned for User Registration which 
is not supported by AD authentication.
  </pre>
</blockquote>
I do not have an 'unregistered' group in AD.&nbsp; Only upload_users and
upload_admins.&nbsp; In the Rights section of the admin page it list three
groups:<br>
<br>
Any<br>
upload_admins<br>
upload_users<br>
<br>
I will try creating an empty group called 'unregistered' in that OU to
see if that fixes anything.<br>
<br>
-Andy<br>
<br>
</body>
</html>

Re: [openupload-devel] Active Directory

[Andy H. <and...@eu...>]

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Alessandro Briosi wrote:
<blockquote cite="mid:49F...@br..." type="cite"><br>
  <pre wrap=""><!---->OK the problem is here I think. the 'login' field is not populated for 
some reason.
Probably the 'cn' field is not correct. If you look at the database the 
files do not have any user associated, that is why you see the "Public 
Files" and they are all visible by everybody.

could you try using this insthead then?

$CONFIG['ldap']['uid']='sAMAccountName';
$CONFIG['ldap']['userfields'] = array ( 'sAMAccountName' =&gt; 'login', 
'cn' =&gt; 'name', 'memberof' =&gt; 'group_id', 'mail' =&gt; 'email');

Alessandro

-</pre>
</blockquote>
Sorry, I misspoke.&nbsp; I am already using the sAMAccountName version - it
doesn't seem to work at all with 'cn'.&nbsp; Also, when I login, I use my AD
log on id which is a alpha-numeric value, but my AD display name is
displayed correctly in the top right side of the page.&nbsp; Based on this
it does seem to know which user I am.<br>
<br>
-Andy<br>
<br>
</body>
</html>

Re: [openupload-devel] Active Directory

[Alessandro B. <ts...@br...>]

Andy Hester ha scritto:
> Right now I have in config.inc.php:
> 
> $CONFIG['register']['nologingroup'] = 'unregistered';
> $CONFIG['register']['default_group'] = 'upload_users';
> 
> does this look correct?
> 
>> AD support checks for every group associated to the user (if it can find 
>> it) and applies the rules on every group. Unless no group has access to 
>> some functionality it denies access to it.
>> AFAIR also nested groups are checked.
>> that's why probably having a "ou" with the openupload groups in there 
>> and bind to that "ou" for the groups would be best. Open Upload won't 
>> find other groups so only thoose are checked in the acl (though don't 
>> use nested groups then).
>>   
> I did create a separate OU for this and it only has upload_users and 
> upload_admins...
> No users are currently members of both groups.
ok

>> Please also check the "unregistered" group in the config.inc.php file, 
>> that should match some group in active directory so you can set rights 
>>   
> as above the only thing I see about an '"unregistered" group in the 
> config.inc.php' is this:
> $CONFIG['register']['nologingroup'] = 'unregistered';
> $CONFIG['register']['default_group'] = 'upload_users';
> 
> Not sure if this is correct. 

if you have an 'unregistered' group in AD this is ok. It's only usefull 
to assign rights to not logged in users. (like download)

the second one is the group to be assigned for User Registration which 
is not supported by AD authentication.

> 
>> for it.
>> ...
>>
>> ok.
>> Looking at the source the fact that you get the "Public Files" means 
>> that the user is not logged in, or that the AD login field is not 
>> correctly populated.
>> Are you sure that in the config.inc.php file the line with associated 
>> fields like this?:
>> $CONFIG['ldap']['userfields'] = array ( 'cn' => 'login', 'name' => 
>> 'name', 'memberof' => 'group_id', 'mail' => 'email');
>>   
> Yes.  I have this line exactly like above.
> 
> Login does work and provides the different rights for upload_admins vs 
> upload_users.
> 
> 
OK the problem is here I think. the 'login' field is not populated for 
some reason.
Probably the 'cn' field is not correct. If you look at the database the 
files do not have any user associated, that is why you see the "Public 
Files" and they are all visible by everybody.

could you try using this insthead then?

