vicentgj / ad-webmanager Goto Github PK
View Code? Open in Web Editor NEWA web interface for administration of Active Directory Domains, made in Python, with focus on easy of use and simplicity.
A web interface for administration of Active Directory Domains, made in Python, with focus on easy of use and simplicity.
Cuando se edite o adicione un usuario por lo general se establece una contraseña genérica y se le dice al usuario que la debe cambiar, esto último debe ser imperativo o al menos se debe tener una opción para obligar al usuario a realizar el cambio.
Intenté probar con la Bandera La contraseña expiró para ver si satisface la necesidad pero no funciona #13
Support for managing computer objects is very bare-bones as the application was designed primarily for managing users and persons. One way to improve is to design a computer-specific edit page, that shows and edits the computers' attributes
Este problema estaba solucionado parcialmente. De forma sencilla, un usuario por línea, podía adicionar múltiples usuarios al grupo sin contar los problemas mencionados en #12 y #15.
Ahora ya no se puede ejecutar tal acción, ni tan siquiera 2 usuarios. Tampoco se puede poner por línea como se hizo anteriormente.
Se probó poniendo coma distintos separadores sin obtener resultados positivos.
the button is showing inside containers also
Adicionar Tipo de curso para estudiantes, ya sea CPE o CRD.
Adicionar Tipo de Usuario, mostrar categorías.
Hi @VicentGJ
After applying the update you released for this project, 3 weeks ago, I can't delete a computer object in the window where all computer objects are listed. The only way to do it is to enter the computer object ('profile page') I want to delete and then click 'Remove user'.
In addition to that, when I try to move the computer object to another OU, by checking the check box of the computer object (that I want to move) and then 'Move One Level Up', it gives the same error I receive with deleting the computer object.
It doesn't happen when I move a user to another OU. Moving a user to another OU or deleting a user without entering the user 'profile page', works.
I attached a screenshot here
I would appreciate it if you can take a look and fix it
Thanks
Fails with: AttributeError: '_AppCtxGlobals' object has no attribute 'delegate_control'
the DistinguishedName is shown on some buttons and headers, instead of the actual name
Eliminar la letra u del prefijo que se genera en el script que crea los nuevos usuarios. Es necesario resolver esto antes de que se sigan creando nuevas cuentas..
Hi!
In MailAD we use the email of the group to auto-magically create email distribution groups, so we need a way to set & edit this setting.
More issues to come (I will try to contribute to the fix, but my flask is not so good)
Note: I'm one of the sysadmins of the SysAdminsdeCuba Telegram group and we are following the development of this software very happily, please evaluate the possibility to join that channel as we can give you valuable feedback and also help on bug squashing and implementing new features, yes, some of the sysadmins are kind of software devs.
Any user with the flag: "Password does not expire", shows an incorrect status: "Deactivated" in the lists.
We need to assure all local admins only access to the Web manager from their own IP, preventing unauthorized or illegal use.
The project is already cumbersome to deploy for non python savvy admins. This will get more complicated once v2, currently being worked on (see #53). This issue is being created to solve the problem both short-term (current version), and long-term. Consider ansible, .sh script setup scripts and the sort.
add to ldap.py the function to edit names of groups and OUs.
the user edit page has too much padding-top
Username not being edited -> distinguishedName not being edited
2022-08-27 13:10:39 | ERROR | Got an exception
Traceback (most recent call last):
File "/home/carlos/github/AD-webmanager/plugins/user.py", line 415, in user_edit_profile
ldap_update_attribute(user['distinguishedName'], "distinguishedName", value)
File "/home/carlos/github/AD-webmanager/libs/ldap_func.py", line 366, in ldap_update_attribute
connection.rename_s(dn, value, new_parent)
File "/home/carlos/github/AD-webmanager/venv/lib/python3.8/site-packages/ldap/ldapobject.py", line 481, in rename_s
resp_type, resp_data, resp_msgid, resp_ctrls = self.result3(msgid,all=1,timeout=self.timeout)
File "/home/carlos/github/AD-webmanager/venv/lib/python3.8/site-packages/ldap/ldapobject.py", line 543, in result3
resp_type, resp_data, resp_msgid, decoded_resp_ctrls, retoid, retval = self.result4(
File "/home/carlos/github/AD-webmanager/venv/lib/python3.8/site-packages/ldap/ldapobject.py", line 553, in result4
ldap_result = self._ldap_call(self._l.result4,msgid,all,timeout,add_ctrls,add_intermediates,add_extop)
File "/home/carlos/github/AD-webmanager/venv/lib/python3.8/site-packages/ldap/ldapobject.py", line 128, in _ldap_call
result = func(*args,**kwargs)
ldap.OTHER: {'msgtype': 109, 'msgid': 10, 'result': 80, 'desc': 'Other (e.g., implementation specific) error', 'ctrls': [], 'info': '00002095: Other'}
Teniendo en cuenta lo planteado en #16 estos datos también deben ser agregados a la información de cada usuario.
