Its not directly related to the code, but the repository key for debian Jessie packages has expired, therefore signatures will be checked anymore.

Why can't I choose SASL method ? Is it not enabled by default ?
In include/password-methods/ there is a file for sasl as well as md5, sha... but it does not show up in the drop down menu.

Hi,

After running 'sudo fusiondirectory-insert-schema', I get the following error on CentOS 7:

! This tool is only intended to be with with a cn=config backend, cn=config could not be found in the LDAP at /sbin/fusiondirectory-insert-schema line 289.

What is it asking for?

There is hardcoded running as root requirement in ldap-schema-manager. This disallows one to use it for schema management of rootless slapd (i.e. when slapd is configured in container to run under gid/uid!=0 but with appropriate cn=config permissions set for this gid/uid during slapd initialization).

Consider removing this hardcoded requirement.

(I'm opening this issue on "plugin" as I don't seem to be able to open it for the core component.)

I'm using FusionDirectory 1.3 from the project repository. If I upload a profile photo for a user, it seems to get re-scaled to 150x150 pixels which looks really ugly in software that then tries to display this image at a larger size.

I also could not find any way to re-configure the desired target size. Did I miss the configuration option to adjust this somewhere?

The LDAP spec does not seem to imposte a specific limit on the image size. Obviously I do not want to upload 20 megapixle portrait photographs to my LDAP server, but if it's not possible to configure the target size to the size actually expected / needed by software used in an organization, I'd consider this to be a bug or at least a missing feature.

Hi,
I try to make a docker container from Fusion-directory in stretch, but when I go to setup.php, IU had this PHP error :

Trace[1]: function trigger_error	File: /usr/share/fusiondirectory/include/class_Language.inc (Line 50)	Type: -
Arguments: "Setting locale to fr_FR.UTF-8 failed"
Trace[2]: class Language / function init	File: /usr/share/fusiondirectory/html/setup.php (Line 89)	Type: static
Arguments: "fr_FR.UTF-8"

I think, I don't have French language in my stretch image, what can I do for resolve this issue ?
(PS: If y continue in English, FusionDirectory works well...)
Thanks !!!

The file core-fd-conf.schema, included in fusiondirectory-schema debian package and in the master branch, is syntax broken, causing slapd to fail starting. The file included in develop branch, commit Fixes: #2468 Incorrect syntax for core-fd-conf schema (68212ce), fixes the issue.

When using templates and you have the DN to use "uid" and auto-generated id's; when you create a user with the same name as someone else you get a "There is already an entry with this 'Name' attribute in the system!".

The issue looks like plugins/admin/users/class_userManagement.inc in the templateContinue() method on line 578, it does:

  $ldap->search ("(&(sn=".normalizeLdap($this->sn).")(givenName=".normalizeLdap($this->givenName)."))", array("givenName"));
  if ($ldap->count () != 0) {
    msg_dialog::displayChecks(array(msgPool::duplicated(_("Name"))));
  } else {

This makes sense if you were doing the primary DN was based on cn and there was and no cn generation going on.

I'm not sure the best fix for this, but when the dn is based on a uid, I should be able to support people with same name.

$ aptitude install fusiondirectory
The following NEW packages will be installed:
fusiondirectory{b} imagemagick-common{a} javascript-common{a} libc-client2007e{a} libcurl3{a} libgd2-xpm{a} libgomp1{a} libjs-prototype{a} libjs-scriptaculous{a} liblqr-1-0{a} libltdl7{a} libmagickcore5{a} libmagickwand5{a} libmcrypt4{a} librecode0{a} librtmp0{a}
libssh2-1{a} mlock{a} php-fpdf{a} php5-curl{a} php5-gd{a} php5-imagick{a} php5-imap{a} php5-ldap{a} php5-mcrypt{a} php5-recode{a} wwwconfig-common{a}
0 packages upgraded, 27 newly installed, 0 to remove and 0 not upgraded.
Need to get 6898 kB/7273 kB of archives. After unpacking 22.3 MB will be used.
The following packages have unmet dependencies:
fusiondirectory : Depends: smarty3-i18n which is a virtual package.
Depends: gettext but it is not going to be installed.
Depends: libcrypt-passwdmd5-perl but it is not going to be installed.
Depends: libnet-ldap-perl but it is not going to be installed.
Depends: libpath-class-perl but it is not going to be installed.
Depends: libfile-copy-recursive-perl but it is not going to be installed.
Depends: libxml-twig-perl but it is not going to be installed.
Depends: libcrypt-cbc-perl but it is not going to be installed.
Depends: schema2ldif which is a virtual package.

So i'm stucked with deps satisfy - smarty3-i18n and schema2ldif 're badly googling as a package containts.

Searching for documentation on DNS and DHCP I didn't find any entries, here is where I was looking:
https://fusiondirectory-user-manual.readthedocs.io/en/1.3/plugins

Hello.

Would it be possible for Fusion Directory to support setting number of rounds (iterations) in password CRYPT format using SHA-512?

https://en.wikipedia.org/wiki/Crypt_(C)

Hello

I am trying to setup Fusion Directory on Debian 9 with Apache 2.4 and PHP 7 and OpenLDAP 2.4.
I follow docs -> https://documentation.fusiondirectory.org/en/documentation/admin_installation
Version is 1.0.19 installed through default Debian apt repo (same for fusion directory schema)

I go through web setup withou any issues but when I try to log in with fd-admin account I get following errors:

Apache:

  Feb 02 17:58:11 smalldebian apache2[27017]: FusionDirectory [unauthenticated]: (view) error: PHP error: Only variables should be passed by reference (/usr/share/fusiondirectory/include/functions.inc, line 589)
    Feb 02 17:58:11 smalldebian slapd[1844]: <= mdb_equality_candidates: (roleOccupant) not indexed
    Feb 02 17:58:11 smalldebian apache2[27017]: FusionDirectory [fd-admin]: (view) error: PHP error: Only variables should be passed by reference (/usr/share/fusiondirectory/include/functions.inc, line 2538)
    Feb 02 17:58:11 smalldebian apache2[27017]: FusionDirectory [fd-admin]: (security) login: User "fd-admin" logged in successfully.