$CONFIG['ldap']['uid']='sAMAccountName';
$CONFIG['ldap']['userfields'] = array ( 'sAMAccountName' => 'login', 
'cn' => 'name', 'memberof' => 'group_id', 'mail' => 'email');

Alessandro

Re: [openupload-devel] Active Directory

[Andy H. <and...@eu...>]

Alessandro Briosi wrote:
> hmm, I might think there is something with the "groups" and the 
> "unregistered" group.
>
> It seems the correct group is not associated to the user, or users that 
> are "registered" users are also members of the "unregistered" group.
> This should explain the problems you have.
>   
Right now I have in config.inc.php:

$CONFIG['register']['nologingroup'] = 'unregistered';
$CONFIG['register']['default_group'] = 'upload_users';

does this look correct?

> AD support checks for every group associated to the user (if it can find 
> it) and applies the rules on every group. Unless no group has access to 
> some functionality it denies access to it.
> AFAIR also nested groups are checked.
> that's why probably having a "ou" with the openupload groups in there 
> and bind to that "ou" for the groups would be best. Open Upload won't 
> find other groups so only thoose are checked in the acl (though don't 
> use nested groups then).
>   
I did create a separate OU for this and it only has upload_users and 
upload_admins...
No users are currently members of both groups.
> Please also check the "unregistered" group in the config.inc.php file, 
> that should match some group in active directory so you can set rights 
>   
as above the only thing I see about an '"unregistered" group in the 
config.inc.php' is this:
$CONFIG['register']['nologingroup'] = 'unregistered';
$CONFIG['register']['default_group'] = 'upload_users';

Not sure if this is correct. 

> for it.
> ...
>
> ok.
> Looking at the source the fact that you get the "Public Files" means 
> that the user is not logged in, or that the AD login field is not 
> correctly populated.
> Are you sure that in the config.inc.php file the line with associated 
> fields like this?:
> $CONFIG['ldap']['userfields'] = array ( 'cn' => 'login', 'name' => 
> 'name', 'memberof' => 'group_id', 'mail' => 'email');
>   
Yes.  I have this line exactly like above.

Login does work and provides the different rights for upload_admins vs 
upload_users.


> This behavier is caused by a missing 'login' value when a user logs in.
>
> Alessandro
>
> A

Re: [openupload-devel] Active Directory

[Alessandro B. <ts...@br...>]

hmm, I might think there is something with the "groups" and the 
"unregistered" group.

It seems the correct group is not associated to the user, or users that 
are "registered" users are also members of the "unregistered" group.
This should explain the problems you have.
AD support checks for every group associated to the user (if it can find 
it) and applies the rules on every group. Unless no group has access to 
some functionality it denies access to it.
AFAIR also nested groups are checked.
that's why probably having a "ou" with the openupload groups in there 
and bind to that "ou" for the groups would be best. Open Upload won't 
find other groups so only thoose are checked in the acl (though don't 
use nested groups then).

Please also check the "unregistered" group in the config.inc.php file, 
that should match some group in active directory so you can set rights 
for it.
...

ok.
Looking at the source the fact that you get the "Public Files" means 
that the user is not logged in, or that the AD login field is not 
correctly populated.
Are you sure that in the config.inc.php file the line with associated 
fields like this?:
$CONFIG['ldap']['userfields'] = array ( 'cn' => 'login', 'name' => 
'name', 'memberof' => 'group_id', 'mail' => 'email');

This behavier is caused by a missing 'login' value when a user logs in.

Alessandro

Andy Hester ha scritto:
> Alessandro Briosi wrote:
>> Andy Hester ha scritto:
>>   
>>> 3.  It seems that the 'logout/login' link is broken and always says 
>>> 'login' regardless of context.
>>>     
>> this is pretty odd, I guess I'll have to test AD too. I don't get that 
>> with openLDAP, so maybe it's some acl.
>>
>>   
>>
> Also,
> 
> It seems that when I moved to Active Directory I have a different 
> behavior for file listings.  When logging in as a user, I see a "Public 
> Files" link on the top of the page and not a "My Files" link like I am 
> used to.  Also, users can now see files uploaded by other users.  This 
> may be the result of some change that I made while fiddling with the 
> site as opposed to a bug or such.  For the moment I have just disabled 
> file listing for the users. 
> 
> -Andy
> 
> 
> 
> ------------------------------------------------------------------------
> 
> ------------------------------------------------------------------------------
> Register Now & Save for Velocity, the Web Performance & Operations 
> Conference from O'Reilly Media. Velocity features a full day of 
> expert-led, hands-on workshops and two days of sessions from industry 
> leaders in dedicated Performance & Operations tracks. Use code vel09scf 
> and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Openupload-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openupload-devel