También se debe incorporar la variable o
como medio de verificación de un parámetro que se usa en otros sistemas y que actualmente no se está sincronizando, pero bueno ya eso es del AD, por eso es importante mostrar el dato.
Importante: Entre las variables mencionadas en #16 hay una que muestra última fecha en la que fue modificado el usuario. No puede faltar en la información final que usuario fue el que lo modificó. Este dato pudiera aparecer de último, pero es muy importante.
Can't delete OUs that have other objects inside
Es necesario que, conociendo previamente el usuario, pueda adicionarlo a mis grupos o listas de distribución. Actualmente solo elo puedo hacer con los siguientes usuario que probé (acivan, acarturo) puesto que seguro tienen algún tipo de permiso en el AD, pero de forma general debería de poder hacerlo con cualquiera dada la necesidad de que los usuarios de un área puedan acceder a los servicios de otras.
Teniendo la posibilidad de visualizar un usuario de otra OU cuando realice una búsqueda directa como hice con esos usuarios es suficiente para resolver esta cuestión.
when creating a user with a weak password(ex: 123) the user is actually created, tho the error flash message appears on the user add form
users with no pfp cant edit it and set one
might save someone a few minutes.... (make sure to put a settings.py file in the same folder as the Dockerfile)
FROM docker.io/ubuntu:20.04
RUN apt-get update
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y \
python3-pip \
build-essential \
python3-dev \
libldap2-dev \
libsasl2-dev \
slapd \
ldap-utils \
tox \
lcov \
valgrind \
git
RUN useradd -c "AD-webmanager" -U -s /bin/bash -m -d /srv/ad-webmanager ad-webmanager
USER ad-webmanager
WORKDIR /srv/ad-webmanager
RUN git clone https://github.com/VicentGJ/AD-webmanager.git
RUN cd AD-webmanager && \
pip install -r requirements.txt
COPY settings.py AD-webmanager/settings.py
RUN mkdir AD-webmanager/logs
EXPOSE 8080
WORKDIR /srv/ad-webmanager/AD-webmanager
CMD ["python3", "ADwebmanager.py"]
Currently, if you want to add more attributes to the UserAdd form, for example, you have to dive directly into the codebase, while making compatibility with the master branch a real hassle.
The attributes that will be work with should be defined in the settings file.
Es necesario incorporar el filtro por dirección de correo.
Make this more compatible with a variety of DBs and configurations.
2023-03-28 10:46:45 | INFO | 10.230.43.173 - - [28/Mar/2023 10:46:45] "GET /?debugger=yes&cmd=resource&f=style.css HTTP/1.1" 200 -
2023-03-28 10:46:45 | INFO | 10.230.43.173 - - [28/Mar/2023 10:46:45] "GET /?debugger=yes&cmd=resource&f=debugger.js HTTP/1.1" 200 -
2023-03-28 10:46:45 | INFO | 10.230.43.173 - - [28/Mar/2023 10:46:45] "GET /?debugger=yes&cmd=resource&f=console.png HTTP/1.1" 200 -
2023-03-28 10:46:45 | INFO | 10.230.43.173 - - [28/Mar/2023 10:46:45] "GET /?debugger=yes&cmd=resource&f=ubuntu.ttf HTTP/1.1" 200 -
2023-03-28 10:46:45 | INFO | 10.230.43.173 - - [28/Mar/2023 10:46:45] "GET /?debugger=yes&cmd=resource&f=console.png HTTP/1.1" 200 -
2023-03-28 10:46:48 | INFO | 10.230.43.173 - - [28/Mar/2023 10:46:48] "GET / HTTP/1.1" 500 -
Traceback (most recent call last):
File "/venv/lib/python3.10/site-packages/flask/app.py", line 2091, in call
return self.wsgi_app(environ, start_response)
File "/venv/lib/python3.10/site-packages/flask/app.py", line 2076, in wsgi_app
response = self.handle_exception(e)
File "/venv/lib/python3.10/site-packages/flask/app.py", line 2073, in wsgi_app
response = self.full_dispatch_request()
File "/venv/lib/python3.10/site-packages/flask/app.py", line 1518, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/venv/lib/python3.10/site-packages/flask/app.py", line 1516, in full_dispatch_request
rv = self.dispatch_request()
File "/venv/lib/python3.10/site-packages/flask/app.py", line 1502, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
File "/AD-webmanager/libs/ldap_func.py", line 625, in _decorator
if not auth or not _ldap_connect(auth.username, auth.password):
File "/AD-webmanager/libs/ldap_func.py", line 537, in _ldap_connect
connection.simple_bind_s("%s@%s" % (username, g.ldap['domain']),
