nuxsmin / syspass Goto Github PK

Hello,

in case of LDAP users, it would be good, if the Email address would be the one from the LDAP directory ("mail") and if it is not changeable in the user management.

hope this could be integrated -> but no metter, i will introduce it in next week in our company! great work.

Enable mail auth and give the option to use HTML instead plain text

Hello,

Might be a bug:
If I click on "generate password" Icon a new pw is generated and filled into the fields.
A click on "show password" icon does nothing. Tested in stable and 1.1 beta on Chrome and Firefox.

Kind regards,
Markus

Hi,

It would be nice to be able to use my google apps domain as auth backend.

example code: http://www.mediawiki.org/wiki/Extension:GoogleAppsAuthentification

When accessing to accounts can occur that is displayed a permission denied error.

No matter how permissions are set, this error persists:
"/config" directory permissions are incorrect

Would it be possible to provide the correct security settings for the /config directory when running on Windows?

Hello,
Wiki: If an user logs in through LDAP, it will be inactive until an administrator changes the group and profile.
I'd like to have an option to define a group + profile for newly created users, so that admins won't have to log in for every new user.
Kind regards

Edit: Just saw your answer to #45 .. "This feature will be added soon".

Hey there,

Awesome work on this by the way. I tried upgrading to the beta because I wanted to manage the categories/customers. Also wanted to use the copy to clipboard function. One thing i did not like though is the new view to list the accounts. Is there a way to go back to the original view (rows and columns) without downgrading?

Thank You

@nuxsmin

To reproduce:

• Create a new account or edit an existing one
• Include a left angle bracket "<" somewhere in the middle of your password. For example the password "pass<word" will do.
• Save the the account

Outcome:

• The characters of the password after and including the left angle bracket are missing when viewing the password. For example the above mentioned password would show as "pass"

Expected:

• The entire original password should be shown when viewing a saved password.

Return to edit account data when creating a new one

It would be nice to have a button that would copy the password directly to the clipboard instead of clicking view password.

Add the ability to import accounts form CSV file

Permissions for others users/groups are lost when account is saved by a user that is not in main group or account owner.

I'm trying to install version 1.0.9 of syspass but I'm getting stuck after I offered the required Information and clicked on the install button. The Browser only shows a blank page. In the PHP error log I got several errors:

mod_fcgid: stderr: PHP Warning:  mysqli::real_escape_string(): Couldn't fetch mysqli in /httpdocs/inc/db.class.php on line 84, referer: https://name.tld/index.php

mod_fcgid: stderr: PHP Warning:  mysqli::query(): Couldn't fetch mysqli in /httpdocs/inc/db.class.php on line 106, referer: https://name.tld/index.php

mod_fcgid: stderr: PHP Warning:  DB::doQuery(): Couldn't fetch mysqli in /httpdocs/inc/db.class.php on line 109, referer: https://name.tld/index.php

mod_fcgid: stderr: PHP Warning:  DB::doQuery(): Couldn't fetch mysqli in /httpdocs/inc/db.class.php on line 112, referer: https://name.tld/index.php

mod_fcgid: stderr: pdocs/inc/db.class.php on line 84, referer: https://name.tld/index.php

These error messages do repeat very often.

Finally the log ends with a fatal error:

mod_fcgid: stderr: PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted

In the database columns were created but there is no data inside.
I'm in a Plesk (http://www.parallels.com/products/plesk/) environment with Apache, Ngnix, MYSQL and PHP 5.5.13. It doesn't make sense to change the user of config and backup folder to www-data like it is mentioned in the installation documentation because that's not working with Plesk. User of the files/folders has to be the user which is the owner of the webspace. I can only set the group to a group that has got the same rights like www-data. Then I have to change the rights of config folder to 770 instead of 750. But then the install script does not start because of that.
Do you've got any idea what to do next?

Best regards
Chris

Hi,

Can you shed some light on the config for MS servers?