Re: [openupload-devel] Active Directory

[Andy H. <and...@eu...>]

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
  <title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Alessandro Briosi wrote:
<blockquote cite="mid:49F...@br..." type="cite">
  <pre wrap="">
Andy Hester ha scritto:
  </pre>
  <blockquote type="cite">
    <pre wrap="">3.  It seems that the 'logout/login' link is broken and always says 
'login' regardless of context.
    </pre>
  </blockquote>
  <pre wrap=""><!---->this is pretty odd, I guess I'll have to test AD too. I don't get that 
with openLDAP, so maybe it's some acl.

  </pre>
  <br>
</blockquote>
Also,<br>
<br>
It seems that when I moved to Active Directory I have a different
behavior for file listings.&nbsp; When logging in as a user, I see a "Public
Files" link on the top of the page and not a "My Files" link like I am
used to.&nbsp; Also, users can now see files uploaded by other users.&nbsp; This
may be the result of some change that I made while fiddling with the
site as opposed to a bug or such.&nbsp; For the moment I have just disabled
file listing for the users.&nbsp; <br>
<br>
-Andy<br>
<br>
<br>
</body>
</html>

Re: [openupload-devel] bug with templates

[Andy H. <and...@eu...>]

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Alessandro Briosi wrote:
<blockquote cite="mid:49F...@br..." type="cite"><br>
  <pre wrap=""><!---->sure, probably a plugin, but it could be implemented in the templates 
unless you want to keep track of the agreement.
  </pre>
</blockquote>
I don't&nbsp; want to keep track of the users/agreements.&nbsp; I could make do
with the footer mentioned below, but I think the best would be
something like a EULA that the end user has to check every time before
uploading.&nbsp; <br>
<br>
This way, there would be no need to keep track b/c every upload would
require acknowledgment of the appropriate policies.&nbsp; Of course in a
plugin, you could have the option of including the check box with
associated text, or just using the text.<br>
<br>
I'll add a feature request.&nbsp; Also, thanks for sharing this.&nbsp; I think
every company should have it.<br>
<br>
Thanks,<br>
-Andy<br>
<br>
<blockquote cite="mid:49F...@br..." type="cite">
  <pre wrap="">Though this is more for not registered users, or first time users, as 
they should agree with the upload policies of the site you run.
Of couse as you are using AD they are already registered, so probably a 
footer could be also a solution.
I'll think about it. If you feel please report it in the feature 
requests so I won't forget it. :)

Alessandro

------------------------------------------------------------------------------
Crystal Reports &amp;#45; New Free Runtime and 30 Day Trial
Check out the new simplified licensign option that enables unlimited
royalty&amp;#45;free distribution of the report engine for externally facing 
server and web deployment.
<a class="moz-txt-link-freetext" href="http://p.sf.net/sfu/businessobjects">http://p.sf.net/sfu/businessobjects</a>
_______________________________________________
Openupload-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Ope...@li...">Ope...@li...</a>
<a class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/openupload-devel">https://lists.sourceforge.net/lists/listinfo/openupload-devel</a>
  </pre>
</blockquote>
<br>
</body>
</html>

Re: [openupload-devel] bug with templates

[Alessandro B. <ts...@br...>]

Andy Hester ha scritto:
> There seems to be another bug with the web config.  I set a alternate 
> template in config.inc.php.  After visiting the options page, (not 
> changing the template value) the template config was set to ' '.  This 
> defaulted to the default template.
> 
Need to check this, though I'll be probably restructuring the whole 
admin/setup for next version, but it will take some time.

