AlekSIS-App-LDAP issueshttps://edugit.org/AlekSIS/official/AlekSIS-App-LDAP/-/issues2020-06-26T14:38:43Zhttps://edugit.org/AlekSIS/official/AlekSIS-App-LDAP/-/issues/8Add more management commands2020-06-26T14:38:43ZNik | Klampfradlerdominik.george@teckids.orgAdd more management commandsAdd some more management commands
* [ ] Import one user by user name
* [ ] Import one group by group name
Also, find a generic pattern for these commands (e.g. let them all start with `ldap_`).Add some more management commands
* [ ] Import one user by user name
* [ ] Import one group by group name
Also, find a generic pattern for these commands (e.g. let them all start with `ldap_`).Tom Teichlertom.teichler@teckids.orgTom Teichlertom.teichler@teckids.orghttps://edugit.org/AlekSIS/official/AlekSIS-App-LDAP/-/issues/28Document IServ specifics2022-04-05T17:59:35ZNik | Klampfradlerdominik.george@teckids.orgDocument IServ specifics*This issue tracks some IServ specifics found while beta-testing in such an environment*
* Groups are both `groupOfName` and `posixGroup`, but `groupOfName` was renamed to `groupOfMembers` because the original `groupOfNames` disallows c...*This issue tracks some IServ specifics found while beta-testing in such an environment*
* Groups are both `groupOfName` and `posixGroup`, but `groupOfName` was renamed to `groupOfMembers` because the original `groupOfNames` disallows combination with `posixGroup`. Users should use `posixGroup`https://edugit.org/AlekSIS/official/AlekSIS-App-LDAP/-/issues/37Implement user and person creation2022-12-14T18:48:28ZmagicfelixImplement user and person creationhttps://edugit.org/AlekSIS/official/AlekSIS-App-LDAP/-/commit/2a553a317451baf748c4a60a6e117515d0e6f82c
Currently, ldap_create_user() just prepares some variables, but does not interact with the LDAP server.
In order to make this work, ...https://edugit.org/AlekSIS/official/AlekSIS-App-LDAP/-/commit/2a553a317451baf748c4a60a6e117515d0e6f82c
Currently, ldap_create_user() just prepares some variables, but does not interact with the LDAP server.
In order to make this work, we also need a new structure and frontend to configure mappings.
## How will this work?
* The administrator visits the data mangement menu, and chooses "LDAP mappings"
* The "LDAP mapping" page lists all kinds of models that have mappings configured
* The adminsitrator can add a new set of mappings for a model class, e.g. for `Person`
* The administrator needs to configure the base DN for new objects
* The administrator needs to configure the `objectClass`es for new objects
* Creating or editing a set of mappings leads to a page listing all mappings for this model
* The mappings are based on the LDAP attributes, with each mapping having the following columns:
* `ldap_attribute`: The name of the LDAP attribute
* `read_regex`: A regular expression for reading the attribute. This should be, for example `(?<first_name>.*) (?<last_name>.*)` to dissect a `cn`
* `write_template`: A Django template fed with the model instance, generating the LDAP value
## Caveats
* A migration is needed to transfer the existing preferences into a mapping set for `Person`magicfelixmagicfelixhttps://edugit.org/AlekSIS/official/AlekSIS-App-LDAP/-/issues/39Distinguish group owners/members by base DN or group membership2022-07-20T17:56:09ZNik | Klampfradlerdominik.george@teckids.orgDistinguish group owners/members by base DN or group membershipWhen integrating with a Linuxmuster.net system, we found that (at least in that instance), teachers are members of the class LDAP groups, and no owner information is recorded in LDAP. It seems that the only distinguishung factor for teac...When integrating with a Linuxmuster.net system, we found that (at least in that instance), teachers are members of the class LDAP groups, and no owner information is recorded in LDAP. It seems that the only distinguishung factor for teachers is their membership in a role group.
