you'll need to generate a crypt password with some php or other code and then replace it in the database.
i.e. from a shell
php -r 'echo crypt("test")."\n";'
whould generate the password.
P.S. Be sure the password field is large enough to conain the whole password.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
Anonymous
-
2013-01-21
Thanks for your quick response Alessandro.
I managed to update the password field with the new crypt,
but I cannot login with it. I also checked the field length (varchar(100)) it contains the whole crypt.
Sorry for deviating a little bit from the initial subject but I think it could be interesting for some users in trouble too.
I think I have a mistake in the authentication process (I manage to login with AD users).
hmm, wait.
Are you using ldap or default auth?
If on ldap, you'll have to use another method to change ldap passwords (openupload does not handle password change for the users in ldap/AD)
If on mysql (default) then I have no idea on why it should fail.
I'd try changing the auth to default and see if you can login.
then change it back to ldap and check if it's working.
It AD/ldap auth is not working then you probably have a configuration mistake.
If you can login with normal users then probably you have a problem with the configuration of the group search. By default OpenUpload grants the "Domain Users" group to all users which are authenticated. So with your acl file uploads are allowed.
Be sure you set the gid field.
I'll need more information to debug this, but check all other tickets which mention AD problems, you'll probably find the correct configuration.
Alessandro
P.S. If I recall correctly on newer AD (2008 up) all fields are lowercase.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
Anonymous
-
2013-01-30
Ok, I thought it was possible to use local auth first and then, if there is no match, use AD.
Anyway, I'd like to use AD auth only and give "Domain Admins" access to the admin web interface.
Actually, I switch to local auth and use the local admin account to access the admin web interface.
Which are the modifications needed ?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
you'll need to generate a crypt password with some php or other code and then replace it in the database.
i.e. from a shell
php -r 'echo crypt("test")."\n";'
whould generate the password.
P.S. Be sure the password field is large enough to conain the whole password.
Thanks for your quick response Alessandro.
I managed to update the password field with the new crypt,
but I cannot login with it. I also checked the field length (varchar(100)) it contains the whole crypt.
Sorry for deviating a little bit from the initial subject but I think it could be interesting for some users in trouble too.
I think I have a mistake in the authentication process (I manage to login with AD users).
Could you help ?
Some lines related to auth in my config.inc.php :
$CONFIG['auth'] = 'ldap';
$CONFIG['register']['nologingroup'] = 'unregistered';
$CONFIG['register']['default_group'] = 'registered';
Here are my users and acl tables :
+----+-------+------------------------------------+---------------+------------+----------------------+------+---------------------+-------+--------+
| id | login | password | name | group_name | email | lang | reg_date | regid | active |
+----+-------+------------------------------------+---------------+------------+----------------------+------+---------------------+-------+--------+
| 1 | admin | $1$2JPiShlB$yskiU1XlVMSpmKENN1Q1F. | Administrator | admins | yann@toto.fr | fr | 2009-01-01 00:00:00 | | 1 |
+----+-------+------------------------------------+---------------+------------+----------------------+------+---------------------+-------+--------+
mysql> select * from acl;
+----+--------+----------+-----------------+--------+
| id | module | action | group_name | access |
+----+--------+----------+-----------------+--------+
| 46 | * | * | admins | allow |
| 45 | admin | * | admins | allow |
| 3 | admin | * | * | deny |
| 4 | auth | login | unregistered | allow |
| 5 | auth | register | * | deny |
| 6 | auth | * | unregistered | deny |
| 7 | auth | * | * | allow |
| 8 | files | d | unregistered | allow |
| 9 | files | g | unregistered | allow |
| 10 | files | * | unregistered | deny |
| 11 | files | * | * | allow |
| 85 | files | * | OpenUploadAdmin | allow |
| 86 | admin | * | OpenUploadAdmin | allow |
| 87 | * | * | OpenUploadAdmin | allow |
+----+--------+----------+-----------------+--------+
Yann
hmm, wait.
Are you using ldap or default auth?
If on ldap, you'll have to use another method to change ldap passwords (openupload does not handle password change for the users in ldap/AD)
If on mysql (default) then I have no idea on why it should fail.
I'd try changing the auth to default and see if you can login.
then change it back to ldap and check if it's working.
It AD/ldap auth is not working then you probably have a configuration mistake.
If you can login with normal users then probably you have a problem with the configuration of the group search. By default OpenUpload grants the "Domain Users" group to all users which are authenticated. So with your acl file uploads are allowed.
Be sure you set the gid field.
I'll need more information to debug this, but check all other tickets which mention AD problems, you'll probably find the correct configuration.
Alessandro
P.S. If I recall correctly on newer AD (2008 up) all fields are lowercase.
Ok, I thought it was possible to use local auth first and then, if there is no match, use AD.
Anyway, I'd like to use AD auth only and give "Domain Admins" access to the admin web interface.
Actually, I switch to local auth and use the local admin account to access the admin web interface.
Which are the modifications needed ?
You'll need to give "Domain Admins" the admin rights in the ACL
Thanks a lot. It works.
I just give the admin rights to the AD group in ACL.
And samaccountname must be in lower case as I saw in other ticket.
Yann