Open-AudIT

Nick, these are my testing results for the LDAP auditing feature with IE 7/Firefox 3
1. (Using IE 7) I Added a LDAP connection, tested it, saved it from the General section and it was added to the OA ldap_connections table
2. Returning to the LDAP section, it didn't showed the previously added connection (although existing on db), only the initial message "No LDAP connections defined" was showed, so I readded it, but same issue (even refreshing the window). Closing the browser window and logging in again, 2 connections were there, so I suspect an IE bug for the related javascript code. It was confirmed from Firefox 3 not having the issue.
3. (Using Firefox instead), I deleted the 2nd connection and added a LDAP path (full domain). No issues at all, it was updated on-screen immediately.
4. I run on the OA server, from the oa site path (I have %programfiles%\php in the %path% environment variable)
[code]
php ldap_audit_script.php
[/code]
The script raised 4 errors regarding not having enabled on the php.ini
[code]
allow_call_time_pass_reference = On
[/code]
I enabled it (although it's deprecated, I use PHP 5.2.1.1), restarted IIS, then run with success the ldap audit script, which populated the db with computers/users from the domain.
So:
- could you please try fixing the IE bug?
- is allow_call_time_pass_reference = On strictly necessary?

Thank you

_________________
Edoardo

[quote="ef"]
- could you please try fixing the IE bug?
- is allow_call_time_pass_reference = On strictly necessary?
Thank you

_________________
Cheers, Nick.

[size=85]OA Server: Windows Server 2003 / Apache 2
Auditing: 1600 Workstations, 200 Servers
OS's: Windows XP / Windows 2000 / Windows 2003 Server / Windows Vista
LDAP: Active Directory[/size]

pls disregard my previous queries.

only thing i need is to know how to disable debug mode? cause it passes the username and password in cleartext.

Thanks!

Jason

_________________
OA Deployment:
Windows 2003 with XAMPP install
80 Windows Servers
250 Windows workstations (mixed XP and 2000)
5 MACs
Multiple printers, switches, routers, firewalls, and other servers (ESX, AIX etc.)

In ldap_audit_script.php change line 35 to:
[code]$debugging=FALSE;[/code]

We should probably change that in SVN.

Cheers, Nick.

_________________
Cheers, Nick.

[size=85]OA Server: Windows Server 2003 / Apache 2
Auditing: 1600 Workstations, 200 Servers
OS's: Windows XP / Windows 2000 / Windows 2003 Server / Windows Vista
LDAP: Active Directory[/size]

I've updated to svn 1071. I successfully tested and added an LDAP Connection. It shows up as with the pretty little icon and our Domain name as q link, but for the life of my I can't find any "Add New Path" link. I've tried with IE7, FF3 on two different machines.

Any advice as to where I might start looking to troubleshoot. I've glanced through the source on both the admin_config.php and admin_config.js files but I'm not really sure what I'm looking for.

Thanks in advance.

[quote="NickBrown"]Andrew,

If you look at the system names in the viewdef - systems that have been audited are hyperlinked, those that haven't been aren't.

Cheers, Nick.

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]

[quote="wazoqaz"]I've updated to svn 1071. I successfully tested and added an LDAP Connection. It shows up as with the pretty little icon and our Domain name as q link, but for the life of my I can't find any "Add New Path" link. I've tried with IE7, FF3 on two different machines.

Any advice as to where I might start looking to troubleshoot. I've glanced through the source on both the admin_config.php and admin_config.js files but I'm not really sure what I'm looking for.

Thanks in advance.

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]

[quote="wazoqaz"]I've updated to svn 1071. I successfully tested and added an LDAP Connection. It shows up as with the pretty little icon and our Domain name as q link, but for the life of my I can't find any "Add New Path" link. I've tried with IE7, FF3 on two different machines.

Any advice as to where I might start looking to troubleshoot. I've glanced through the source on both the admin_config.php and admin_config.js files but I'm not really sure what I'm looking for.

Thanks in advance.

_________________
Cheers, Nick.

[size=85]OA Server: Windows Server 2003 / Apache 2
Auditing: 1600 Workstations, 200 Servers
OS's: Windows XP / Windows 2000 / Windows 2003 Server / Windows Vista
LDAP: Active Directory[/size]

[quote="NickBrown"]What happens when you hover over the LDAP Connection icon? You should get a drop-down menu.

ef,

Regarding the IE caching bug - can you add the following to admin_config_data.php after line 14:
[code]header( "Expires: Mon, 20 Dec 1998 01:00:00 GMT" );
header( "Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT" );
header( "Cache-Control: no-cache, must-revalidate" );
header( "Pragma: no-cache" );
[/code]

Let me know if it makes a difference - it did for me.

Cheers, Nick.

_________________
Cheers, Nick.

[size=85]OA Server: Windows Server 2003 / Apache 2
Auditing: 1600 Workstations, 200 Servers
OS's: Windows XP / Windows 2000 / Windows 2003 Server / Windows Vista
LDAP: Active Directory[/size]

I've found some more bugs that will affect IE. In admin_config.js I've got some variables that haven't been defined as local scope, but should be because they conflict with global object variables of the same name that IE creates. The lines that need changing and what they need changing to are (essentially each line just needs "var " adding to the beginning to define the variable as local):

Line 125:
[code]var ldap_path_id = document.getElementById("popupmenu_id").innerHTML;[/code]
Line 148:
[code]var ldap_path_connection_id = document.getElementById("popupmenu_id").innerHTML;[/code]
Line 173:
[code]var ldap_path_audit_value = document.getElementById("ldap_path_audit").checked ? "1" : "0";[/code]
Line 197:
[code]var ldap_path_id = document.getElementById("popupmenu_id").innerHTML;[/code]
Line 221:
[code]varldap_connection_id = document.getElementById("popupmenu_id").innerHTML;[/code]
Line 245:
[code]var ldap_connection_id = document.getElementById("popupmenu_id").innerHTML;[/code]

_________________
Cheers, Nick.

[size=85]OA Server: Windows Server 2003 / Apache 2
Auditing: 1600 Workstations, 200 Servers
OS's: Windows XP / Windows 2000 / Windows 2003 Server / Windows Vista
LDAP: Active Directory[/size]

[quote="NickBrown"]I've found some more bugs that will affect IE. In admin_config.js I've got some variables that haven't been defined as local scope, but should be because they conflict with global object variables of the same name that IE creates. The lines that need changing and what they need changing to are (essentially each line just needs "var " adding to the beginning to define the variable as local):

[quote="wazoqaz"]I don't know if there were directly related to my problems, but I applied the changes anyway. Still no drop-menu for creating ad paths.

_________________
Cheers, Nick.

[size=85]OA Server: Windows Server 2003 / Apache 2
Auditing: 1600 Workstations, 200 Servers
OS's: Windows XP / Windows 2000 / Windows 2003 Server / Windows Vista
LDAP: Active Directory[/size]

[quote="NickBrown"]have you tried a completely clean new install? Into a new directory with a new database etc?

Nick, some progress: I added your 2 fixes to admin_config_data.php and admin_config.js (SVN rev. 1072) and now the adding of a LDAP path is automatically refreshed, not the adding of a LDAP connection (i.e. if I press "Save" after a successfull testing, nothing changes). I have to manually refresh the page to see the new LDAP connection previously added. As usual, FF doesn't have this issue.

Another question: what rights does the AD user account need to have to read all systems/users info? I noticed that a domain users member (not a domain admin) doesn't audit all users, just a subset, although the Authenticated Users - Read ACE on the domain is inherited.

_________________
Edoardo