I've tried several possibilities but none seem to fit :)

Config:

'ldap_base' => 'DC=pss,DC=com',
'ldap_bindpass' => 'Testerke123!!',
'ldap_binduser' => 'CN=syspass,CN=Users,DC=pss,DC=com',
'ldap_enabled' => false,
'ldap_group' => 'Testerke',
'ldap_server' => '130.145.125.15',
'ldap_userattr' => '',
'log_enabled' => true,

Error:

54 2014-05-12 16:47:45 searchGroupDN ADMIN 130.145.124.242 Error on searching group RDN
LDAP ERROR: Operations error(1)
LDAP FILTER: (cn=Testerke)
53 2014-05-12 16:47:43 searchGroupDN ADMIN 130.145.124.242 Error on searching group RDN
LDAP ERROR: Operations error(1)
LDAP FILTER: (cn=Testerke)

Hi,

I am testing your "send email" option to get alerts.
I installed this on debian 6.0.8, using SENDEMAIL/EXIM4 to receive emails from SysPass and to send them to my inbox.

Yesterday and this morning it worked perfectly, but now doesn't work anymore. I have done nothing on the debian server, all I did was to play around with the SysPass app and now the exim4 log file says:

🔖
2014-04-24 10:44:19 1WdEKR-0000h8-AX <= [email protected] U=www-data P=local S=577
2014-04-24 10:44:19 1WdEKR-0000h8-AX ** [email protected] R=dnslookup T=remote_smtp: SMTP error from remote mail server after HELO SysPass: host e06-mx6.xxxxx.com [195.75.94.114]: 501 Syntax error in parameters or arguments
2014-04-24 10:44:19 1WdEKR-0000hB-Vo <= <> R=1WdEKR-0000h8-AX U=Debian-exim P=local S=1540
2014-04-24 10:44:19 1WdEKR-0000h8-AX Completed
2014-04-24 10:44:20 1WdEKR-0000hB-Vo ** [email protected]: Unrouteable address
2014-04-24 10:44:20 1WdEKR-0000hB-Vo Frozen (delivery error message)
🔖

I am not asking you to debug this, I will try to see what the problem is (keep in mind that I have changed nothing on the server, just in SysPass app, and it wasn't the email address).

Now, the improvement I was talking about: you could use send email function from PHP5 and you would not depend on an email server to relay your messages

Thanks

If I edit LDAP Data (ldap is still switched to off) and go for save - the data vanishes.
E.g.: server + searchprefix is saved, the rest not.
Normal behaviour if the ldap connect does not work? Should be saved always I think.
I got a "ldap connected" thingy once .. but since then I am not able to figure it out again..

User can't change there password. They have the permission, but the same button doesn' work. I use the 1.1 version from 3 days ago.

Change height to fit screen size.

Hi,

It would be nice to have the ability to reset a users password from email.

great work!!

Though there is an LDAP configuration, there doesn't seem to be a way to give LDAP users access to the sysPass system. How would one accomplish this?

When attempting to login using an account within the group specified, Internal Error is displayed. This appears in the log:

You have an error in your SQL syntax; Manual That Corresponds the check to your MySQL server version for the right syntax to use near 'T} HFs_ JPR S,? user_email = 'r' at line 6 (1064)
SQL: INSERT INTO usrData SET \ n user_name = \ '----, ----- ', \ n user_groupId = 0, \ n user_login = \ '-----.----- ', \ n user_pass = \ '--------------------------------------------------- ', \ n user_hashSalt =
7 +8 CT} HFs_? JPR? S, \ n user_email = \ '[email protected] \ ', \ n user_notes = \ "LDAP ', \ n user_profileId = 0, \ n user_isLdap = 1, \ n = 1 user_isDisabled

Specific user information has been removed.

Hello,
Good work so far :-)
I an currently evaluating your beta and found some glitches which you should fix, opening one ticket per error.

