[Davical-general] LDAP sync

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[Davical-general] LDAP sync

Marc Patermann
Hi,

with a longer running server on 0.9.9 we have users in ldap. But we
never used the "sync" option.
If a user connects to the wed interface the user's existence is checked
against ldap, if positive a principle is created. If not, there is no
access.
This is fine.

With a new test install with the latest version of davical we synced the
test user into davical from ldap.
When I now delete a user in davical, who still exits in ldap, he cannot
lock in. (The message shows the home calendar could not be created.)
This is fine too, but a change in behavior.
Or is this because the synced once? I cannot find any configuration
option that could change this behavior, is there any?
Is this the only way to use ldap in davical today or could the behavior
be the same if we never snyced users?

With the current behavior I have to periodically activate the sync.
Does anyone do this i.e. by cron and curl?


Marc

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Davical-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/davical-general
Reply | Threaded
Open this post in threaded view
|

Re: LDAP sync

Christian Schwamborn
Hi Marc,

just out of curiosity: In what environment are you running davical
(distribution, php version etc.). It sound to me if you might experience
the same obscure behaviour, I discovered three weeks ago.
You might look into this thead:
http://sourceforge.net/mailarchive/forum.php?thread_name=1339312515.5598.71.camel%40dave.home.mcmillan.net.nz&forum_name=davical-general
If my tb destroyed the link look for:
'default collections are not created for new prinipals' from 2012-06-10

Cheers,
Christian


Am 27.06.2012 13:53, schrieb Marc Patermann:

> Hi,
>
> with a longer running server on 0.9.9 we have users in ldap. But we
> never used the "sync" option.
> If a user connects to the wed interface the user's existence is checked
> against ldap, if positive a principle is created. If not, there is no
> access.
> This is fine.
>
> With a new test install with the latest version of davical we synced the
> test user into davical from ldap.
> When I now delete a user in davical, who still exits in ldap, he cannot
> lock in. (The message shows the home calendar could not be created.)
> This is fine too, but a change in behavior.
> Or is this because the synced once? I cannot find any configuration
> option that could change this behavior, is there any?
> Is this the only way to use ldap in davical today or could the behavior
> be the same if we never snyced users?
>
> With the current behavior I have to periodically activate the sync.
> Does anyone do this i.e. by cron and curl?
>
>
> Marc
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Davical-general mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/davical-general
>


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Davical-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/davical-general
Reply | Threaded
Open this post in threaded view
|

Re: LDAP sync

Marc Patermann
In reply to this post by Marc Patermann
Hi,

Marc Patermann schrieb (27.06.2012 13:53 Uhr):

> With a new test install with the latest version of davical we synced the
> test user into davical from ldap.
> When I now delete a user in davical, who still exits in ldap, he cannot
> lock in. (The message shows the home calendar could not be created.)
> This is fine too, but a change in behavior.
> Or is this because the synced once? I cannot find any configuration
> option that could change this behavior, is there any?
> Is this the only way to use ldap in davical today or could the behavior
> be the same if we never snyced users?
Here is what postgres says:

2012-06-28 13:46:05 CEST davical davical_app FEHLER:  ungültige
Eingabesyntax für Typ timestamp with time zone: »-- ::«
2012-06-28 13:46:05 CEST davical davical_app ANWEISUNG:  INSERT INTO
dav_principal
(username,email,user_active,modified,fullname,type_id,default_privileges)
VALUES('[hidden email]','[hidden email]',TRUE,E'--
\x3a\x3a','steffen',1,cast('000000000001111000100000' as text)::BIT(24))
2012-06-28 13:46:05 CEST davical davical_app FEHLER:  Spalte »user_no«
hat Typ integer, aber der Ausdruck hat Typ boolean bei Zeichen 25
2012-06-28 13:46:05 CEST davical davical_app TIPP:  Sie müssen den
Ausdruck umschreiben oder eine Typumwandlung vornehmen.
2012-06-28 13:46:05 CEST davical davical_app ANWEISUNG:  INSERT INTO
collection (user_no, parent_container, dav_name, dav_etag,
dav_displayname, is_calendar, is_addressbook, default_privileges,
created, modified, resourcetypes) VALUES( FALSE, '/[hidden email]/',
'/[hidden email]/home/', -1, ' calendar', TRUE, FALSE, NULL::BIT(24),
current_timestamp, current_timestamp,
E'<DAV\x3a\x3acollection/><urn\x3aietf\x3aparams\x3axml\x3ans\x3acaldav\x3acalendar/>'
);
2012-06-28 13:46:05 CEST davical davical_app FEHLER:  Binden-Nachricht
enthält 0 Parameter, aber vorbereitete Anweisung
»pdo_pgsql_stmt_e6aa63a0« erfordert 2
2012-06-28 13:46:05 CEST davical davical_app ANWEISUNG:  UPDATE usr SET
last_used = (SELECT session_start FROM session WHERE session.user_no =
$1 ORDER BY session_id DESC LIMIT NULL) WHERE user_no = $2;
2012-06-28 13:46:05 CEST davical davical_app FEHLER:  Spalte »user_no«
hat Typ integer, aber der Ausdruck hat Typ boolean bei Zeichen 34
2012-06-28 13:46:05 CEST davical davical_app TIPP:  Sie müssen den
Ausdruck umschreiben oder eine Typumwandlung vornehmen.
2012-06-28 13:46:05 CEST davical davical_app ANWEISUNG:  INSERT INTO
session (session_id, user_no, session_key) VALUES( 38, FALSE,
'b24568e3477a05692e772b7156cddcc3' )

