webadmin-list

[webmin-l] auto entering attributes LDAP_Useradmin

[Craig W. <cra...@az...>]

I'm having an issue auto entering attributes in LDAP Useradmin when
creating new users - these auto entries simply aren't created though the
objectclass 'apple-user' is added and other samba attributes get
automatically entered. Also, if I manually add these entries below
(longhand - no ${USER} ), the entries are created.

1 - apple-user-homeDirectory, values typically look like

   /Network/Servers/srv1.example.com/NetUsers/administrator

so my auto enter looks like

apple-user-homeDirectory /Network/Servers/srv1.example.com/NetUsers/${USER}

2 - apple-user-homeurl, values typically look like


<home_dir><url>afp://srv1.example.com/NetUsers/</url><path>administrator</path></home_dir>

(actually, it appears that these values are Base64 encoded when saved in
DSA)

so my auto enter looks like

<home_dir><url>afp://srv1.example.com/NetUsers/</url><path>${USER}</path></home_dir>

so it leaves me wondering if I somehow need to escape these auto entries
so they process properly in your perl scripts.

Suggestions?

Craig

Re: [webmin-l] auto entering attributes LDAP_Useradmin

[Jamie C. <jca...@we...>]

On 7/Oct/2006 19:46 Craig White wrote ..
> I'm having an issue auto entering attributes in LDAP Useradmin when
> creating new users - these auto entries simply aren't created though the
> objectclass 'apple-user' is added and other samba attributes get
> automatically entered. Also, if I manually add these entries below
> (longhand - no ${USER} ), the entries are created.
> 
> 1 - apple-user-homeDirectory, values typically look like
> 
>    /Network/Servers/srv1.example.com/NetUsers/administrator
> 
> so my auto enter looks like
> 
> apple-user-homeDirectory /Network/Servers/srv1.example.com/NetUsers/${USER}
> 
> 2 - apple-user-homeurl, values typically look like
> 
> 
> <home_dir><url>afp://srv1.example.com/NetUsers/</url><path>administrator</path></home_dir>
> 
> (actually, it appears that these values are Base64 encoded when saved in
> DSA)
> 
> so my auto enter looks like
> 
> <home_dir><url>afp://srv1.example.com/NetUsers/</url><path>${USER}</path></home_dir>
> 
> so it leaves me wondering if I somehow need to escape these auto entries
> so they process properly in your perl scripts.
> 
> Suggestions?

Is ${USER} a substitution done by the LDAP server, or by Webmin? Normally when you
specific an extra LDAP attribute like ${SOMETHING}, it will be replaced when the user
is saved with some attribute of the new user..

What did you mean by 'escape the auto extries' exactly?

 - Jamie

Re: [webmin-l] auto entering attributes LDAP_Useradmin

[Craig W. <cra...@az...>]

On Sat, 2006-10-07 at 21:40 -0700, Jamie Cameron wrote:
> On 7/Oct/2006 19:46 Craig White wrote ..
> > I'm having an issue auto entering attributes in LDAP Useradmin when
> > creating new users - these auto entries simply aren't created though the
> > objectclass 'apple-user' is added and other samba attributes get
> > automatically entered. Also, if I manually add these entries below
> > (longhand - no ${USER} ), the entries are created.
> > 
> > 1 - apple-user-homeDirectory, values typically look like
> > 
> >    /Network/Servers/srv1.example.com/NetUsers/administrator
> > 
> > so my auto enter looks like
> > 
> > apple-user-homeDirectory /Network/Servers/srv1.example.com/NetUsers/${USER}
> > 
> > 2 - apple-user-homeurl, values typically look like
> > 
> > 
> > <home_dir><url>afp://srv1.example.com/NetUsers/</url><path>administrator</path></home_dir>
> > 
> > (actually, it appears that these values are Base64 encoded when saved in
> > DSA)
> > 
> > so my auto enter looks like
> > 
> > <home_dir><url>afp://srv1.example.com/NetUsers/</url><path>${USER}</path></home_dir>
> > 
> > so it leaves me wondering if I somehow need to escape these auto entries
> > so they process properly in your perl scripts.
> > 
> > Suggestions?
> 
> Is ${USER} a substitution done by the LDAP server, or by Webmin? Normally when you
> specific an extra LDAP attribute like ${SOMETHING}, it will be replaced when the user
> is saved with some attribute of the new user..
----
${USER} is something I have only used in webmin ldap_useradmin config so
that it replaces that token with the actual 'account' that it is
creating (the uid)
----
> 
> What did you mean by 'escape the auto extries' exactly?
----
It's odd but if I put these entries in 'LDAP Properties for all new
users'...