Web Page:

Fatal error: Uncaught Exception: Error: lexing failed because a rule matched an empty string. Input "0)} ... state TAGBODY in /usr/share/php/smarty3/sysplugins/smarty_internal_templatelexer.php:566 Stack trace: #0 /usr/share/php/smarty3/sysplugins/smarty_internal_templatelexer.php(263): Smarty_Internal_Templatelexer->yylex3() #1 /usr/share/php/smarty3/sysplugins/smarty_internal_smartytemplatecompiler.php(109): Smarty_Internal_Templatelexer->yylex() #2 /usr/share/php/smarty3/sysplugins/smarty_internal_templatecompilerbase.php(404): Smarty_Internal_SmartyTemplateCompiler->doCompile('<!-- Headline -...', true) #3 /usr/share/php/smarty3/sysplugins/smarty_internal_templatecompilerbase.php(335): Smarty_Internal_TemplateCompilerBase->compileTemplateSource(Object(Smarty_Internal_Template), false, NULL) #4 /usr/share/php/smarty3/sysplugins/smarty_template_compiled.php(199): Smarty_Internal_TemplateCompilerBase->compileTemplate(Object(Smarty_Internal_Template)) #5 /usr/share/php/smarty3/sysplugins/smarty_template_compiled.php(98) in /usr/share/php/smarty3/sysplugins/smarty_internal_templatelexer.php on line 566

Changelog says Fusion Directory is ready for PHP 7.
Any ideas what might went wrong?

Is there any plan for PHP7.0 to be formally supported in the PHP code? I am working on migrating Ubuntu 16.04 to a PHP7.0 only base, and fusiondirectory will be pretty heavily patched to support PHP7.0. I can contribute those patches back to this project, if that would be acceptable (although I am not sure how best, for instance, to support both mod_php and mod_php5 in the apache configuration, multiple if-statements?)

Describe the bug
En suivant l'installation détaillée dans le manuel utilisateur, à la toute fin de l'installation via la WebUI, j'obtiens une erreur de type "XML error in fusiondirectory.conf: Not well-formed (invalid token) at line 1". Pourtant, les permissions et autre sont normalement bonnes car j'ai lancé l'utilitaire "fusiondirectory-setup --check-config". Le token semble bien copié/collé, il s'agit d'une suite de nombres ou chiffres, avec un espace en début de fichier. J'ai essayé en supprimant cet espace mais rien n'y fait.

To Reproduce
Suivre la procédure
Finaliser l'installation via la WebUI
Copier le token, le coller dans le fichier /etc/fusiondirectory/fusiondirectory.conf
Mettre les permissions adéquates, ou utiliser l'utilitaire fusiondirectory-setup --check-config en tant que root

Expected behavior
L'installation est normalement terminée.

Desktop (please complete the following information):

• OS: Debian Buster
• PHP: [ php 7.3 ]
• PHP provenance: [original Debian]
• Browser [Brave, Vivaldi]

In the web interface, when setting up fusiondirectory and resolving the issues on the "LDAP inspection" section of the installation wizard, when trying to create a new fd-admin user using the GUI, I get this error even after clicking the "Check again" button:

Checking for super administrator
Failed
There is no FusionDirectory administrator account inside your LDAP.

This recurs no matter how many times I "create" the new user. But I can verify that "fd-admin" exists via ldapsearch.

dn: uid=fd-admin,ou=People,dc=example,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
cn: System Administrator
sn: Administrator
givenName: System
uid: fd-admin

It seems the gosaAclTemplate isn't there at all for fd-admin, and the source code seems to look for it here...

When I tried to add it:

# cat argh.ldif
dn: uid=fd-admin,ou=People,dc=example,dc=com
changetype: modify
add: gosaAclTemplate
gosaAclTemplate: *:all;cmdrw

# ldapmodify -x -W -D "cn=admin,dc=example,dc=com" -H ldap:/// -f argh.ldif
Enter LDAP Password:
modifying entry "uid=fd-admin,ou=People,dc=example,dc=com"
ldap_modify: Object class violation (65)
        additional info: attribute 'gosaAclTemplate' not allowed

Now why is that?

System:

• Ubuntu 16.04.2 amd64
• slapd (OpenLDAP) verison 2.4.42+dfsg-2ubuntu3.1
• FusionDirectory 1.0.19-1 from the repo.fusiondirectory.org Debian Jessie packages
• fusiondirectory-schemas are installed and verified as imported into LDAP

BTW, all other "LDAP inspection" steps completed successfully.

Describe the bug
I'm migrating my database from old fusiondirectory (1.0.8.2).

The installation, transfert and upgrade to an uptodate fusiondirectory works well, but, if I do this migration with the plugin samba installed, fusiondirectory is showing only 2 of my 3xx users on the page.

If I try this upgrade from scratch, without installing this samba plugins, I got all my users on the webpage.

Any idea how I can debug this?

Desktop (please complete the following information):

• OS: Debian Buster
• PHP: 7.3
• PHP provenance: original Debian]
• Browser : firefox, chromium
• Version : latest

Hi,

base version 1.0.74 with samba plugin, installed from wheezy repo on Ubuntu Server 14.04, if I try to edit an existent group and then I try to save by Ok or Apply button I receive the following error and the group isn't updated:

"There is already an entry with this 'Name' attribute in the system!"

Keep on the good work.