There seems to be a problem with timestamp and user_no.


Marc

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Davical-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/davical-general
Reply | Threaded
Open this post in threaded view
|

Re: LDAP sync

Ján Máté-2
The fix:

http://www.inf-it.com/fixes/Principal.php.diff

JM


On Jun 28, 2012, at 2:02 PM, Marc Patermann wrote:

> Hi,
>
> Marc Patermann schrieb (27.06.2012 13:53 Uhr):
>
>> With a new test install with the latest version of davical we synced the
>> test user into davical from ldap.
>> When I now delete a user in davical, who still exits in ldap, he cannot
>> lock in. (The message shows the home calendar could not be created.)
>> This is fine too, but a change in behavior.
>> Or is this because the synced once? I cannot find any configuration
>> option that could change this behavior, is there any?
>> Is this the only way to use ldap in davical today or could the behavior
>> be the same if we never snyced users?
> Here is what postgres says:
>
> 2012-06-28 13:46:05 CEST davical davical_app FEHLER:  ungültige
> Eingabesyntax für Typ timestamp with time zone: »-- ::«
> 2012-06-28 13:46:05 CEST davical davical_app ANWEISUNG:  INSERT INTO
> dav_principal
> (username,email,user_active,modified,fullname,type_id,default_privileges)
> VALUES('[hidden email]','[hidden email]',TRUE,E'--
> \x3a\x3a','steffen',1,cast('000000000001111000100000' as text)::BIT(24))
> 2012-06-28 13:46:05 CEST davical davical_app FEHLER:  Spalte »user_no«
> hat Typ integer, aber der Ausdruck hat Typ boolean bei Zeichen 25
> 2012-06-28 13:46:05 CEST davical davical_app TIPP:  Sie müssen den
> Ausdruck umschreiben oder eine Typumwandlung vornehmen.
> 2012-06-28 13:46:05 CEST davical davical_app ANWEISUNG:  INSERT INTO
> collection (user_no, parent_container, dav_name, dav_etag,
> dav_displayname, is_calendar, is_addressbook, default_privileges,
> created, modified, resourcetypes) VALUES( FALSE, '/[hidden email]/',
> '/[hidden email]/home/', -1, ' calendar', TRUE, FALSE, NULL::BIT(24),
> current_timestamp, current_timestamp,
> E'<DAV\x3a\x3acollection/><urn\x3aietf\x3aparams\x3axml\x3ans\x3acaldav\x3acalendar/>'
> );
> 2012-06-28 13:46:05 CEST davical davical_app FEHLER:  Binden-Nachricht
> enthält 0 Parameter, aber vorbereitete Anweisung
> »pdo_pgsql_stmt_e6aa63a0« erfordert 2
> 2012-06-28 13:46:05 CEST davical davical_app ANWEISUNG:  UPDATE usr SET
> last_used = (SELECT session_start FROM session WHERE session.user_no =
> $1 ORDER BY session_id DESC LIMIT NULL) WHERE user_no = $2;
> 2012-06-28 13:46:05 CEST davical davical_app FEHLER:  Spalte »user_no«
> hat Typ integer, aber der Ausdruck hat Typ boolean bei Zeichen 34
> 2012-06-28 13:46:05 CEST davical davical_app TIPP:  Sie müssen den
> Ausdruck umschreiben oder eine Typumwandlung vornehmen.
> 2012-06-28 13:46:05 CEST davical davical_app ANWEISUNG:  INSERT INTO
> session (session_id, user_no, session_key) VALUES( 38, FALSE,
> 'b24568e3477a05692e772b7156cddcc3' )
>
> There seems to be a problem with timestamp and user_no.
>
>
> Marc
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Davical-general mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/davical-general