apple-user-homeDirectory /Network/Servers/srv1.example.com/NetUsers/${USER}

<home_dir><url>afp://srv1.example.com/NetUsers/</url><path>${USER}</path></home_dir>

both are ignored when I create the user.

When I edit the already created user and enter something like (using
ldap_useradmin):

/Network/Servers/srv1.example.com/NetUsers/administrator
   in apple-user-homeDirectory 

<home_dir><url>afp://srv1.example.com/NetUsers/</url><path>administrator</path></home_dir>
   in apple-user-homeurl

They are accepted

Craig

Re: [webmin-l] auto entering attributes LDAP_Useradmin

[Jamie C. <jca...@we...>]

On 7/Oct/2006 22:49 Craig White wrote ..
> On Sat, 2006-10-07 at 21:40 -0700, Jamie Cameron wrote:
> > On 7/Oct/2006 19:46 Craig White wrote ..
> > > I'm having an issue auto entering attributes in LDAP Useradmin when
> > > creating new users - these auto entries simply aren't created though
> the
> > > objectclass 'apple-user' is added and other samba attributes get
> > > automatically entered. Also, if I manually add these entries below
> > > (longhand - no ${USER} ), the entries are created.
> > > 
> > > 1 - apple-user-homeDirectory, values typically look like
> > > 
> > >    /Network/Servers/srv1.example.com/NetUsers/administrator
> > > 
> > > so my auto enter looks like
> > > 
> > > apple-user-homeDirectory /Network/Servers/srv1.example.com/NetUsers/${USER}
> > > 
> > > 2 - apple-user-homeurl, values typically look like
> > > 
> > > 
> > > <home_dir><url>afp://srv1.example.com/NetUsers/</url><path>administrator</path></home_dir>
> > > 
> > > (actually, it appears that these values are Base64 encoded when saved
> in
> > > DSA)
> > > 
> > > so my auto enter looks like
> > > 
> > > <home_dir><url>afp://srv1.example.com/NetUsers/</url><path>${USER}</path></home_dir>
> > > 
> > > so it leaves me wondering if I somehow need to escape these auto entries
> > > so they process properly in your perl scripts.
> > > 
> > > Suggestions?
> > 
> > Is ${USER} a substitution done by the LDAP server, or by Webmin? Normally
> when you
> > specific an extra LDAP attribute like ${SOMETHING}, it will be replaced
> when the user
> > is saved with some attribute of the new user..
> ----
> ${USER} is something I have only used in webmin ldap_useradmin config so
> that it replaces that token with the actual 'account' that it is
> creating (the uid)
> ----
> > 
> > What did you mean by 'escape the auto extries' exactly?
> ----
> It's odd but if I put these entries in 'LDAP Properties for all new
> users'...
> 
> apple-user-homeDirectory /Network/Servers/srv1.example.com/NetUsers/${USER}
> 
> <home_dir><url>afp://srv1.example.com/NetUsers/</url><path>${USER}</path></home_dir>
> 
> both are ignored when I create the user.
> 
> When I edit the already created user and enter something like (using
> ldap_useradmin):
> 
> /Network/Servers/srv1.example.com/NetUsers/administrator
>    in apple-user-homeDirectory 
> 
> <home_dir><url>afp://srv1.example.com/NetUsers/</url><path>administrator</path></home_dir>
>    in apple-user-homeurl
> 
> They are accepted

I think I know the reason - on the Module Config page, you need to enter these extra
attributes in the format :

apple-user-homeDirectory: /Network/Servers/srv1.example.com/NetUsers/${USER}
apple-user-homeurl: <home_dir><url>afp://srv1.example.com/NetUsers/</url><path>${USER}</path></home_dir>

Note the colon after the attribute name. I will add a comment about this on the Module
Config page in the next Webmin release.