During the Setup I choose "Enforce encrypted connections" under "Login and session", but that gave me an wired error, so installed it without HTTPS and gave it another try by following this guide:

https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-debian-10

This didn't help:

Fatal error: Uncaught Error: Call to undefined function xml_parser_create() in /usr/share/fusiondirectory/include/class_config.inc:146 Stack trace: #0 /usr/share/fusiondirectory/include/class_config.inc(135): config->parse_data('<?xml version="...') #1 /usr/share/fusiondirectory/include/class_config.inc(83): config->parse('/etc/fusiondire...') #2 /usr/share/fusiondirectory/html/index.php(165): config->__construct('/etc/fusiondire...', '/usr/share/fusi...') #3 {main} thrown in /usr/share/fusiondirectory/include/class_config.inc on line 146

During the setup there are paths mentioned, "Key path", "Certificate path" and "CA certificate path", these are empty when I choose "Enforce encrypted connections", I guess that maybe the reason why it fails, but don't know how to fix.

My installation source:

deb http://repos.fusiondirectory.org/fusiondirectory-current/debian-stretch stretch main
deb http://repos.fusiondirectory.org/fusiondirectory-extra/debian-stretch stretch main

I try to install fusiondirectory into my openldap server
But when I try to setup it in the web page, it shows an error message:
"Bind as user 'admin,dc=ldap,dc=acer,dc=com' failed! "
But while I try to use this command: "telnet localhost 389"
It can respond quickly.
Does anyone can give me an idea?
Thanks for your help
https://drive.google.com/file/d/0B1w_R1KFe0MdMGNSNU5pdWpnU3M/edit?usp=sharing

Some times, we encounter very long connection time.
After some investigations, it seems that it comes from the use of /dev/random as random numbers generator. Using /dev/urandom is more efficient.

• Trying to reset an accounts password with its email address I get the following error message:

The field 'Contact your administrator, there was a problem with mail server' contains invalid characters! 

• Changing the "@" to "%40" for URL Encoding gives me an other error:

There is no account using email "mymail%40gmail.com" 

Installed plugins:

• ldapdump
• ldapmanager
• mail
• dsa
• personal

Let me know if you need further information about my setup.

I'm running fusiondirectory with the ppolicies plugin and scheme added. In general it's working, but the default password policy is not applied to the accounts.

The default if configured in /usr/share/doc/fusiondirectory-plugin-ppolicy/ppolicyconfig.ldif as follows:

olcPPolicyDefault: cn=default,ou=ppolicies,dc=mydomain,dc=de

I've created a password policy called "default" in FD:

Also in FD, this policy is displayed with the path: "cn=default,ou=ppolicies,dc=mydomain,dc=de"

I can check the function of the policy with my frontend (PWM-Project). When I log in as a user and go to "change password", the correct policy is read and displayed as long as the user is definitely assigned to the policy "default":

This is working so far. The big issue is, that the policy is not applied on the standard setting of the users "Use default":

With this setting, my default policy "cn=default,ou=ppolicies,dc=mydomain,dc=de" is not applied and in use for the user!

In my understanding this setting should use the default policy!

Also the plugin configuration is showing the right policy:

... which results in"cn=default,ou=ppolicies,dc=mydomain,dc=de"

Is this a confirmed bug or is there any workaround? I have a project on hold just because the default is not working ...

Using php 7.0.13 on ubuntu 16.04 I get the following error when I try to open any user or groups tab (fusiondirectory 1.0.19 from jessie packages):

Unknown element type specified!
The stack trace is

#0  filter->render() called at [/usr/share/fusiondirectory/include/class_listing.inc:507]
#1  listing->render() called at [/usr/share/fusiondirectory/include/class_management.inc:216]
#2  management->renderList() called at [/usr/share/fusiondirectory/include/simpleplugin/class_simpleManagement.inc:411]
#3  simpleManagement->renderList() called at [/usr/share/fusiondirectory/plugins/admin/users/class_userManagement.inc:119]
#4  userManagement->renderList() called at [/usr/share/fusiondirectory/include/class_management.inc:210]
#5  management->execute() called at [/usr/share/fusiondirectory/plugins/admin/users/main.inc:47]
#6  require(/usr/share/fusiondirectory/plugins/admin/users/main.inc) called at [/usr/share/fusiondirectory/html/main.php:286]