It seems the LDAP auth automatically adds cn= as prefix, so even if I use ou=My Group, I recieve an Error: LDAP FILTER: (cn=ou=My Usergroup).
Regards, Markus

I changed the language in the config but it does not seem to work.

from config.php
'sitelang' => 'en_US',

from site
13 2013-12-13 14:04:48 Inicio sesión (MySQL) ADMIN Usuario: Admin
Perfil: 1
Grupo: 1

I have restarted apache and tried reconfiguring the who app without change.

Hello,

I've tried to install your beta on 3 different servers, only one did work.
windows xampp has no LC_MESSAGES and with php 5.4 problems installing (sql error because of the @xy.. @
manually inporting dbstructure.sql via phpmyadmin on xammp works well, but since this is not supported the program will still ask for installation afterwards, instead of only adding the required data to the db if the structure is already present.

On a Centos6 lamp (php 5.3.3) I got problems which I didn't figure out - had no time to look.

Today I tried it at my dev machine here at work (also CentOS6 Lamp stack with PHP 5.3.3 and many modules), with a new db it works like a charm.

And a bug in your rollback in installer.php:~350 ..
should be DROP DATABASE .. self::$dbname (now its dbc)

Regards,
Max

It would be nice to have a clickable password that actually copies it to the clipboard.

Hi,

I think you should add second confirmation inputfields on installation, for both of the passwords. Especially for Master Password it's bad if you have to reinstall syspass because of a typo in the MP.

Kind regards,
Markus

hello.
I have got some problems to get ldap working.
I do not know if I use wrong configs or something else is the problem.

we are using ldaps (secure) on port 636.

If I use following configuration, I can see access in the ldap-log:

'ldapenabled' => 1,
'ldapserver' => 'ldaps://ldapserver.company.com',
'ldapbase' => 'ou=company1,ou=users,dc=company,dc=com',
'ldapgroup' => 'cn=marketing,ou=groups',
'ldapuserattr' => 'cn',
'ldapbinduser' => 'cn=administrator,dc=company,dc=com',
'ldapbindpass' => 'mysecretpassword',

I see somehting like this in ldap-log - but I cannot find an error:

Feb 6 14:30:23 companymy slapd[755]: daemon: read active on 28
Feb 6 14:30:23 companymy slapd[755]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Feb 6 14:30:23 companymy slapd[755]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Feb 6 14:30:23 companymy slapd[755]: connection_get(28)
Feb 6 14:30:23 companymy slapd[755]: connection_get(28): got connid=3644757
Feb 6 14:30:23 companymy slapd[755]: connection_read(28): checking for input on id=3644757
Feb 6 14:30:23 companymy slapd[755]: op tag 0x60, time 1391693423
Feb 6 14:30:23 companymy slapd[755]: conn=3644757 op=2 do_bind
Feb 6 14:30:23 companymy slapd[755]: conn=3644757 op=2 BIND anonymous mech=implicit ssf=0
Feb 6 14:30:23 companymy slapd[755]: >>> dnPrettyNormal: <cn=first.lastname,ou=company,ou=users,dc=company,dc=com>
Feb 6 14:30:23 companymy slapd[755]: daemon: activity on 1 descriptor
Feb 6 14:30:23 companymy slapd[755]: <<< dnPrettyNormal: <cn=first.lastname,ou=company,ou=users,dc=company,dc=com>, <cn=first.lastname,ou=company,ou=users,dc=company,dc=com>
Feb 6 14:30:23 companymy slapd[755]: daemon: activity on:
Feb 6 14:30:23 companymy slapd[755]: conn=3644757 op=2 BIND dn="cn=first.lastname,ou=company,ou=users,dc=company,dc=com" method=128
Feb 6 14:30:23 companymy slapd[755]:
Feb 6 14:30:23 companymy slapd[755]: do_bind: version=3 dn="cn=first.lastname,ou=company,ou=users,dc=company,dc=com" method=128
Feb 6 14:30:23 companymy slapd[755]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Feb 6 14:30:23 companymy slapd[755]: ==> hdb_bind: dn: cn=first.lastname,ou=company,ou=users,dc=company,dc=com
Feb 6 14:30:23 companymy slapd[755]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Feb 6 14:30:23 companymy slapd[755]: bdb_dn2entry("cn=first.lastname,ou=company,ou=users,dc=company,dc=com")
Feb 6 14:30:23 companymy slapd[755]: => access_allowed: result not in cache (userPassword)
Feb 6 14:30:23 companymy slapd[755]: => access_allowed: auth access to "cn=first.lastname,ou=company,ou=users,dc=company,dc=com" "userPassword" requested
Feb 6 14:30:23 companymy slapd[755]: => acl_get: [1] attr userPassword
Feb 6 14:30:23 companymy slapd[755]: => acl_mask: access to entry "cn=first.lastname,ou=company,ou=users,dc=company,dc=com", attr "userPassword" requested
Feb 6 14:30:23 companymy slapd[755]: => acl_mask: to value by "", (=0)
Feb 6 14:30:23 companymy slapd[755]: <= check a_dn_pat: self
Feb 6 14:30:23 companymy slapd[755]: <= check a_dn_pat: anonymous
Feb 6 14:30:23 companymy slapd[755]: <= acl_mask: [2] applying auth(=xd) (stop)
Feb 6 14:30:23 companymy slapd[755]: <= acl_mask: [2] mask: auth(=xd)
Feb 6 14:30:23 companymy slapd[755]: => slap_access_allowed: auth access granted by auth(=xd)
Feb 6 14:30:23 companymy slapd[755]: => access_allowed: auth access granted by auth(=xd)
Feb 6 14:30:23 companymy slapd[755]: conn=3644757 op=2 BIND dn="cn=first.lastname,ou=company,ou=users,dc=company,dc=com" mech=SIMPLE ssf=0
Feb 6 14:30:23 companymy slapd[755]: do_bind: v3 bind: "cn=first.lastname,ou=company,ou=users,dc=company,dc=com" to "cn=first.lastname,ou=company,ou=users,dc=company,dc=com"
Feb 6 14:30:23 companymy slapd[755]: send_ldap_result: conn=3644757 op=2 p=3
Feb 6 14:30:23 companymy slapd[755]: send_ldap_result: err=0 matched="" text=""
Feb 6 14:30:23 companymy slapd[755]: send_ldap_response: msgid=3 tag=97 err=0
Feb 6 14:30:23 companymy slapd[755]: conn=3644757 op=2 RESULT tag=97 err=0 text=
Feb 6 14:30:23 companymy slapd[755]: daemon: activity on 1 descriptor
Feb 6 14:30:23 companymy slapd[755]: daemon: activity on:
Feb 6 14:30:23 companymy slapd[755]: 28r
Feb 6 14:30:23 companymy slapd[755]:
Feb 6 14:30:23 companymy slapd[755]: daemon: read active on 28
Feb 6 14:30:23 companymy slapd[755]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Feb 6 14:30:23 companymy slapd[755]: connection_get(28)
Feb 6 14:30:23 companymy slapd[755]: connection_get(28): got connid=3644757
Feb 6 14:30:23 companymy slapd[755]: connection_read(28): checking for input on id=3644757
Feb 6 14:30:23 companymy slapd[755]: op tag 0x42, time 1391693423
Feb 6 14:30:23 companymy slapd[755]: ber_get_next on fd 28 failed errno=0 (Success)
Feb 6 14:30:23 companymy slapd[755]: connection_read(28): input error=-2 id=3644757, closing.
Feb 6 14:30:23 companymy slapd[755]: connection_closing: readying conn=3644757 sd=28 for close
Feb 6 14:30:23 companymy slapd[755]: connection_close: deferring conn=3644757 sd=28
Feb 6 14:30:23 companymy slapd[755]: conn=3644757 op=3 do_unbind
Feb 6 14:30:23 companymy slapd[755]: conn=3644757 op=3 UNBIND
Feb 6 14:30:23 companymy slapd[755]: connection_resched: attempting closing conn=3644757 sd=28
Feb 6 14:30:23 companymy slapd[755]: connection_close: conn=3644757 sd=28
Feb 6 14:30:23 companymy slapd[755]: daemon: removing 28
Feb 6 14:30:23 companymy slapd[755]: conn=3644757 fd=28 closed
Feb 6 14:30:23 companymy slapd[755]: daemon: epoll: listen=9 active_threads=0 tvp=zero
Feb 6 14:30:23 companymy slapd[755]: daemon: activity on 1 descriptor
Feb 6 14:30:23 companymy slapd[755]: daemon: activity on:
Feb 6 14:30:23 companymy slapd[755]:
Feb 6 14:30:23 companymy slapd[755]: daemon: epoll: listen=8 active_threads=0 tvp=zero
Feb 6 14:30:23 companymy slapd[755]: daemon: epoll: listen=9 active_threads=0 tvp=zero