> Also,  I have a feature request.  I think most companies will have a 
> need for a policy disclaimer text to appear on the upload page or send 
> page to display policies about restriction for transferring sensitive 
> information.  Additionally, it would be perfect to have a check box that 
> is required to be checked by the user before proceeding with the upload 
> or send.
> 
> What do you think?
> 
sure, probably a plugin, but it could be implemented in the templates 
unless you want to keep track of the agreement.
Though this is more for not registered users, or first time users, as 
they should agree with the upload policies of the site you run.
Of couse as you are using AD they are already registered, so probably a 
footer could be also a solution.
I'll think about it. If you feel please report it in the feature 
requests so I won't forget it. :)

Alessandro

Re: [openupload-devel] Active Directory

[Alessandro B. <ts...@br...>]

Andy Hester ha scritto:
> So I followed the instructions and got AD working and I have some 
> questions...
> 
good ;)

> 1.  Do you have a listing of permissions? Specifically u,d,g,r,l?  (The 
> rest seem pretty self explanatory).
> 
hmm, not sure if it's in the documentation (which mainly is laking :) )
u -> upload
d and g -> download
r -> remove
l -> personal file list

> 2. Under rights I see a list of all the user groups in our user groups 
> ou which is ~250 groups.  How would be the best way to cut it down to 
> only the 2 I am using?  Can all of these groups use the openupload 
> server if they show "Rights Set? No"?
>
I'd suggest you to create an organizational Unit (ou) which contains 
only the groups you's want to check.
i.e. $CONFIG['ldap']['groupdn']='ou=OpenUploadGroups,dc=mydomain,dc=local';
and put the groups under that OU in AD.

Otherwise you'll probably would have to change the ldap auth to do a 
different query for the groups. We might think on improving it in next 
release.

> 3.  It seems that the 'logout/login' link is broken and always says 
> 'login' regardless of context.
this is pretty odd, I guess I'll have to test AD too. I don't get that 
with openLDAP, so maybe it's some acl.

> 
> 4.  Does it seem reasonable to just hide the user and group links if 
> ldap is configured in config.inc.php?
>
User and Group admin is not supported by the ldap auth method so it is 
reasonable, they should not be displayed yes, this is a bug.


Alessandro

[openupload-devel] bug with templates

[Andy H. <and...@eu...>]

There seems to be another bug with the web config.  I set a alternate 
template in config.inc.php.  After visiting the options page, (not 
changing the template value) the template config was set to ' '.  This 
defaulted to the default template.

Also,  I have a feature request.  I think most companies will have a 
need for a policy disclaimer text to appear on the upload page or send 
page to display policies about restriction for transferring sensitive 
information.  Additionally, it would be perfect to have a check box that 
is required to be checked by the user before proceeding with the upload 
or send.

What do you think?

-Andy

Re: [openupload-devel] Active Directory

[Andy H. <and...@eu...>]

So I followed the instructions and got AD working and I have some 
questions...

1.  Do you have a listing of permissions? Specifically u,d,g,r,l?  (The 
rest seem pretty self explanatory).

2. Under rights I see a list of all the user groups in our user groups 
ou which is ~250 groups.  How would be the best way to cut it down to 
only the 2 I am using?  Can all of these groups use the openupload 
server if they show "Rights Set? No"?

3.  It seems that the 'logout/login' link is broken and always says 
'login' regardless of context.

4.  Does it seem reasonable to just hide the user and group links if 
ldap is configured in config.inc.php?

After fiddling around a little with the permissions, I am trying to make 
sure that I have the permissions set correctly. 