And dumping $this->elements gives

array(19) {
  ["FILTERACLASSIGNMENT"]=>
  array(5) {
    ["type"]=>
    string(8) "checkbox"
    ["tag"]=>
    string(19) "FILTERACLASSIGNMENT"
    ["default"]=>
    bool(true)
    ["unset"]=>
    array(0) {
    }
    ["set"]=>
    string(21) "(objectClass=gosaAcl)"
  }
  ["FILTERORGANIZATION"]=>
  array(5) {
    ["type"]=>
    string(8) "checkbox"
    ["tag"]=>
    string(18) "FILTERORGANIZATION"
    ["default"]=>
    bool(true)
    ["unset"]=>
    array(0) {
    }
    ["set"]=>
    string(57) "(&(objectClass=organization)(objectClass=gosaDepartment))"
  }
  ["FILTERDEPARTMENT"]=>
  array(5) {
    ["type"]=>
    string(8) "checkbox"
    ["tag"]=>
    string(16) "FILTERDEPARTMENT"
    ["default"]=>
    bool(true)
    ["unset"]=>
    array(0) {
    }
    ["set"]=>
    string(63) "(&(objectClass=organizationalUnit)(objectClass=gosaDepartment))"
  }
  ["FILTERLOCALITY"]=>
  array(5) {
    ["type"]=>
    string(8) "checkbox"
    ["tag"]=>
    string(14) "FILTERLOCALITY"
    ["default"]=>
    bool(true)
    ["unset"]=>
    array(0) {
    }
    ["set"]=>
    string(53) "(&(objectClass=locality)(objectClass=gosaDepartment))"
  }
  ["FILTERDCOBJECT"]=>
  array(5) {
    ["type"]=>
    string(8) "checkbox"
    ["tag"]=>
    string(14) "FILTERDCOBJECT"
    ["default"]=>
    bool(true)
    ["unset"]=>
    array(0) {
    }
    ["set"]=>
    string(53) "(&(objectClass=dcObject)(objectClass=gosaDepartment))"
  }
  ["FILTERCOUNTRY"]=>
  array(5) {
    ["type"]=>
    string(8) "checkbox"
    ["tag"]=>
    string(13) "FILTERCOUNTRY"
    ["default"]=>
    bool(true)
    ["unset"]=>
    array(0) {
    }
    ["set"]=>
    string(52) "(&(objectClass=country)(objectClass=gosaDepartment))"
  }
  ["FILTERDOMAIN"]=>
  array(5) {
    ["type"]=>
    string(8) "checkbox"
    ["tag"]=>
    string(12) "FILTERDOMAIN"
    ["default"]=>
    bool(true)
    ["unset"]=>
    array(0) {
    }
    ["set"]=>
    string(51) "(&(objectClass=domain)(objectClass=gosaDepartment))"
  }
  ["WORKSTATION"]=>
  array(5) {
    ["type"]=>
    string(8) "checkbox"
    ["tag"]=>
    string(11) "WORKSTATION"
    ["default"]=>
    string(4) "true"
    ["unset"]=>
    array(0) {
    }
    ["set"]=>
    string(29) "(objectClass=gotoWorkstation)"
  }
  ["MOBILEPHONE"]=>
  array(5) {
    ["type"]=>
    string(8) "checkbox"
    ["tag"]=>
    string(11) "MOBILEPHONE"
    ["default"]=>
    string(4) "true"
    ["unset"]=>
    array(0) {
    }
    ["set"]=>
    string(27) "(objectClass=fdMobilePhone)"
  }
  ["WINSTATION"]=>
  array(5) {
    ["type"]=>
    string(8) "checkbox"
    ["tag"]=>
    string(10) "WINSTATION"
    ["default"]=>
    string(4) "true"
    ["unset"]=>
    array(0) {
    }
    ["set"]=>
    string(41) "(&(objectClass=sambaSamAccount)(uid=*\$))"
  }
  ["COMPONENT"]=>
  array(5) {
    ["type"]=>
    string(8) "checkbox"
    ["tag"]=>
    string(9) "COMPONENT"
    ["default"]=>
    string(4) "true"
    ["unset"]=>
    array(0) {
    }
    ["set"]=>
    string(50) "(&(objectClass=ieee802Device)(objectClass=device))"
  }
  ["TERMINAL"]=>
  array(5) {
    ["type"]=>
    string(8) "checkbox"
    ["tag"]=>
    string(8) "TERMINAL"
    ["default"]=>
    string(4) "true"
    ["unset"]=>
    array(0) {
    }
    ["set"]=>
    string(26) "(objectClass=gotoTerminal)"
  }
  ["PRINTER"]=>
  array(5) {
    ["type"]=>
    string(8) "checkbox"
    ["tag"]=>
    string(7) "PRINTER"
    ["default"]=>
    string(4) "true"
    ["unset"]=>
    array(0) {
    }
    ["set"]=>
    string(23) "(objectClass=fdPrinter)"
  }
  ["SERVER"]=>
  array(5) {
    ["type"]=>
    string(8) "checkbox"
    ["tag"]=>
    string(6) "SERVER"
    ["default"]=>
    string(4) "true"
    ["unset"]=>
    array(0) {
    }
    ["set"]=>
    string(22) "(objectClass=goServer)"
  }
  ["PHONE"]=>
  array(5) {
    ["type"]=>
    string(8) "checkbox"
    ["tag"]=>
    string(5) "PHONE"
    ["default"]=>
    string(4) "true"
    ["unset"]=>
    array(0) {
    }
    ["set"]=>
    string(21) "(objectClass=fdPhone)"
  }
  ["NAME"]=>
  array(9) {
    ["type"]=>
    string(9) "textfield"
    ["tag"]=>
    string(4) "NAME"
    ["size"]=>
    string(2) "20"
    ["maxlength"]=>
    string(2) "60"
    ["default"]=>
    array(0) {
    }
    ["unset"]=>
    array(0) {
    }
    ["set"]=>
    string(58) "(|(dn=*$*)(cn=*$*)(description=*$*)(ou=*$*)(dc=*$*)(=*$*))"
    ["alphabet"]=>
    string(5) "false"
    ["autocomplete"]=>
    array(5) {
      ["backend"]=>
      string(7) "SYSTEMS"
      ["filter"]=>
      string(108) "(&(|$FILTERACLASSIGNMENT)(|(dn=*$NAME*)(cn=*$NAME*)(description=*$NAME*)(ou=*$NAME*)(dc=*$NAME*)(=*$NAME*)))"
      ["attribute"]=>
      array(6) {
        [0]=>
        string(2) "dn"
        [1]=>
        string(2) "cn"
        [2]=>
        string(11) "description"
        [3]=>
        string(2) "ou"
        [4]=>
        string(2) "dc"
        [5]=>
        bool(false)
      }
      ["frequency"]=>
      string(3) "0.5"
      ["characters"]=>
      string(1) "3"
    }
  }
  ["FUNCTIONAL"]=>
  array(1) {
    ["set"]=>
    string(61) "(!(|(objectClass=posixAccount)(objectClass=gosaMailAccount)))"
  }
  ["MAIL"]=>
  array(2) {
    ["unset"]=>
    string(0) ""
    ["set"]=>
    string(0) ""
  }
  ["SAMBA"]=>
  array(2) {
    ["unset"]=>
    string(0) ""
    ["set"]=>
    string(0) ""
  }
}

Apperently, neither MAIL nor SAMBA have the type attribute leading to this error. Any idea?

