Nethserver-delegation needs testers

Development Testing
105

new version of nethserver-delegation

yum install http://mirror.de-labrusse.fr/NethDev/nethserver-delegation/nethserver-delegation-0.1.8-1.ns7.sdl.noarch.rpm

changelog:

* Mon Sep 18 2017 stephane de LAbrusse <stephdl@de-labrusse.fr> 0.1.8-1.ns7
- Allow Admin todo by default
1 Like
106

Works as expected! :ok_hand:
Maybe put away the admin todo messages checkbox in module user settings, because now it has no function anymore

Another thought: Some admin todo messages may include a link(i.e. Check Firewall rules) to a not delegated module -> 403 forbidden error

1 Like
107

do you have an example that I can reproduce please

108

I deactivated the firewall to produce an admin todo message:

2017-09-18 23-49-58.png952×435 20.4 KB

When I now click on “Check firewall rules” I get a 403 error, because it links to /FirewallRules/CheckRules:

1 Like
109

Update:

When having delegation to Firewall Rules, you won’t get the 403 error, so there are delegations that depend on others.

[root@testserver ~]# cat /etc/nethserver/todos.d/* | grep url
            "url": '/NetworkAdapter?renameInterface'
            "url": '/NetworkAdapter'
            "url": '/Account'
    msg = {"action": {"label": _('Change password strength'), "url": '/Password'}, "text": _('Password policy is too weak'), "icon": "warning"}
            "url": "/BackupData"
    msg = {"action": {"label": _('Check firewall rules'), "url": '/FirewallRules/CheckRules'}, "text": _('The firewall is NOT running'), "icon": "exclamation-triangle"}
    msg = {"action": {"label": _('Deep Packet Inspection (DPI) module is not available'), "url": '/Shutdown'}, "text": _('Restart the system and select a Linux kernel with DPI module support'), "icon": "refresh"}
            "url": '/BackupConfig#!BackupConfig_Reinstall'
            "url": '/BackupData'

So Admin Todo, NetworkAdapter, Account, Password, BackupConfig, BackupData, FirewallRules and Shutdown are a “delegation group”.

I changed on my testserver from AD to LDAP, gave new passwords and delegations are working as good as with AD.

110

These rpms are on Steph repositories, so I’d like to set up a process to

  • define them “stable” enough
  • close a topic like this
  • announce that NethServer has a delegation module :slight_smile:

What do you think guys?

3 Likes
111

Agree!

If possible, I’d also add the paypal button for Stephane inside the announcement. :wink:

2 Likes
112

Hi @mrmarkuz I’m not sure to catch you. I understand that some url won’t be allowed to a user, but I cannot delegate them by default. It is from my point of view a choice of the sysadmin.

For example the todo message displays a warning related to a weak password and of course if this panel is not delegated then a 403 message is displayed.

it means that the sysadmin needs to grant each needed panel. After said that we could imagine also some preconfigured delegation group

113

I agree with you. I wanted to bring away the errors, but in this case it’s just ok to have a forbidden error.

I think grouping or roles would make sense because there are many checkboxes, but it’s a nice to have.
From my point of view the delegation module is working properly with AD and LDAP.

114

well the nethserver-delegation version for NS7 is now available in my repo, thank to all @dnutan @mrmarkuz and all people involved here

time to close this thread, all NFR needs another thread

@alefattorini you can go

2 Likes
116

Your PR is now in the core, in 7.4.1708/updates:

nethserver-dc-1.4.0-1.ns7.x86_64.rpm
nethserver-dc-debuginfo-1.4.0-1.ns7.x86_64.rpm
nethserver-sssd-1.3.4-1.ns7.noarch.rpm
5 Likes