The import should be able to distinguish group owners based on that.https://edugit.org/AlekSIS/official/AlekSIS-App-LDAP/-/issues/40Detect group types based on some attribute2022-07-20T17:56:09ZNik | Klampfradlerdominik.george@teckids.orgDetect group types based on some attributeWhen integrating with a Linuxmuster.net instance, we found #39 . To make this change work (thinking of groups where teachers actually **are** regular members), we could use the `GroupType` system to record which groups are intended for s...When integrating with a Linuxmuster.net instance, we found #39 . To make this change work (thinking of groups where teachers actually **are** regular members), we could use the `GroupType` system to record which groups are intended for student membership or for teacher membership.https://edugit.org/AlekSIS/official/AlekSIS-App-LDAP/-/issues/41LDAP Import does not import changes into current groups of the school year bu...2023-02-04T16:30:10ZSupergamerx3000LDAP Import does not import changes into current groups of the school year but creates new ones.If you create a new school year and assign the groups to it, the groups will be completely recreated with the next LDAP import or when an LDAP user logs in. So you can not sycnen correctly changes that happen in the school year.
Can you...If you create a new school year and assign the groups to it, the groups will be completely recreated with the next LDAP import or when an LDAP user logs in. So you can not sycnen correctly changes that happen in the school year.
Can you build a script as a workaround that syncs the changes from the new groups to the school year groups?Nik | Klampfradlerdominik.george@teckids.orgNik | Klampfradlerdominik.george@teckids.org2022-09-09https://edugit.org/AlekSIS/official/AlekSIS-App-LDAP/-/issues/42Document LDAP usage with Puavo2022-12-14T18:48:10ZNik | Klampfradlerdominik.george@teckids.orgDocument LDAP usage with PuavoDocument the parameters required or recommende to authenticate and sync (AlekSIS-App-LDAP) users and people from a Puavo school.
All parts can be documented in the handbook of AlekSIS-App-LDAP.
For that, start a new sub chapter in the ...Document the parameters required or recommende to authenticate and sync (AlekSIS-App-LDAP) users and people from a Puavo school.
All parts can be documented in the handbook of AlekSIS-App-LDAP.
For that, start a new sub chapter in the handbook, with a sub-sub chapter for Puavo, and document how to setup the Puavo server for AlekSIS' connection and how to configure all aspects of AlekSIS correctly so it correctly consumes users, persons and groups from Puavo.magicfelixmagicfelix2022-10-21https://edugit.org/AlekSIS/official/AlekSIS-App-LDAP/-/issues/43Write back basic person attributes on change2022-12-14T18:48:04ZNik | Klampfradlerdominik.george@teckids.orgWrite back basic person attributes on changemagicfelixmagicfelixhttps://edugit.org/AlekSIS/official/AlekSIS-App-LDAP/-/issues/44Write back group memberships on changes2022-12-14T18:47:59ZNik | Klampfradlerdominik.george@teckids.orgWrite back group memberships on changesmagicfelixmagicfelixhttps://edugit.org/AlekSIS/official/AlekSIS-App-LDAP/-/issues/48Write auxiliary data when updating/creating objects2023-03-22T18:53:38ZNik | Klampfradlerdominik.george@teckids.orgWrite auxiliary data when updating/creating objectsSome LDAP implementations rely on special state objects to track IDs. An example is Puavo's ID tracking object:
```ldif
cn=IdPool,o=puavo
objectClass: top
objectClass: puavoIdPool
cn: IdPool
puavoNextRid: 3
puavoNextDatabaseId: 1
puavoN...Some LDAP implementations rely on special state objects to track IDs. An example is Puavo's ID tracking object:
```ldif
cn=IdPool,o=puavo
objectClass: top
objectClass: puavoIdPool
cn: IdPool
puavoNextRid: 3
puavoNextDatabaseId: 1
puavoNextKadminPort: 10004
puavoNextGidNumber: 10007
puavoNextUidNumber: 10005
puavoNextId: 17
```
We need a method to update values in such ID objects when modifying the tree from AlekSIS.magicfelixmagicfelix