Hi there,

after installing and setting up everything following the doc (last debian:jessie version), I'm able to create users but if I don't add any posix or mail attribute, they aren't listed in the Users page and the only way to confirm they exist is if I create a group and try to add members, there I can find them.

I tried to force the FUNCTIONAL filter in user-filter.xml, it didn't work, so I took a look at class_userManagement.inc.

With some ldapsearch queries I figured out that the filter built on line 99 with
$this->filter->elements['FUNCTIONAL']['set'] = '(!(|(objectClass='.implode(')(objectClass=', $classes).')))';
was building something like
(!(|(objectClass=posixAccount)(objectClass=gosaMailAccount)))
which returns zero result (users list stays empty, ldapsearch returns 0 result).

I fixed this here with
$this->filter->elements['FUNCTIONAL']['set'] = '(|(!(objectClass='.implode('))(!(objectClass=', $classes).')))';
which builds the following filter
(|(!(objectClass=posixAccount))(!(objectClass=gosaMailAccount)))
setting the NOT condition on every member of the OR fixes the way I think it should filter people without any of the posixAccount or gosaMailAccount classes.

With this filter, I'm now able to list my users.

Thank you

I follow the site instalation procedure, but i'm stucked in this error.
https://fusiondirectory-user-manual.readthedocs.io/en/1.3/install/centos/centos-fd-install.html#install-fusiondirectory

http://10.88.0.9/fusiondirectory/setup.php

Fatal error: Uncaught --> Smarty Compiler: Syntax error in template "file:/usr/share/fusiondirectory/setup/setup_welcome.tpl" on line 3 "{t}This seems to be the first time you start FusionDirectory - we didn't find any configuration right now. This simple wizard intends to help you while setting it up.{/t}" unknown tag 't' <-- thrown in /usr/share/php/Smarty/sysplugins/smarty_internal_templatecompilerbase.php on line 3

php-json-7.1.33-5.el7.remi.x86_64
php-pdo-7.1.33-5.el7.remi.x86_64
php-pear-CAS-1.3.8-1.el7.remi.noarch
php-pecl-imagick-3.4.4-9.el7.remi.7.1.x86_64
php-Smarty3-3.1.18-2.el7.centos.noarch
php-common-7.1.33-5.el7.remi.x86_64
php-mbstring-7.1.33-5.el7.remi.x86_64
php-ldap-7.1.33-5.el7.remi.x86_64
php-fedora-autoloader-1.0.1-2.el7.remi.noarch
php-imap-7.1.33-5.el7.remi.x86_64
php-xml-7.1.33-5.el7.remi.x86_64
php-Smarty3-gettext-1.1.0-2.el7.centos.noarch
php-gd-7.1.33-5.el7.remi.x86_64
php-cli-7.1.33-5.el7.remi.x86_64
php-7.1.33-5.el7.remi.x86_64
php-Smarty-3.1.33-1.el7.remi.noarch

CentOS Linux release 7.7.1908 (Core)

I have tested it on my server and on the demo server.

When I try to add an account I get:

The field 'Primary address' contains invalid characters!

I use only text in the field.

Hi,
it is possible to allow user change their password without possibility change password hash algorithm? Thanks!

i have installed fusiondirectory uses existing external Zimbra OpenLDAP, but when connecting between them I get an error:

`root@fd:/usr/share# fusiondirectory-setup --check-config
Checking FusionDirectory's config file
/etc/fusiondirectory/fusiondirectory.conf exists…
Rights on /etc/fusiondirectory/fusiondirectory.conf are correct
root@fd:/usr/share# fusiondirectory-setup --check-ldap
Checking your LDAP tree
! There is no admin ACL role
No valid admin account found, do you want to create it ? [Yes/No]?
Yes
Could not find configuration object, using default value
Please enter a login for FusionDirectory's admin [fd-admin]:
fd-admin
User fd-admin already existing, adding admin acl to it

! failed to add LDAP's cn=admin,ou=aclroles,dc=xxxxxxxxxx,dc=xx,dc=xx entry - LDAP_UNDEFINED_TYPE: The request contains an undefined attribute type
root@fd:/usr/share#
`

I'm getting:

`LDAP operation failed!

Object: cn=config,ou=fusiondirectory,dc=domain,dc=com

Error: Undefined attribute type - attribute: fdHttpAuthActivated (fdHttpAuthActivated: attribute type undefined, while operating on 'cn=config,ou=fusiondirectory,dc= domain,dc=com' using LDAP server 'ldap://localhost:389')`

This error comes up when I login.

Describe the bug
I'm getting the following errors when I click Next on the LDAP Setup wizard page

Error 	
Fatal Error
Uncaught TypeError: Unsupported operand types: int & string

Fatal error: Uncaught Exception: Serialization of 'XMLParser' is not allowed in [no active file]:0 Stack trace: #0 {main} thrown in [no active file] on line 0

From Nginx error log:

2021/09/17 14:53:15 [error] 19718#19718: *28998 FastCGI sent in stderr: "PHP message: PHP Fatal error:Uncaught Exception: Serialization of 'XMLParser' is not allowed in [no active file]:0 Stack trace:
#0 {main}
  thrown in [no active file] on line 0" while reading upstream, client: 1.2.3.4, server: example.org, request: "GET /fusiondirectory/setup.php HTTP/2.0", upstream: "fastcgi://unix:/run/php-fpm/php-fpm.sock:", host: "example.org"

To Reproduce
Steps to reproduce the behavior:

1. Set up Arch Linux, OpenLDAP 2.4.59, PHP 8.0.10 and FusionDirectory 1.4-dev
2. Import FusionDirectory required schemas with the Perl tool
3. Follow the Wizard until you need to configure LDAP, click Next
4. See error

Expected behavior
The web installation wizard appears as with PHP 7

Is there a way when a user is doing some operation to bind with his own DN instead of cn=admin ?