 - Jamie

Re: [webmin-l] auto entering attributes LDAP_Useradmin

[Craig W. <cra...@az...>]

On Sun, 2006-10-08 at 10:40 -0700, Jamie Cameron wrote:
> On 7/Oct/2006 22:49 Craig White wrote ..
> > On Sat, 2006-10-07 at 21:40 -0700, Jamie Cameron wrote:
> > > On 7/Oct/2006 19:46 Craig White wrote ..
> > > > I'm having an issue auto entering attributes in LDAP Useradmin when
> > > > creating new users - these auto entries simply aren't created though
> > the
> > > > objectclass 'apple-user' is added and other samba attributes get
> > > > automatically entered. Also, if I manually add these entries below
> > > > (longhand - no ${USER} ), the entries are created.
> > > > 
> > > > 1 - apple-user-homeDirectory, values typically look like
> > > > 
> > > >    /Network/Servers/srv1.example.com/NetUsers/administrator
> > > > 
> > > > so my auto enter looks like
> > > > 
> > > > apple-user-homeDirectory /Network/Servers/srv1.example.com/NetUsers/${USER}
> > > > 
> > > > 2 - apple-user-homeurl, values typically look like
> > > > 
> > > > 
> > > > <home_dir><url>afp://srv1.example.com/NetUsers/</url><path>administrator</path></home_dir>
> > > > 
> > > > (actually, it appears that these values are Base64 encoded when saved
> > in
> > > > DSA)
> > > > 
> > > > so my auto enter looks like
> > > > 
> > > > <home_dir><url>afp://srv1.example.com/NetUsers/</url><path>${USER}</path></home_dir>
> > > > 
> > > > so it leaves me wondering if I somehow need to escape these auto entries
> > > > so they process properly in your perl scripts.
> > > > 
> > > > Suggestions?
> > > 
> > > Is ${USER} a substitution done by the LDAP server, or by Webmin? Normally
> > when you
> > > specific an extra LDAP attribute like ${SOMETHING}, it will be replaced
> > when the user
> > > is saved with some attribute of the new user..
> > ----
> > ${USER} is something I have only used in webmin ldap_useradmin config so
> > that it replaces that token with the actual 'account' that it is
> > creating (the uid)
> > ----
> > > 
> > > What did you mean by 'escape the auto extries' exactly?
> > ----
> > It's odd but if I put these entries in 'LDAP Properties for all new
> > users'...
> > 
> > apple-user-homeDirectory /Network/Servers/srv1.example.com/NetUsers/${USER}
> > 
> > <home_dir><url>afp://srv1.example.com/NetUsers/</url><path>${USER}</path></home_dir>
> > 
> > both are ignored when I create the user.
> > 
> > When I edit the already created user and enter something like (using
> > ldap_useradmin):
> > 
> > /Network/Servers/srv1.example.com/NetUsers/administrator
> >    in apple-user-homeDirectory 
> > 
> > <home_dir><url>afp://srv1.example.com/NetUsers/</url><path>administrator</path></home_dir>
> >    in apple-user-homeurl
> > 
> > They are accepted
> 
> I think I know the reason - on the Module Config page, you need to enter these extra
> attributes in the format :
> 
> apple-user-homeDirectory: /Network/Servers/srv1.example.com/NetUsers/${USER}
> apple-user-homeurl: <home_dir><url>afp://srv1.example.com/NetUsers/</url><path>${USER}</path></home_dir>
> 
> Note the colon after the attribute name. I will add a comment about this on the Module
> Config page in the next Webmin release.
----
indeed - that made the difference. Curious that I also had it
auto-entering a value for calFBURL (horde/imp schema) without the colon
and it entered fine but also in checking, the samba attributes that are
automatically added, I did have the colon.

In the interest of clarity, I don't have a colon in 'Extra LDAP User
properties to allow editing...' - should I be adding a colon after the
attribute?