File "/venv/lib/python3.10/site-packages/ldap/ldapobject.py", line 248, in simple_bind_s
msgid = self.simple_bind(who,cred,serverctrls,clientctrls)
File "/venv/lib/python3.10/site-packages/ldap/ldapobject.py", line 242, in simple_bind
return self._ldap_call(self._l.simple_bind,who,cred,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls))
File "/venv/lib/python3.10/site-packages/ldap/ldapobject.py", line 128, in _ldap_call
result = func(*args,**kwargs)
Some users at the SysadminsdeCuba community (see #55) are willing to try the software but install instructions are no complete for Debian or Ubuntu (most used distros so far)
So there is a need to improve that, I will send a Pull Request with the fix soon.
Adicionar los valores de cUJAEDataProvider, cUJAEPersonType, whenCreated, whenCreated, whenChanged
Hi :
I'm trying to use the Dockerfile generated image;but it's not work.
I get this:
`[root@xiaml-srv01 AD-webmanager]# docker build -t admanager:v1.0 .
Sending build context to Docker daemon 16.47MB
Step 1/12 : FROM ubuntu:22.04
---> a8780b506fa4
Step 2/12 : WORKDIR /app
---> Using cache
---> 2ef6cb0f6891
Step 3/12 : COPY . ./
---> Using cache
---> 2d8ab0b83559
Step 4/12 : RUN apt update
---> Using cache
---> c3d2a452cea6
Step 5/12 : RUN apt -y install --no-install-recommends python3-pip python3-venv
---> Running in 4a89dc407d07
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Reading package lists...
Building dependency tree...
Reading state information...
E: Unable to locate package python3-pip
E: Unable to locate package python3-venv
The command '/bin/sh -c apt -y install --no-install-recommends python3-pip python3-venv' returned a non-zero code: 100
[root@xiaml-srv01 AD-webmanager]#
`
MY OS: CentOS Stream 9
MY Docker: 20.10.21 Community
Would you give me some advice? thanks verty much~
Best Regards
El texto tipo de persona debe ser denominado como algo más genérico como por ejemplo tipo de cuenta. En este sentido se debe agregar a los valores de selección un parámetro adicional denominado administrativo teniendo en cuenta que es una de los objetivos para los cuales se crearía una cuenta manual.
Este valor Administrativo que propongo tiene como fin que se cree, de ser posible, que la variable carnet de identidad sea condicionada si selecciona cualquiera de las dos opciones anteriores, ya sea estudiante o profesor. Por qué digo esto, pues cuando se crean este tipo de cuentas adicionales como VDD, VDEA, etc.. no están asociadas a un carnet y no sería nada bueno dejar ese parámetro a la improvisación para evitar datos falsos ni repetitivos en el sistema.
Es decir que el campo carnet de identidad solo sea obligatorio cuando se crean cuentas de usuarios personales.
Allow adding multiple members to a group in one go.
The LDAP API for this functionality should be working, but the Web interface is not.
Hi,
I just found your project.
It´s very handy, but I am not capable of reading Spanish :-)
I tried implementing the original pages from samba4 manager with limited success.
Is there a chance, this will be translated?
Best regards!
if a user is created with a username ex: Charles
, it gets saved (so far so good)...after that if you attempt to create another user with the same username, you'll get the error Entry CN=Charles, (< the rest of de dn >), already exists
as a red span type error on the same template.
note
: the URL changes a bit
so far so good, problem comes when (on that URL) you change the username to a different one (as you are supposed to), and click on Add User
you get the
AttributeError: 'NoneType' object has no attribute 'rstrip'
line 133, in user_add: base = base.rstrip("'")
problem probably is on that URL change when the error appears
Users are not being created in the proper OUs, instead are created in the root
El WebManager debe mostrar la mayor cantidad de información posible sin necesidad de tener que recurrir a los logs ni al acceso directo del AD. Todos estos datos son necesarios para el control y la transparencia en la administración de forma general, también puede ser usado para crear filtros que ayudan mucho en varias funciones.