Thanks,
Andy

Re: [openupload-devel] Active Directory

[Alessandro B. <ts...@br...>]

On Thu, 23 Apr 2009 13:34:17 -0500, Andy Hester
<and...@eu...> wrote:
> Alessandro Briosi wrote:
>> Sure,
>> I had this working with AD. (haven't tested it for some time now, but it

>> should just work) (LDAP works as I have it working at my office).
>>
>> The best way to set it up is:
>> 1. Run the setup script and put the same groups in the configuration 
>> that you will be using in the AD configuration.
>>   
> I don't recall ever running this script.  I think I just edited the 
> config.inc.php file.  When I go to the setup.inc.php in a browser I get 
> an access denied message.
> 
> I am quite sure that I am just being a little dense atm, but I can't 
> seem to get this to work.
> I did edit the config file for AD,  but I guess I am not sure how to 
> tell openupload which groups map to which AD groups, etc.  I think the 
> part I am not getting right is here:
> 
ok so you probably got that 'cause it was not there with version 0.3 from
which you upgraded.

>> # $CONFIG['ldap']['basedn'] = 'dc=yourdomain,dc=local';
>> # $CONFIG['ldap']['userdn'] = 'dc=yourdomain,dc=local';
>> # $CONFIG['ldap']['userclass']='user';
>> # $CONFIG['ldap']['uid']='cn';
>> # $CONFIG['ldap']['userfields'] = array ( 'cn' => 'login', 'name' => 
>> 'name', 'memberof' => 'group_id', 'mail' => 'email');
>> # $CONFIG['ldap']['groupdn'] = 'dc=roverdom,dc=local';
>> # $CONFIG['ldap']['groupclass']='group';
>> # $CONFIG['ldap']['gid']='distinguishedname';
>> # $CONFIG['ldap']['groupfields'] = array ( 'cn' => 'name', 'name' => 
>> 'description' );
>>   
> Also, is it correct to assume that one this config file is correct that 
> this will work, or are there other things that must be done with the 
> database, etc?
> 
Yes, you would have to map the groups in the database, changing the names
to the ones that match the AD ones.

The easiest way would be to rename the config.inc.php file, then run the
setup (simply point to the openupload folder with the browser, not to the
setup.php script directly, it will automatically load the setup script if
it does not find the config.inc.php,
i.e. http://mydomain.com/openupload/www/ I assume you are using version 0.4
now)

Assign the correct settings for the database and populate it accordingly
(check the groups, and select the mode you'd prefer i.e. restricted).
Once setup is over put back the config.inc.php you had (unless you want to
configure with the new one) and it should work.

Another way would be to change the acl table in the database to match the
groups of active directory, if you already done configurations, though
you'll later have to fix the plugin acl and options too.

Alessandro

P.S. If you try to login and it simply re-displays the login screen
(without a "login incorrect" message), AD is working, but the ACL are not
correct.

Re: [openupload-devel] Active Directory

[Andy H. <and...@eu...>]

Alessandro Briosi wrote:
> Sure,
> I had this working with AD. (haven't tested it for some time now, but it 
> should just work) (LDAP works as I have it working at my office).
>
> The best way to set it up is:
> 1. Run the setup script and put the same groups in the configuration 
> that you will be using in the AD configuration.
>   
I don't recall ever running this script.  I think I just edited the 
config.inc.php file.  When I go to the setup.inc.php in a browser I get 
an access denied message.

I am quite sure that I am just being a little dense atm, but I can't 
seem to get this to work.
I did edit the config file for AD,  but I guess I am not sure how to 
tell openupload which groups map to which AD groups, etc.  I think the 
part I am not getting right is here:

> # $CONFIG['ldap']['basedn'] = 'dc=yourdomain,dc=local';
> # $CONFIG['ldap']['userdn'] = 'dc=yourdomain,dc=local';
> # $CONFIG['ldap']['userclass']='user';
> # $CONFIG['ldap']['uid']='cn';
> # $CONFIG['ldap']['userfields'] = array ( 'cn' => 'login', 'name' => 
> 'name', 'memberof' => 'group_id', 'mail' => 'email');
> # $CONFIG['ldap']['groupdn'] = 'dc=roverdom,dc=local';
> # $CONFIG['ldap']['groupclass']='group';
> # $CONFIG['ldap']['gid']='distinguishedname';
> # $CONFIG['ldap']['groupfields'] = array ( 'cn' => 'name', 'name' => 
> 'description' );
>   
Also, is it correct to assume that one this config file is correct that 
this will work, or are there other things that must be done with the 
database, etc?

