Bug 35090 – UCS in Active Directory domain - Wizard

Bug 35090 - UCS in Active Directory domain - Wizard


Summary:	UCS in Active Directory domain - Wizard

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	UMC - AD Connector
Version:	UCS 3.2
Hardware:	Other Linux

Importance:	P5 enhancement (vote)
Target Milestone:	UCS 3.2-2-errata
Assigned To:	Alexander Kläser
QA Contact:	Felix Botner

URL:
Keywords:

Depends on:
Blocks:	34091
	Show dependency tree / graph

Reported:	2014-06-11 08:12 CEST by Stefan Gohmann
Modified:	2014-08-07 18:07 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Stefan Gohmann

2014-06-11 08:12:27 CEST

We need a wizard for the connector setup. See ucs-3.2/component/ucs-in-ad-domain/univention-ad-connector

I think we should merge the current AD connector wizard / module with the new module. 

+++ This bug was initially created as a clone of Bug #34091 +++

It should be possible to run UCS as part of an Active Directory domain. In this case UCS must not provide Kerberos, DNS or Samba domain controller functionality.

The synchronization of users, groups and computers will be done through the UCS AD connector. A password synchronization is not necessary, we will add an overlay module for OpenLDAP which uses the AD Kerberos as password verification backend for simple LDAP bind.

The UCS system should able to provide Samba shares.

Synchronized objects should be marked as synced (objectsuniventionObjectFlag: synced). In the default read mode of the connector it should not be possible to modify the synchronized attributes. The UDM modules property extension should be extended, for example "readonly_when_synced: True", default is False. Furthermore the object creation via UMC should display a warning that this object will not synchronized to AD.

Comment 1 Stefan Gohmann

2014-07-01 09:36:15 CEST

We need a command line tool to start the wizard in a test setup like:
 test/ucs-ec2-tools$ ls examples/jenkins/utils/schoolinstaller.py

Comment 2 Stefan Gohmann

2014-07-04 06:02:53 CEST

(In reply to Stefan Gohmann from comment #1)
> We need a command line tool to start the wizard in a test setup like:
>  test/ucs-ec2-tools$ ls examples/jenkins/utils/schoolinstaller.py

There is already such a tool:
 univention-ad-member

See Bug #35091#c1, the configuration tool must allow the upload of the AD root certificate.

Comment 3 Stefan Gohmann

2014-07-04 06:52:36 CEST

The wizard should uninstall univention-samba4 if it is installed.

Comment 4 Dirk Wiesenthal

2014-07-30 14:46:13 CEST

Note: Wizard's "back" (why is this visible anyway?) and "abort" buttons do not work on the very first page.

Comment 5 Dirk Wiesenthal

2014-07-30 22:11:12 CEST

Hmmmm... I accidently entered UCS' own IP. At first it worked... but then the join failed. "Verify that username/password are correct"

Comment 6 Alexander Kläser

2014-07-31 14:13:14 CEST

See changelog below. Open points are:
* translations
* incomplete JavaScript logic with wizard button handling
* images on wizard pages
* the radio button for the member mode should be pre-selected
* the button for enabling/disabling the password service should be removed for the member mode case

univention-ad-connector (8.0.17-59):
Bug #35090:
* Automatically add a host static entry in the connector configuration
* Added translations [WIP]
* Fixed jslint errors, removed unneeded parts

Comment 7 Alexander Kläser

2014-07-31 14:13:41 CEST

Another open point:
* Piwik infos

Comment 8 Alexander Kläser

2014-07-31 18:59:28 CEST

All remaining open points should have been addressed now:

univention-ad-connector (8.0.17-62):
Bug #35090:
* added piwik topic publishing
* adjusted texts and added translations
* pre-select AD member mode on start page
* hide start/stop buttons for password service + fixed backend function
* added missing images
* enable 'cancel' button
* fixed some internal page navigation logic
* added hint to allow port for password sync on windows
* added target="_blank" for UMCP based download links on IE
* automatically advance in (connector config) wizard after uploading AD
  root certificate

Comment 9 Stefan Gohmann

2014-08-01 07:28:46 CEST

Please add the server name to this sentence:

Die MSI Dateien sind die Installationsdateien für den Passwort-Dienst und können per Doppelklick gestartet werden.

For example:

Die MSI Dateien sind die Installationsdateien für den Passwort-Dienst und können auf dem Server admaster per Doppelklick gestartet werden.

Please also add a short note to the YAML file.

Comment 10 Alexander Kläser

2014-08-01 13:51:12 CEST

(In reply to Stefan Gohmann from comment #9)
> Please add the server name to this sentence:
> 
> Die MSI Dateien sind die Installationsdateien für den Passwort-Dienst und
> können per Doppelklick gestartet werden.
> 
> For example:
> 
> Die MSI Dateien sind die Installationsdateien für den Passwort-Dienst und
> können auf dem Server admaster per Doppelklick gestartet werden.
> 
> Please also add a short note to the YAML file.

FIXED. I submitted the following adaptation:

"The MSI files are the installation files for the password service. The installation can be started on the Active Directory domain controller by double clicking on it."

Package is building.

univention-ad-connector (8.0.17-63):
* Bug #35090: text adaptations

Comment 11 Alexander Kläser

2014-08-01 13:58:44 CEST

YAML file has been updated.

Comment 12 Felix Botner

2014-08-01 15:59:27 CEST

OK

Comment 13 Janek Walkenhorst

2014-08-07 18:07:46 CEST

http://errata.univention.de/ucs/3.2/162.html