Hello,

I search for a documentation of FusionDirectory's Webservice.

Do you have any link for me ?

Thanks !

Hello,
Do you tried to setup fusindirectory 1.0.12? Into tab "Setup LDAP", field "base" is SelectAttribute - may be he need be String - else how edit "base"?

rfc2307bis-2 extended support.

I actually want PosixGroup defined as AUXILIARY to mix PosixGroup and group like :

• groupOfNames using "member" attribute
• groupOfUniquesNames from rfc2307bis using "uniqueName" attribute
• groupOfMembers from rfc2307bis-02 using "member" attribute

Actually, groupOfUniquesNames and groupOfMembers is not supported.

And, if I want "memberOf" overlay from Openldap, I really need to use "uniqueName" style as input for member.

The main difference between "uniqueName" and "member" attribute is :

• uniqueName : require FDN/dn as input. FDN/dn example: cn=admin,dc=cedille,dc=ens,dc=etsmtl,dc=ca
• member : require RDN as input. (FND is permitted from rfc2307bis-02). RDN example : cn=admin

I think this is a typo?

I have installed the fusion directory version 1.3 on debian 9, but I can't install the Zimbra plugin with an error message

root@fd:~# apt-get install fusiondirectory-plugin-zimbra
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package fusiondirectory-plugin-zimbra
root@fd:~# apt-get install fusiondirectory-plugin-zimbra-schema
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package fusiondirectory-plugin-zimbra-schema
root@fd:~#

I hit this when randomly browsing the contents (version 1.0.12).

After some debugging, this is the initial working state of the of filter::elements
Array ( [FUNCTIONAL] => Array ( [type] => checkbox [tag] => FUNCTIONAL [default] => true [unset] => Array ( ) [set] => (!(|(objectClass=posixAccount))) ) [TEMPLATES] => Array ( [type] => checkbox [tag] => TEMPLATES [default] => Array ( ) [unset] => Array ( ) [set] => (objectClass=fdTemplate) ) [SAMBA] => Array ( [type] => checkbox [tag] => SAMBA [default] => true [unset] => [set] => ) [POSIX] => Array ( [type] => checkbox [tag] => POSIX [default] => true [unset] => Array ( ) [set] => (objectClass=posixAccount) ) [MAIL] => Array ( [type] => checkbox [tag] => MAIL [default] => true [unset] => [set] => ) [NAME] => Array ( [type] => textfield [tag] => NAME [size] => 20 [maxlength] => 60 [default] => Array ( ) [unset] => Array ( ) [set] => (|(cn=*$*)(sn=*$*)(givenName=*$*)(uid=*$*)(mail=*$*)) [alphabet] => true [autocomplete] => Array ( [backend] => LDAP [filter] => (&(objectClass=inetOrgPerson)(|(cn=*$NAME*)(sn=*$NAME*)(givenName=*$NAME*)(uid=*$NAME*)(mail=*$NAME*))) [attribute] => Array ( [0] => cn [1] => uid ) [frequency] => 0.5 [characters] => 3 ) ) )

This is when I hit the error:

Array ( [WORKSTATION] => Array ( [type] => checkbox [tag] => WORKSTATION [default] => true [unset] => Array ( ) [set] => (gosaGroupObjects=*W*) ) [APPLICATION] => Array ( [type] => checkbox [tag] => APPLICATION [default] => true [unset] => Array ( ) [set] => (gosaGroupObjects=*A*) ) [TERMINAL] => Array ( [type] => checkbox [tag] => TERMINAL [default] => true [unset] => Array ( ) [set] => (gosaGroupObjects=*T*) ) [UNKNOWN] => Array ( [type] => checkbox [tag] => UNKNOWN [default] => false [unset] => Array ( ) [set] => (gosaGroupObjects=*I*) ) [PRINTER] => Array ( [type] => checkbox [tag] => PRINTER [default] => true [unset] => Array ( ) [set] => (gosaGroupObjects=*P*) ) [WINDOWS] => Array ( [type] => checkbox [tag] => WINDOWS [default] => true [unset] => Array ( ) [set] => (gosaGroupObjects=*O*) ) [PRIMARY] => Array ( [type] => checkbox [tag] => PRIMARY [default] => true [unset] => Array ( ) [set] => (objectClass=posixGroup) ) [SERVER] => Array ( [type] => checkbox [tag] => SERVER [default] => true [unset] => Array ( ) [set] => (gosaGroupObjects=*S*) ) [PHONE] => Array ( [type] => checkbox [tag] => PHONE [default] => true [unset] => Array ( ) [set] => (gosaGroupObjects=*F*) ) [GROUP] => Array ( [type] => checkbox [tag] => GROUP [default] => true [unset] => Array ( ) [set] => (gosaGroupObjects=*G*) ) [SAMBA] => Array ( [type] => checkbox [tag] => SAMBA [default] => true [unset] => [set] => ) [NAME] => Array ( [type] => textfield [tag] => NAME [size] => 20 [maxlength] => 60 [default] => Array ( ) [unset] => Array ( ) [set] => (|(cn=*$*)(description=*$*)) [alphabet] => true [autocomplete] => Array ( [backend] => LDAP [filter] => (&(|(objectClass=posixGroup)$ROLE(objectClass=groupOfNames))(|(cn=*$NAME*)(description=*$NAME*))) [attribute] => cn [frequency] => 0.5 [characters] => 3 ) ) [USER] => Array ( [type] => checkbox [tag] => USER [default] => true [unset] => Array ( ) [set] => (gosaGroupObjects=*U*) ) [ROLE] => Array ( [type] => checkbox [tag] => ROLE [default] => true [unset] => Array ( ) [set] => (objectClass=organizationalRole) ) [MAIL] => Array ( [type] => checkbox [tag] => MAIL [default] => true [unset] => [set] => ) [FUNCTIONAL] => Array ( [set] => (!(|(objectClass=posixAccount))) ) ) Array ( [WORKSTATION] => Array ( [type] => checkbox [tag] => WORKSTATION [default] => true [unset] => Array ( ) [set] => (gosaGroupObjects=*W*) ) [APPLICATION] => Array ( [type] => checkbox [tag] => APPLICATION [default] => true [unset] => Array ( ) [set] => (gosaGroupObjects=*A*) ) [TERMINAL] => Array ( [type] => checkbox [tag] => TERMINAL [default] => true [unset] => Array ( ) [set] => (gosaGroupObjects=*T*) ) [UNKNOWN] => Array ( [type] => checkbox [tag] => UNKNOWN [default] => false [unset] => Array ( ) [set] => (gosaGroupObjects=*I*) ) [PRINTER] => Array ( [type] => checkbox [tag] => PRINTER [default] => true [unset] => Array ( ) [set] => (gosaGroupObjects=*P*) ) [WINDOWS] => Array ( [type] => checkbox [tag] => WINDOWS [default] => true [unset] => Array ( ) [set] => (gosaGroupObjects=*O*) ) [PRIMARY] => Array ( [type] => checkbox [tag] => PRIMARY [default] => true [unset] => Array ( ) [set] => (objectClass=posixGroup) ) [SERVER] => Array ( [type] => checkbox [tag] => SERVER [default] => true [unset] => Array ( ) [set] => (gosaGroupObjects=*S*) ) [PHONE] => Array ( [type] => checkbox [tag] => PHONE [default] => true [unset] => Array ( ) [set] => (gosaGroupObjects=*F*) ) [GROUP] => Array ( [type] => checkbox [tag] => GROUP [default] => true [unset] => Array ( ) [set] => (gosaGroupObjects=*G*) ) [SAMBA] => Array ( [type] => checkbox [tag] => SAMBA [default] => true [unset] => [set] => ) [NAME] => Array ( [type] => textfield [tag] => NAME [size] => 20 [maxlength] => 60 [default] => Array ( ) [unset] => Array ( ) [set] => (|(cn=*$*)(description=*$*)) [alphabet] => true [autocomplete] => Array ( [backend] => LDAP [filter] => (&(|(objectClass=posixGroup)$ROLE(objectClass=groupOfNames))(|(cn=*$NAME*)(description=*$NAME*))) [attribute] => cn [frequency] => 0.5 [characters] => 3 ) ) [USER] => Array ( [type] => checkbox [tag] => USER [default] => true [unset] => Array ( ) [set] => (gosaGroupObjects=*U*) ) [ROLE] => Array ( [type] => checkbox [tag] => ROLE [default] => true [unset] => Array ( ) [set] => (objectClass=organizationalRole) ) [MAIL] => Array ( [type] => checkbox [tag] => MAIL [default] => true [unset] => [set] => ) [FUNCTIONAL] => Array ( [set] => (!(|(objectClass=posixAccount))) ) ) Unknown element type specified! FUNCTIONAL

It seems that it keeps piling up things. If I logout and login it works again.

When I add and I safe the user data the dn of the user changes from dn: uid= to dn: cn=givenname Sirname+uid=uid,ou=people,dc=dc,dc=com visa versa.

This only happens on one system.
This is a Debian Jessie server with the 1.0.16 and newer packages created by fusiondirectory installed.

I've attached the config part of ldap, i have anonymized some parts.
The only difference that I notice is that the group name is group in stead of the standard groups name.

fdOGroupRDN: ou=groups
fdGroupRDN: ou=group

I've changed both to group, this didn't solve the issue.

In previous fusiondirectory versions the option "'Include personal title in user DN" existed, but this option is gone.

I've attached the config part of LDAP.

config.txt

I see this issue in my fusiondirectory 10.0.16 and up. It looks like a ldap item issue. If I connect the instance to another ldap instance I don't see this issue.

This issue was also reported at: https://forge.fusiondirectory.org/issues/5238

Hi,
I search to integrate xml inventory files generated with fusioninventory to fusiondirectory.
Is there any documentation to do this ?

We have allready find how to populate fusiondirectory inventory objects directly from fusioninventory-agent command. But we want to generate first with fusioninventory-agent an xml file on each computer and "inject" this files in fusiondirectory inventory objects.

The maintener of fusioninventory-agent says he can't help us and invite us to write to you.

Thanks in advance,

Is there a reason for this to be the check for mail groups:

$ldap->search('(&(objectClass=posixGroup)(objectClass=fdGroupMail))', array('cn'));

Describe the bug
When editing an existing user (for example, adding address), and trying to apply, fusion directory asks to give password (and confirm password).

How can we disable this? (If we don't want and don't have to modify user password)

To Reproduce
Steps to reproduce the behavior:

1. Go to Users
2. Click on any existing user
3. Modify any field about user (except password)
4. Click on apply

Expected behavior
Password change must not be asked

Desktop (please complete the following information):

• OS: Debian 10
• PHP: 7.3
• PHP provenance: [original Debian]
• Browser : firefox
• Version : latest

The length of the of the password is limited in the smarty template. I see no technical reasons for this. If so, it really should be deleted because it's a non-sense to limit it.

In ihtml/themes/breezy/login.tpl, currently line 37:

 <input type="password" name="password" id="password" maxlength="40" value="" title="{t}Password{/t}"/>

I'm trying to create a sync between two instances of OpenLDAP.

