Bug 32698 - Design of AD connector download site
Design of AD connector download site
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: AD Connector
UCS 3.1
Other Linux
: P5 enhancement (vote)
: UCS 3.2
Assigned To: Florian Best
Dirk Wiesenthal
: interim-3
Depends on: 31700
Blocks: 33152
  Show dependency treegraph
 
Reported: 2013-09-26 16:48 CEST by Stefan Gohmann
Modified: 2013-11-19 06:42 CET (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Design
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2013-09-26 16:48:21 CEST
The AD connector download site must be adapted too.


+++ This bug was initially created as a clone of Bug #31700 +++

The UCS overview site http://<Server IP> should be revised. The interface for 3rd party apps should be compatible at least for UCS 3.2.
Comment 1 Florian Best univentionstaff 2013-10-08 15:26:14 CEST
The download site has been removed. The download links are now integrated into the UMC module. The private.key and cert.pem are delivered via UMCP. The links to these files are only shown if the configuration was completed.
Comment 2 Florian Best univentionstaff 2013-10-09 15:23:00 CEST
QA: when updating from 3.1 and under 3.1 a host was configured there exists a .htaccess file in /var/www/univention-ad-connector. This will be removed when updating.
The QA person should also do QA for Bug #31990.
Comment 3 Stefan Gohmann univentionstaff 2013-10-16 23:34:30 CEST
I'm unable to download the private.key and cert.pem file. I get a 404.
Comment 4 Stefan Gohmann univentionstaff 2013-10-16 23:42:21 CEST
(In reply to Stefan Gohmann from comment #3)
> I'm unable to download the private.key and cert.pem file. I get a 404.

The MSI installer can be downloaded. Maybe a problem with permissions?
Comment 5 Florian Best univentionstaff 2013-10-18 14:13:05 CEST
(In reply to Stefan Gohmann from comment #4)
> (In reply to Stefan Gohmann from comment #3)
> > I'm unable to download the private.key and cert.pem file. I get a 404.
> 
> The MSI installer can be downloaded. Maybe a problem with permissions?
The attemp with the UMCP-command was the wrong way because the JSON document have been wrapped around the files (UMCP does not support a mimetype for responses). It was not able to download that file with JS/Dojo with keeping the filename+extension on IE8. So, now there are buttons for both files which are sending the same UMCP request as before which responds with a temporary URL now. This URL is afterwards opened. The temporary file will be deleted from the filesystem after 30 seconds. Also access is only granted to the user "www-data".
Comment 6 Dirk Wiesenthal univentionstaff 2013-10-25 11:46:43 CEST
Not so sure how much is your patch and how much was already broken.

Could you please fix:
_ = Translation('univention-management-console-module-top').translate
showHide the buttons when not yet configured
When downloading cert.pem, private.key a new window is opened and stays open. Is it possible to autoclose it (or not open at all)?
Comment 7 Florian Best univentionstaff 2013-10-25 14:56:36 CEST
(In reply to Dirk Wiesenthal from comment #6)
> Could you please fix:
> _ = Translation('univention-management-console-module-top').translate
Hmm, there have never been a backend translation since existance of module…
→ fixed

> showHide the buttons when not yet configured
→ fixed

> When downloading cert.pem, private.key a new window is opened and stays
> open. Is it possible to autoclose it (or not open at all)?
Hmm, the technical possibility is there, (window.close()) but when? If it will be closed the user cannot download the file :/
Comment 8 Dirk Wiesenthal univentionstaff 2013-10-25 15:12:14 CEST
Die Ausführung des Kommandos adconnector/save ist fehlgeschlagen:

Traceback (most recent call last):
  File "/usr/lib/pymodules/python2.6/univention/management/console/modules/__init__.py", line 204, in execute
    func( request )
  File "/usr/lib/pymodules/python2.6/univention/management/console/modules/decorators.py", line 178, in _response
    return function(self, request)
  File "/usr/lib/pymodules/python2.6/univention/management/console/modules/adconnector/__init__.py", line 166, in save
    self._create_certificate(request)
AttributeError: 'Instance' object has no attribute '_create_certificate'
Comment 9 Florian Best univentionstaff 2013-10-25 15:21:10 CEST
Indentation error ;) (fixed without testing) package not built, dimma is down…
Comment 10 Dirk Wiesenthal univentionstaff 2013-10-28 12:00:49 CET
1.
<a target="_blank" ...>
->
<a ...>

=> No new tab is opened and then closed immediately

=========

2.
Instead of a "cert.pem" button, maybe something like: "Generate cert.pem and private.key" button which adds two (native) links to cert.pem and private.key? Add a timer that resets this box in 30 seconds (as the files are deleted by then).

In this case a text (breaking the <ul> list in two parts (public/private)) could be helpful: "There are two more files that need to be copied into the installation directory of the password service." + "These files are available after successful configuration"/"Click on the button below to get access to these files"

=========

3. The rights of cert.pem and private.key for www-data changed from "r" to "rw".
Comment 11 Florian Best univentionstaff 2013-10-28 13:22:51 CET
I fixed UMC so that the serving of files with mimetype != application/json works again.

The links are now static again.

univention-management-console (6.0.19-1) unstable; urgency=low
 * Bug #32698: fix possibility to response with content types !=
      application/json

univention-ad-connector (8.0.14-1) unstable; urgency=low
 * Bug #32698: serve private keys via UMCP
Comment 12 Florian Best univentionstaff 2013-10-29 15:14:09 CET
I fixed another problem when trying to access /univention-ad-connector/*.
Comment 13 Florian Best univentionstaff 2013-10-30 14:45:33 CET
After updating /var/www/univention-ad-connector/cert.pem still exists.
Comment 14 Florian Best univentionstaff 2013-10-30 16:02:36 CET
(In reply to Florian Best from comment #13)
> After updating /var/www/univention-ad-connector/cert.pem still exists.
cert.pem and private.key will now be deleted on update.
Comment 15 Dirk Wiesenthal univentionstaff 2013-11-04 14:37:53 CET
After updating from UCS 3.1 to UCS 3.2:
  http://10.200.4.125/umcp/command/adconnector/cert.pem -> {"status": 400, "message": "Das Kommando ist fehlgeschlagen: File does not exists"}

This error message is displayed as text, i.e. UMC is (browser) history!
Comment 16 Stefan Gohmann univentionstaff 2013-11-04 17:04:55 CET
(In reply to Dirk Wiesenthal from comment #15)
> After updating from UCS 3.1 to UCS 3.2:
>   http://10.200.4.125/umcp/command/adconnector/cert.pem -> {"status": 400,
> "message": "Das Kommando ist fehlgeschlagen: File does not exists"}
> 
> This error message is displayed as text, i.e. UMC is (browser) history!

As discussed, I'm unable to reproduce this error.
Comment 17 Dirk Wiesenthal univentionstaff 2013-11-06 15:10:28 CET
(In reply to Stefan Gohmann from comment #16)
> (In reply to Dirk Wiesenthal from comment #15)
> > After updating from UCS 3.1 to UCS 3.2:
> >   http://10.200.4.125/umcp/command/adconnector/cert.pem -> {"status": 400,
> > "message": "Das Kommando ist fehlgeschlagen: File does not exists"}
> > 
> > This error message is displayed as text, i.e. UMC is (browser) history!
> 
> As discussed, I'm unable to reproduce this error.

Okay, due to misconfiguration in the first place
Comment 18 Stefan Gohmann univentionstaff 2013-11-19 06:42:10 CET
UCS 3.2 has been released:
 http://docs.univention.de/release-notes-3.2-en.html
 http://docs.univention.de/release-notes-3.2-de.html

If this error occurs again, please use "Clone This Bug".