Thanks again,
-Andy

Re: [openupload-devel] Active Directory

[Alessandro B. <ts...@br...>]

Sure,
I had this working with AD. (haven't tested it for some time now, but it 
should just work) (LDAP works as I have it working at my office).

The best way to set it up is:
1. Run the setup script and put the same groups in the configuration 
that you will be using in the AD configuration.
You'll probably want to create a user which can access the AD in 
readonly so it can query users info (groups, name, email)
i.e.
registered -> Domain Users
admins -> Domain Admins
unregistered -> this does not matter (leave it unregistered)

Or change actual configuration adding thoose groups.

2. Populate the database with your preferred settings.

3. Then edit the config.inc.php and add the following, replacing the 
values with your setup:
/* Active Directory */
# $CONFIG['ldap']['host'] = '127.0.0.1';
/* specify that it is an Active directory */
# $CONFIG['ldap']['type'] = 'AD';
# $CONFIG['ldap']['user'] = 'rea...@ro...';
# $CONFIG['ldap']['password'] = 'readonlypassword';
/* DOMAIN for user login */
# $CONFIG['ldap']['domain'] = 'yourdomain.local';
# $CONFIG['ldap']['basedn'] = 'dc=yourdomain,dc=local';
# $CONFIG['ldap']['userdn'] = 'dc=yourdomain,dc=local';
# $CONFIG['ldap']['userclass']='user';
# $CONFIG['ldap']['uid']='cn';
# $CONFIG['ldap']['userfields'] = array ( 'cn' => 'login', 'name' => 
'name', 'memberof' => 'group_id', 'mail' => 'email');
# $CONFIG['ldap']['groupdn'] = 'dc=roverdom,dc=local';
# $CONFIG['ldap']['groupclass']='group';
# $CONFIG['ldap']['gid']='distinguishedname';
# $CONFIG['ldap']['groupfields'] = array ( 'cn' => 'name', 'name' => 
'description' );

4. Change the authentication from "default" to "ldap"
This will ignore all group and users that the db has, but at least if 
anything goes wrong you'll be able to switch back to default auth.

Also note that I found a bug with current version. If you use the Admin 
page to change the settings the ldap/AD configuration will be broken as 
it does not currently handle the ARRAY values for "userfields" and 
"groupfields" so if you have to change the config, edit the config file 
for now.

Somebody also suggested to associate the login field insthead of 'cn' to 
   'sAMAccountName' like:
$CONFIG['ldap']['uid']='sAMAccountName';
$CONFIG['ldap']['userfields'] = array ( 'sAMAccountName' => 'login', 
'cn' => 'name', 'memberof' => 'group_id', 'mail' => 'email');

Hope this helps.
Alessandro

Andy Hester ha scritto:
> Has anyone gotten AD authentication working?  I have tried it here, but 
> I can't seem to get it to work.  I have several other websites that 
> query AD here so it should work with the right configuration.
> 
> Any help would be appreciated.
> 
> Thanks,
> -Andy
> 
> 
> ------------------------------------------------------------------------------
> Stay on top of everything new and different, both inside and 
> around Java (TM) technology - register by April 22, and save
> $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
> 300 plus technical and hands-on sessions. Register today. 
> Use priority code J9JMT32. http://p.sf.net/sfu/p
> _______________________________________________
> Openupload-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openupload-devel

Re: [openupload-devel] File upload size

[Alessandro B. <ts...@br...>]

which of them was the problem/solution?

