Re: ldap and the admin user

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: ldap and the admin user

Narcis Garcia - GiLUG
I'm not much experienced but, as I understood, DAViCal has intervened
'admin' login to not be authenticated through LDAP. Then I see a
possible path:

1. Disable "do_not_sync_from_ldap..." line
2. Login as 'admin'
3. Create an alternative 'admin-ldap' account
4. Grant full permissions to 'admin-ldap'
5. Re-enable "do_not_sync_from_ldap..." line

I imagine that after this you should be able to login as 'admin-ldap'
and act with same persmissions as 'admin'.


El 10/08/15 a les 15:34, Petra Humann ha escrit:

> P.S.
>
>> I'm running davical  on debian jessie with ldap authentication without problems.
>> I installed  some updates over time and I'm running version 1.1.3.1-1 now.
>> After a long time I would like to login as admin again - but without success.
>>
>> From apache error log:
>> davical: ***: ERROR:drivers_ldap: Unable to find the user with filter (&(objectClass=inetOrgPerson))(uid=admin))
>
> The error log shows more:
>
> davical: ***: ERROR:drivers_ldap : Unable to find the user with filter (&(&(objectClass=inetOrgPerson)(uidNumber>=49999))(uid=admin)), ...
> davical: LOG: Session::check_temporary_passwords: Query: QF: SQL error "42883" - ERROR: operator does not exist: text = integer LINE 1: ... FROM tmp_password WHERE user_no = 1 AND password = mypassword... ^ HINT: No operator matches the given name and argument type(s). You might need to add explicit ty, ...
> davical: LOG: Session::check_temporary_passwords: Query: QF: pe casts.", ...
> davical: LOG: Session::check_temporary_passwords: Query: QF: SELECT 1 AS ok FROM tmp_password WHERE user_no = ? AND password = ? AND valid_until > current_timestamp, ...
> davical: LOG: Session::check_temporary_passwords: Query: QF:     "0" => "1", ...
> davical: LOG: Session::check_temporary_passwords: Query: QF:     "1" => "mypassword", ...
> davical: Login failure: WARN: Invalid username or password., ...
>
>> admin doesn't exist in the ldap database, but in the postgresql database. I checked this.
>>
>> In the caldav config I have
>>
>> $c->authenticate_hook['optional'] = true;
>> $c->do_not_sync_from_ldap = array( 'admin' => true );
>> $c->authenticate_hook['call'] = 'LDAP_check';
>> $c->authenticate_hook['config'] = array(
>> …
>> );
>>  include('drivers_ldap.php');
>>
>> How I can login as admin again?
>
>
>
> ------------------------------------------------------------------------------
>
>
>
> _______________________________________________
> Davical-general mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/davical-general
>

------------------------------------------------------------------------------
_______________________________________________
Davical-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/davical-general
Reply | Threaded
Open this post in threaded view
|

Re: ldap and the admin user

Petra Humann
It is an error in the sql query!  I changed in /usr/share/awl/inc/Session.php:

function check_temporary_passwords( $they_sent, $user_no ) {
         return true;
….

and now it works!

How can I disable "Help! I've forgotten my password!" on the davical login page?

Regards.
Petra Humann

Am 11.08.2015 um 08:48 schrieb Narcis Garcia <[hidden email]>:

> Then create it.
> DAViCal package come with a Shell Script (create-database or
> update-davical-database) with actions to create a database with 'admin'
> account.
>
>
> El 11/08/15 a les 08:04, Petra Humann ha escrit:
>> No, this doesn't seem the solution.
>> The table tmp_password in the postgresql database has not any entries.
>> In my opinion the  postgresql statement is false.
>>>> davical: LOG: Session::check_temporary_passwords: Query: QF: SQL error "42883" - ERROR: operator does not exist: text = integer LINE 1: ... FROM tmp_password WHERE user_no = 1 AND password = mypassword... ^ HINT: No operator matches the given name and argument type(s). You might need to add explicit type casts
>>
>> Am 10.08.2015 um 21:09 schrieb Narcis Garcia <[hidden email]>:
>>
>>> 1. Disable "do_not_sync_from_ldap..." line
>> This I never disable any more! I had many trouble installing davical, because
>> this line was not in the config!

------------------------------------------------------------------------------

_______________________________________________
Davical-general mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/davical-general

smime.p7s (6K) Download Attachment