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Davical-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/davical-general
Reply | Threaded
Open this post in threaded view
|

Re: LDAP sync

Marc Patermann
Hi,

Ján Máté schrieb (28.06.2012 15:59 Uhr):
> The fix:
>
> http://www.inf-it.com/fixes/Principal.php.diff
Does not help. :(

postgres log:

2012-07-02 13:58:25 CEST davical davical_app FEHLER:  ungültige
Eingabesyntax für Typ timestamp with time zone: »-- ::«
2012-07-02 13:58:25 CEST davical davical_app ANWEISUNG:  INSERT INTO
dav_principal
(username,email,user_active,modified,fullname,type_id,default_privileges)
VALUES('[hidden email]','[hidden email]',TRUE,E'--
\x3a\x3a','Testuser 1',1,cast('000000000001111000100000' as text)::BIT(24))

2012-07-02 13:58:25 CEST davical davical_app FEHLER:  Spalte »user_no«
hat Typ integer, aber der Ausdruck hat Typ boolean bei Zeichen 25
2012-07-02 13:58:25 CEST davical davical_app TIPP:  Sie müssen den
Ausdruck umschreiben oder eine Typumwandlung vornehmen.
2012-07-02 13:58:25 CEST davical davical_app ANWEISUNG:  INSERT INTO
collection (user_no, parent_container, dav_name, dav_etag,
dav_displayname, is_calendar, is_addressbook, default_privileges,
created, modified, resourcetypes) VALUES( FALSE, '/[hidden email]/',
'/[hidden email]/home/', -1, ' calendar', TRUE, FALSE, NULL::BIT(24),
current_timestamp, current_timestamp,
E'<DAV\x3a\x3acollection/><urn\x3aietf\x3aparams\x3axml\x3ans\x3acaldav\x3acalendar/>'
);

2012-07-02 13:58:25 CEST davical davical_app FEHLER:  Binden-Nachricht
enthält 0 Parameter, aber vorbereitete Anweisung
»pdo_pgsql_stmt_f78fec48« erfordert 2
2012-07-02 13:58:25 CEST davical davical_app ANWEISUNG:  UPDATE usr SET
last_used = (SELECT session_start FROM session WHERE session.user_no =
$1 ORDER BY session_id DESC LIMIT NULL) WHERE user_no = $2;
2012-07-02 13:58:25 CEST davical davical_app FEHLER:  Spalte »user_no«
hat Typ integer, aber der Ausdruck hat Typ boolean bei Zeichen 34
2012-07-02 13:58:25 CEST davical davical_app TIPP:  Sie müssen den
Ausdruck umschreiben oder eine Typumwandlung vornehmen.
2012-07-02 13:58:25 CEST davical davical_app ANWEISUNG:  INSERT INTO
session (session_id, user_no, session_key) VALUES( 47, FALSE,
'b742c9cc84baa1f0106ad32d0e603ee2' )

here are the key value pairs:
username '[hidden email]'
email '[hidden email]'
user_active TRUE
modified E'-- \x3a\x3a'
fullname 'Testuser 1'
type_id 1
default_privileges cast('000000000001111000100000' as text)::BIT(24)

The attribute in ldap is
modifyTimestamp: 20120529150520Z




Marc

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Davical-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/davical-general
Reply | Threaded
Open this post in threaded view
|

Re: LDAP sync

Marc Patermann
Marc Patermann schrieb (02.07.2012 16:13 Uhr):

> Ján Máté schrieb (28.06.2012 15:59 Uhr):
>> The fix:
>>
>> http://www.inf-it.com/fixes/Principal.php.diff
> Does not help. :(
There was a ")," missing in the config. m)
Sorry for the noise.


Marc

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Davical-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/davical-general