I was getting this error message:

syncrepl_message_to_entry: rid=001 mods check (FDPRIMARYGROUPFILTER: attribute type undefined)

I started investigating and found that it was a deprecated attribute that I have removed... But! When I grep in /var/lib/ldap/data.mdb I get a few matches.

Also when I use JXplorer to search for * FDPRIMARYGROUPFILTER* I only get a list of users (the only objects containing references to this dead attribute).

Any pointers on how to fix this?

Referring to this discussion : #14 (comment)

I built Docker images for Fusion Directory and I'm ready to share my project.

To quick start faster, I suggest creating a repositories dedicated for bootstrapping. It could be named : fusiondirectory/fusiondirectory-bootstrap

Since I don’t use source code but package, my Dockerfiles isn't the best to be included in the main repository.

Eventually, this repository could hold many ways to bootstrap Fusion Directory. Then checkouting fusiondirectory/fusiondirectory-boostrap without main code could help to boostrap faster. Maybe, fusiondirectory/fusiondirectory project could have a link to fusiondirectory/fusiondirectory-bootstrap.

Cheers,
Michael

cc : @bilbo-the-hobbit

I followed the tutorial for TLS support, everything went smoothly, but the last step, ie., testing from a client, returns ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

What step could have gone wrong?
What can I do to identify the issue?

Version : FusionDirectory, 1.3
Type of object : Template of user, with unix user schema

• Set template's unix account password expiration date to : %d[today+1year+3months]|%
• Create a user
• His unix account password expiration date is set to : 28 january 1970

I have tested the DATE STRING with date command line.

If you have questions,

Regards,

LDAP operation failed!

Object: cn=config,ou=fusiondirectory,dc=iaps,dc=institute

Error: Undefined attribute type - attribute: fdSslKeyPath (fdSslKeyPath: attribute type undefined, while operating on 'cn=config,ou=fusiondirectory,dc=iaps,dc=institute' using LDAP server 'ldap://localhost:389') 

fusiondirectory-insert-schema -l
core
cosine
nis
inetorgperson
samba
core-fd
core-fd-conf
ldapns
recovery-fd
systems-fd
systems-fd-conf
template-fd
dhcp-fd

rgrep fdSslKeyPath /etc/ldap/schema/fusiondirectory/
/etc/ldap/schema/fusiondirectory/core-fd-conf.schema:attributetype ( 1.3.6.1.4.1.38414.8.20.2 NAME 'fdSslKeyPath'
/etc/ldap/schema/fusiondirectory/core-fd-conf.schema:    fdSslCaCertPath $ fdSslKeyPath $ fdSslCertPath $

I am not sure how to fix this issue. I am using latest stable release 1.0.12:

cat /etc/lsb-release 
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=16.04
DISTRIB_CODENAME=xenial
DISTRIB_DESCRIPTION="Ubuntu 16.04 LTS"

dpkg -s fusiondirectory
Package: fusiondirectory
Status: install ok installed
Priority: optional
Section: web
Installed-Size: 5846
Maintainer: FusionDirectory packages maintainers group <[email protected]>
Architecture: all
Version: 1.0.12-1
Replaces: fusiondirectory-plugin-dashboard (<< 1.0.8.7), fusiondirectory-plugin-dashboard-schema (<< 1.0.8.7)
Depends: apache2 | lighttpd | httpd | nginx, fusiondirectory-smarty3-acl-render, gettext, javascript-common, libarchive-extract-perl, libcrypt-cbc-perl, libdigest-sha-perl, libfile-copy-recursive-perl, libjs-prototype, libjs-scriptaculous, libnet-ldap-perl, libpath-class-perl, libterm-readkey-perl, libxml-twig-perl, openssl, php-fpdf, php5 | php, php-cas, php5-cli | php-cli, php5-curl | php-curl, php5-gd | php-gd, php5-imagick | php-imagick, php5-imap | php-imap, php5-ldap | php-ldap, php5-recode | php-recode, schema2ldif, smarty-gettext (>= 1.1), smarty3
Suggests: argonaut-server, fusiondirectory-schema (= 1.0.12-1), slapd
Breaks: fusiondirectory-plugin-dashboard (<< 1.0.8.7), fusiondirectory-plugin-dashboard-schema (<< 1.0.8.7)
Conflicts: gosa
Conffiles:
 /etc/fusiondirectory/fusiondirectory-apache.conf e4025297aa8615b1a4e692c9ca68c77c
Description: Web Based LDAP Administration Program
 Provided is access to posix, shadow, samba, proxy, pureftp and
 kerberos accounts. It is able to manage the postfix/cyrus server
 combination and can write user adapted sieve scripts.
 .
 FusionDirectory is a combination of system-administrator and end-user web
 interface, designed to handle LDAP based network infrastructures.
Homepage: http://www.fusiondirectory.org/

This seems to me like a bug. It seems harmless because I can go to the next page but after the configuration is done I cannot login with my super admin user.

After logging in and navigating to [Users] or [Groups], hovering over [Actions] should release a drop-down menu, from which I can create a new new [User/Group/etc]. Under some cases, that hovering over [Actions] does not release the drop-down menu (see image below).

I don't think this is relevant, but my setup is using Lighttpd 1.4.31-4.

Fusion directory installations fails for all the versions in RHEL 7 owing to missing dependency php-Smarty3 from fusiondirectory-extra repos

Hello,
Thanks you for this project!

I think it would be nice, if he(fusiondirectory package) not pulled as much dependences of packages. From this is very many problems in deployment and settup.

May be you look on - composer - manager package for php.

Packages that, I think not need: javascript-common, prototype.js, scriptaculous, smarty3, smarty-gettext, fusiondirectory-smarty3-acl-render. Is the same - javascript-common - not obvious "location" in apache - what if apache backend, ngin frontend with virtualhost, or docker container.

You did not think to add docker image.