Andy Hester ha scritto:
> Alessandro Briosi wrote:
>> there are 2 settings to change in the php.ini
>>
>> upload_max_filesize and post_max_size
>>
>> Also check that if you have the AllowOverride FileInfo (or All) in apache
>> then there is a .htaccess with 200Mb limit inside the www directory.
>> check the apache logs for more info
>>
>> Alessandro
>>   
> Thanks,
> 
> This fixed it for me. 
> 
> -Andy
> 
> 
> ------------------------------------------------------------------------------
> Stay on top of everything new and different, both inside and 
> around Java (TM) technology - register by April 22, and save
> $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
> 300 plus technical and hands-on sessions. Register today. 
> Use priority code J9JMT32. http://p.sf.net/sfu/p
> _______________________________________________
> Openupload-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openupload-devel

[openupload-devel] Active Directory

[Andy H. <and...@eu...>]

Has anyone gotten AD authentication working?  I have tried it here, but 
I can't seem to get it to work.  I have several other websites that 
query AD here so it should work with the right configuration.

Any help would be appreciated.

Thanks,
-Andy

Re: [openupload-devel] File upload size

[Andy H. <and...@eu...>]

Alessandro Briosi wrote:
> there are 2 settings to change in the php.ini
>
> upload_max_filesize and post_max_size
>
> Also check that if you have the AllowOverride FileInfo (or All) in apache
> then there is a .htaccess with 200Mb limit inside the www directory.
> check the apache logs for more info
>
> Alessandro
>   
Thanks,

This fixed it for me. 

-Andy

Re: [openupload-devel] File upload size

[Alessandro B. <ts...@br...>]

there are 2 settings to change in the php.ini

upload_max_filesize and post_max_size

Also check that if you have the AllowOverride FileInfo (or All) in apache
then there is a .htaccess with 200Mb limit inside the www directory.
check the apache logs for more info

Alessandro

P.S. I have found that the upload tracking method if enabled might create
problems for the file size errors of the file.
Maybe disabling it teporarly while you fix the issue is better.



On Tue, 21 Apr 2009 13:46:13 -0500, Andy Hester
<and...@eu...> wrote:
> Hello all,
> 
> I am trying to increase the file size limit for uploads to say around 
> 800MB.  I have changed the setting in config.inc.php to 800.
> 
> The browser begins the upload - 'Uploading:Please wait' but then at some 
> point (around 2 minutes?) just reloads the upload page and there is no 
> trace of the file and no error message on the upload.
> 
> I have adjusted items in php.ini and apache2.conf but still no joy.  
> Also upgraded to .4 release.
> 
> 
> Any ideas?
> 
> Thanks,
> Andy
> 
>
------------------------------------------------------------------------------
> Stay on top of everything new and different, both inside and 
> around Java (TM) technology - register by April 22, and save
> $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
> 300 plus technical and hands-on sessions. Register today. 
> Use priority code J9JMT32. http://p.sf.net/sfu/p
> _______________________________________________
> Openupload-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openupload-devel

[openupload-devel] File upload size

[Andy H. <and...@eu...>]

Hello all,

I am trying to increase the file size limit for uploads to say around 
800MB.  I have changed the setting in config.inc.php to 800.

The browser begins the upload - 'Uploading:Please wait' but then at some 
point (around 2 minutes?) just reloads the upload page and there is no 
trace of the file and no error message on the upload.

I have adjusted items in php.ini and apache2.conf but still no joy.  
Also upgraded to .4 release.


Any ideas?

Thanks,
Andy

[openupload-devel] Open Upload v0.4 released

[Alessandro B. <ts...@br...>]

Hi list,
Open Upload v0.4 is now available for download.

There were only a few minor bugs fixed from the rc1.

Regards,
Alessandro

--------------------------------------
Major new features are (from rc1):

Enhancements:
- File listing for users
- Shorter links support
- Apply same protection to file removal as in the download

Translations:
- Updated French (Fabrice Crohas)
- Updated German (Stefan Koshold / Peter Velan)
- Updated Italian (myself)
- Added Chinese (Robin He.Chu)

Re: [openupload-devel] Assigning files to groups

[Alessandro B. <ts...@br...>]

It looks fine :)

Thanks.