Hello,
If I clone and access sysPass, it mentions "wrong permissions on /config" and an Info-icon and the current permission level of the folder.
Would be good to show the required level (750) in this case.
Would save some minutes for new users.
Regards, Max

I am getting "Invalid XML" error when filling out the LDAP settings. I have tried multiple values and get the same issue. What do you need from me to troubleshoot this?

This also happens with any changes I attempt to make.

Hi,

I think it would be great if you could assign every user a profile of some sort, where you can select what customer he can see.
You design is good, but it can be better.

Think of it like this:
You can use you app to store passwords for many users, different customers, etc.
But, if you want to assign a specific person (it admin for example) to watch over the passwords of a specific customer, you cannot, because he will see all passwords (and there are cases where you do not want this).

So, it would be nice to have a profile option of some sort where you can assign every user (SysPass user) to it's customers.

Thanks

When you save a user new password the browser pops an error:
"Uncaught ReferenceError: appMgmtSave is not defined"

Hi,

While I was testing your app, I found out that settings do not work !
I created a USER profile, with some (not all) privileges on the account. No privileges on master password, event log, management, etc, etc. None.
Still that user can do everything !
That is not OK, and needs to be fixed because this is an important part of a pass manager app (at least to me).

Thanks

Use of Drag&Drop

Hi,

I am testing your app and it looks great. But I have a small issue: cannot edit or delete CUSTOMERS from the app, i have to do it manually from db.

Is this by design? or I am missing something?

Thanks,
Bogdan

Hello.

We need the possibility to deeplink to every account detail and copy the password directly from there.

I am using the newest version 1.1beta.

Why?
We are documentating all our customer-information in a wiki - but we do not want to store customer-passwords there. So we wanna use syspass for this.
In our wiki we want to store a deeplink to the password in syspass - so clicking on the deeplink should open the detail-account-site and there it should be possible to copy the password.

I think this would be very helpfull for everybody who uses wikis and do not want to store passwords unencrypted in the wiki.
Our is this already possible with syspass?

Thank you.

Add the ability to import accounts from KeePass or KeePassX

Hi,

I am trying to migrate a old phppms database to a new sysPass 1.0.6 installation but it fails with:

Error while retrieving accounts Unknown column 'vacAccountGroups' in 'field list'

After this all groups are gone and the add group button is gone to.
Groups are functioning before i try to migrate.

Good Afternoon,

We were able to have syspass connect to ldap. However have an issue wherein even though a user is not part of the syspass-users group for example, they still were able to login.

Also I was wondering why an account logins in the first time, it tells them their accounts are disabled. On the logs it says an activation email was sent to the user however there wasn't any activation link.

@mdrozeski @wboone

When my non admin user tries to log in, it prompts for a Master Password, but the text box is not editable. An orange box says Master Password is not saved or is wrong.

The online demo has the same behavior. Am I missing something somewhere?

On deleting files, the secutiry token isn't submitted. Return error is a XML object but it need to be plain text.

Hello,
there it would be really nice if it was possible to copy the Password without seeing it to my clipboard.

Kind regards.

Switching between views doesn't remember the filters applied on searching.