Los siguientes atributos considero que son los principales, pero no quita que se puedan mostrar otros datos, recuerda que mientras más información tenga el admin en el WebManager mejor. Los valores de estos datos deben ser mostrados en el directorio de usuarios, se debe adicionar una columna para mostrar el valor de las variables en cada usuario.
cUJAEDataProvider
, cUJAEPersonType
, whenCreated
, whenChanged
Destaco que, en el caso de la variable cUJAEDataProvider
, de forma automática muestra Sigenu o Asset pero en el caso de esta columna también debe reflejar cuando se crea manualmente una cuenta. No estoy claro si ese dato se registra en ese mismo atributo, no he podido revisar el AD para confirmar. Esto es super importante a la hora de poder filtrar que cuentas son las que están creadas de forma manual. Esa columna podría llamarse Motor de Usuario siguiendo la terminología de otros sistemas y como resultado debe mostrar uno de los siguientes datos, ** Sigenu**, Asset o Manual.
La siguiente columna muestra el año en curso de los estudiantes, cUJAEStudentCourse
o cUJAEStudentYear
no estoy seguro cual de los atributos da ese resultado.
Las columnas en el listado cuando accedemos al OU pueden quedar de la siguiente forma.
Nombre Completo | Usuario | Motor de Usuario (cUJAEDataProvider) | Tipo de Persona (cUJAEPersonType) | Año | Fecha de Creación (whenCreated) | Fecha de Modificación (whenChanged) | Tipo de Cuenta | Estado
Hello there,
Installed the software and am able to see this url fine:
However, when I click Users I get this :
KeyError
KeyError: 'objectClass'
Traceback (most recent call last)
File "/SM_DATA/working/adwebmanager/venv/lib/python3.10/site-packages/flask/app.py", line 2091, in __call__
return self.wsgi_app(environ, start_response)
File "/SM_DATA/working/adwebmanager/venv/lib/python3.10/site-packages/flask/app.py", line 2076, in wsgi_app
response = self.handle_exception(e)
File "/SM_DATA/working/adwebmanager/venv/lib/python3.10/site-packages/flask/app.py", line 2073, in wsgi_app
response = self.full_dispatch_request()
File "/SM_DATA/working/adwebmanager/venv/lib/python3.10/site-packages/flask/app.py", line 1518, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/SM_DATA/working/adwebmanager/venv/lib/python3.10/site-packages/flask/app.py", line 1516, in full_dispatch_request
rv = self.dispatch_request()
File "/SM_DATA/working/adwebmanager/venv/lib/python3.10/site-packages/flask/app.py", line 1502, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
File "/SM_DATA/working/adwebmanager/libs/ldap_func.py", line 630, in _decorator
return view_func(*args, **kwargs)
File "/SM_DATA/working/adwebmanager/plugins/tree.py", line 84, in tree_base
entries = get_entries("top", "objectClass", base, scope)
File "/SM_DATA/working/adwebmanager/plugins/tree.py", line 166, in get_entries
other_entries = sorted(other_entries, key=lambda entry: entry['name'])
File "/SM_DATA/working/adwebmanager/plugins/tree.py", line 165, in <lambda>
other_entries = filter(lambda entry: 'user' not in entry['objectClass'], entries)
KeyError: 'objectClass'
The debugger caught an exception in your WSGI application. You can now look at the traceback which led to the error.
To switch between the interactive traceback and the plaintext one, you can click on the "Traceback" headline. From the text traceback you can also create a paste of it. For code execution mouse-over the frame you want to debug and click on the console icon on the right side.
You can execute arbitrary Python code in the stack frames and there are some extra helpers available for introspection:
dump() shows all variables in the frame
dump(obj) dumps all that's known about the object
http://192.168.9.133:8080/tree brings up a similar error.
I am using samba-ad-dc and using samba as my ldap environment not OpenLDAP.
Any ideas of how to troubleshoot this? I am using LDAP / AD logins successfully with many other products.
Thanks.
Jay
CompuMatter / ServerMatter
Add the contract information in the case of workers, what type of contract and if the end date is temporary.
This is intended for the user to have absolute knowledge of how long they will have the service.
This project currently has no license. Without a license, there are no assumptions that can be made about what anyone is allowed to do with the code. Is there a chance a license could be applied to this project?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.