Jochen Derwae ha scritto:
> Ok, here's a first patch, minor one (I found a few small marup errors in
> setup.inc.php)
> 
> I hope the file is usable, I made it with eclipse and it's actually the
> first time I'm making/sending a patch (-;
> 
> jochen
> 
> -----Original Message-----
> From: Alessandro Briosi [mailto:ts...@br...] 
> Sent: woensdag 15 april 2009 23:18
> To: OpenUpload Delvel and General talk
> Subject: Re: [openupload-devel] Assigning files to groups
> 
> 
>>  
>> Also, the way I configured my test install, a particular user group 
>> can't do anything except login. This is due to the fact that that 
>> group doesn't
> have
>> upload rights. So no one can actually add files to those user 
>> accounts. I think the features I'm proposing would add valuable 
>> features to
> OpenUpload.
>> I'll be looking over the code some more, the next few days. I should 
>> be able to find out how I should accomplish my goals, although it 
>> would be nice
> if
>> you could give me some pointers where to look. If I can convince you 
>> to include my changes in a next release, I'd be happy to contribute.
>>
> Sure, anything that improves it would get in :) Also, as documentation is
> lacking, feel free to ask on the ML.
>   
>> So the two (ok, three by now) additions I'm looking for are:
>> - make a group the owner of a file
> imho this is the most tricky part. As it's implemented now the DB modules
> don't cope with joins well.
> I'll probably will be changing/extending the current implementation in the
> next release which should make db query more versatile, and change the txtdb
> to something like galdius. Probably will change some db structures too.
> 
>> - provide a dialog to chnage the file ownership
> once the first part is completed, this should not be so difficult
> 
>> - add an expiration date to a useraccount (possibly with a default
> timespan
>> from the group)
> 
> This should be easily implemented with a plugin and using the "active"
> field.  
> 
> Alessandro
> 
> ----------------------------------------------------------------------------
> --
> _______________________________________________
> Openupload-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openupload-devel
> 
> 
> ------------------------------------------------------------------------
> 
> ------------------------------------------------------------------------------
> Stay on top of everything new and different, both inside and 
> around Java (TM) technology - register by April 22, and save
> $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco.
> 300 plus technical and hands-on sessions. Register today. 
> Use priority code J9JMT32. http://p.sf.net/sfu/p
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Openupload-devel mailing list
> Ope...@li...
> https://lists.sourceforge.net/lists/listinfo/openupload-devel

Re: [openupload-devel] Assigning files to groups

[Jochen D. <jo...@co...>]

Ok, here's a first patch, minor one (I found a few small marup errors in
setup.inc.php)

I hope the file is usable, I made it with eclipse and it's actually the
first time I'm making/sending a patch (-;

jochen

-----Original Message-----
From: Alessandro Briosi [mailto:ts...@br...] 
Sent: woensdag 15 april 2009 23:18
To: OpenUpload Delvel and General talk
Subject: Re: [openupload-devel] Assigning files to groups


>  
> Also, the way I configured my test install, a particular user group 
> can't do anything except login. This is due to the fact that that 
> group doesn't
have
> upload rights. So no one can actually add files to those user 
> accounts. I think the features I'm proposing would add valuable 
> features to
OpenUpload.
> I'll be looking over the code some more, the next few days. I should 
> be able to find out how I should accomplish my goals, although it 
> would be nice
if
> you could give me some pointers where to look. If I can convince you 
> to include my changes in a next release, I'd be happy to contribute.
>
Sure, anything that improves it would get in :) Also, as documentation is
lacking, feel free to ask on the ML.
  
> So the two (ok, three by now) additions I'm looking for are:
> - make a group the owner of a file
imho this is the most tricky part. As it's implemented now the DB modules
don't cope with joins well.
I'll probably will be changing/extending the current implementation in the
next release which should make db query more versatile, and change the txtdb
to something like galdius. Probably will change some db structures too.

> - provide a dialog to chnage the file ownership
once the first part is completed, this should not be so difficult

> - add an expiration date to a useraccount (possibly with a default
timespan
> from the group)

This should be easily implemented with a plugin and using the "active"
field.  

Alessandro

----------------------------------------------------------------------------
--
_______________________________________________
Openupload-devel mailing list
Ope...@li...
https://lists.sourceforge.net/lists/listinfo/openupload-devel