Craig

Re: [webmin-l] auto entering attributes LDAP_Useradmin

[Jamie C. <jca...@we...>]

On 8/Oct/2006 11:55 Craig White wrote ..
> On Sun, 2006-10-08 at 10:40 -0700, Jamie Cameron wrote:
> > On 7/Oct/2006 22:49 Craig White wrote ..
> > > On Sat, 2006-10-07 at 21:40 -0700, Jamie Cameron wrote:
> > > > On 7/Oct/2006 19:46 Craig White wrote ..
> > > > > I'm having an issue auto entering attributes in LDAP Useradmin
> when
> > > > > creating new users - these auto entries simply aren't created though
> > > the
> > > > > objectclass 'apple-user' is added and other samba attributes get
> > > > > automatically entered. Also, if I manually add these entries below
> > > > > (longhand - no ${USER} ), the entries are created.
> > > > > 
> > > > > 1 - apple-user-homeDirectory, values typically look like
> > > > > 
> > > > >    /Network/Servers/srv1.example.com/NetUsers/administrator
> > > > > 
> > > > > so my auto enter looks like
> > > > > 
> > > > > apple-user-homeDirectory /Network/Servers/srv1.example.com/NetUsers/${USER}
> > > > > 
> > > > > 2 - apple-user-homeurl, values typically look like
> > > > > 
> > > > > 
> > > > > <home_dir><url>afp://srv1.example.com/NetUsers/</url><path>administrator</path></home_dir>
> > > > > 
> > > > > (actually, it appears that these values are Base64 encoded when
> saved
> > > in
> > > > > DSA)
> > > > > 
> > > > > so my auto enter looks like
> > > > > 
> > > > > <home_dir><url>afp://srv1.example.com/NetUsers/</url><path>${USER}</path></home_dir>
> > > > > 
> > > > > so it leaves me wondering if I somehow need to escape these auto
> entries
> > > > > so they process properly in your perl scripts.
> > > > > 
> > > > > Suggestions?
> > > > 
> > > > Is ${USER} a substitution done by the LDAP server, or by Webmin?
> Normally
> > > when you
> > > > specific an extra LDAP attribute like ${SOMETHING}, it will be replaced
> > > when the user
> > > > is saved with some attribute of the new user..
> > > ----
> > > ${USER} is something I have only used in webmin ldap_useradmin config
> so
> > > that it replaces that token with the actual 'account' that it is
> > > creating (the uid)
> > > ----
> > > > 
> > > > What did you mean by 'escape the auto extries' exactly?
> > > ----
> > > It's odd but if I put these entries in 'LDAP Properties for all new
> > > users'...
> > > 
> > > apple-user-homeDirectory /Network/Servers/srv1.example.com/NetUsers/${USER}
> > > 
> > > <home_dir><url>afp://srv1.example.com/NetUsers/</url><path>${USER}</path></home_dir>
> > > 
> > > both are ignored when I create the user.
> > > 
> > > When I edit the already created user and enter something like (using
> > > ldap_useradmin):
> > > 
> > > /Network/Servers/srv1.example.com/NetUsers/administrator
> > >    in apple-user-homeDirectory 
> > > 
> > > <home_dir><url>afp://srv1.example.com/NetUsers/</url><path>administrator</path></home_dir>
> > >    in apple-user-homeurl
> > > 
> > > They are accepted
> > 
> > I think I know the reason - on the Module Config page, you need to enter
> these extra
> > attributes in the format :
> > 
> > apple-user-homeDirectory: /Network/Servers/srv1.example.com/NetUsers/${USER}
> > apple-user-homeurl: <home_dir><url>afp://srv1.example.com/NetUsers/</url><path>${USER}</path></home_dir>
> > 
> > Note the colon after the attribute name. I will add a comment about this
> on the Module
> > Config page in the next Webmin release.
> ----
> indeed - that made the difference. Curious that I also had it
> auto-entering a value for calFBURL (horde/imp schema) without the colon
> and it entered fine but also in checking, the samba attributes that are
> automatically added, I did have the colon.

Odd .. it shouldn't work at all without the colon.

> In the interest of clarity, I don't have a colon in 'Extra LDAP User
> properties to allow editing...' - should I be adding a colon after the
> attribute?

No, that module config field doesn't require colons. Which is in-consistent, I admit!

 - Jamie