Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Fri Mar 29, 2024 10:50 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 68 posts ]  Go to page Previous  1, 2, 3, 4, 5  Next
Author Message
PostPosted: Sat Oct 18, 2008 5:43 pm 
Offline
Open-AudIT Fellow

Joined: Thu May 17, 2007 5:47 pm
Posts: 568
Location: Italy
[quote="NickBrown"]In ldap_audit_script.php change line 35 to:
[code]$debugging=FALSE;[/code]

We should probably change that in SVN.

Cheers, Nick.

Added to SVN rev. 1073

_________________
Edoardo


Top
 Profile  
Reply with quote  
PostPosted: Mon Oct 20, 2008 6:59 pm 
Offline
Helper

Joined: Thu Dec 08, 2005 6:33 pm
Posts: 87
Location: Germany, BaW
[quote="wazoqaz"][quote="NickBrown"]have you tried a completely clean new install? Into a new directory with a new database etc?

I was thinking the exact same thing as I was driving home. It will have to wait until Monday. As soon as I get a chance to try it I'll let you know. Hopefully we can figure this out as I'm really looking forward to trying this feature.

I´ve got the same problem on my ubuntu-oa-server.
On my windows server all works fine.

_________________
OA Deployment:
w2k3 R2 with XAMPP install
Windows Servers incl. VM
Windows workstations (XP and Vista, 7)
Multiple printers, switches, routers, firewalls
ADS 1HQ and 20 branches
-------------------
OAv2
w2k8 R2 with XAMPP install


Top
 Profile  
Reply with quote  
PostPosted: Mon Oct 20, 2008 11:19 pm 
Nick,
So I built a completely new install of OA. I downloaded a clean copy of svn 1076. Still having the same problem. I can create a connection, but no dropdown for creating path. I'm running php 5.1.6 on Apache 2 on CentOS 5 if that matters. I'm pretty clueless as to what to try next to try to get the dropdown menu.

If possible, I could just write the configuration directly into the tables to create the path. That way I could test the functionality while we still tried to get the interface working. If you can provide the structure of an entry so that I could try that would be great.


Top
  
Reply with quote  
PostPosted: Tue Oct 21, 2008 12:46 am 
Offline
Contributor

Joined: Fri Jul 28, 2006 6:30 am
Posts: 157
Location: London
[quote="wazoqaz"]Nick,
So I built a completely new install of OA. I downloaded a clean copy of svn 1076. Still having the same problem. I can create a connection, but no dropdown for creating path. I'm running php 5.1.6 on Apache 2 on CentOS 5 if that matters. I'm pretty clueless as to what to try next to try to get the dropdown menu.

If possible, I could just write the configuration directly into the tables to create the path. That way I could test the functionality while we still tried to get the interface working. If you can provide the structure of an entry so that I could try that would be great.


To create an LDAP connection, use the following URL (replace bold with your own values):
admin_config_data.php?sub=f3&ldap_connection_server=yourservername&ldap_connection_user=yourldapusername&ldap_connection_password=yourldappassword

Make a note of the ldap_connections_id of the created record in ldap_connections. Then, to create an LDAP path, use the following URL:
admin_config_data.php?sub=f7&ldap_path_connection_id=idyoujustcreated&ldap_path_dn=DNofyourOUtoaudit&ldap_path_audit=1

I'd still like to get to the bottom of your problem, though. Can you enable javascript debugging in IE and see if it throws an error?

Cheers, Nick.

_________________
Cheers, Nick.

[size=85]OA Server: Windows Server 2003 / Apache 2
Auditing: 1600 Workstations, 200 Servers
OS's: Windows XP / Windows 2000 / Windows 2003 Server / Windows Vista
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Tue Oct 21, 2008 3:23 am 
[quote="NickBrown"]Can you enable javascript debugging in IE and see if it throws an error?
Cheers, Nick.


I did enable debugging (first time I've ever done this), and it does through an error.

[code]A Runtime Error has occurred.
Do you wish to Debug?

Line: 0
Error: Object expected[/code]

When I click yes and open the debuugger. It asks if I want to break or continue with a MS JScript runtime error: Object expected error. In the main window it has a little yellow error on the second line (that starts with <html xmlns=....

When I continue it just loops there forever..

If you need additional info you'll have to step me through what you want done as I've debugged anything in IE.

Top
  
Reply with quote  
PostPosted: Tue Oct 21, 2008 6:46 pm 
Offline
Contributor

Joined: Fri Jul 28, 2006 6:30 am
Posts: 157
Location: London
[quote]I did enable debugging (first time I've ever done this), and it does through an error.

[code]A Runtime Error has occurred.
Do you wish to Debug?

Line: 0
Error: Object expected[/code]

When I click yes and open the debuugger. It asks if I want to break or continue with a MS JScript runtime error: Object expected error. In the main window it has a little yellow error on the second line (that starts with <html xmlns=....


That's odd, I wouldn't expect to see anything of that nature in javascript code. Could you perhaps PM me a screenshot of the debugger in action?

Cheers, Nick.

_________________
Cheers, Nick.

[size=85]OA Server: Windows Server 2003 / Apache 2
Auditing: 1600 Workstations, 200 Servers
OS's: Windows XP / Windows 2000 / Windows 2003 Server / Windows Vista
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Thu Oct 23, 2008 6:22 am 
Offline
Contributor

Joined: Fri Jul 28, 2006 6:30 am
Posts: 157
Location: London
[quote="wazoqaz"]If you need additional info you'll have to step me through what you want done as I've debugged anything in IE.


Check out the fix in this thread - I suspect it might do the trick for you.
[url]http://www.open-audit.org/phpBB3/viewtopic.php?f=8&t=3026&p=13701#p13701[/url]

_________________
Cheers, Nick.

[size=85]OA Server: Windows Server 2003 / Apache 2
Auditing: 1600 Workstations, 200 Servers
OS's: Windows XP / Windows 2000 / Windows 2003 Server / Windows Vista
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Thu Oct 23, 2008 7:09 am 
[quote="NickBrown"]Check out the fix in this thread - I suspect it might do the trick for you.
[url]http://www.open-audit.org/phpBB3/viewtopic.php?f=8&t=3026&p=13701#p13701[/url]



That was it. It was the case sensitive nature of Linux that was the problem.

Top
  
Reply with quote  
PostPosted: Thu Nov 06, 2008 12:47 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
I have added a link to the Admin Menu, which will appear if you are using ldap. This allows you to run the LDAP Audit script from the menu, (on the web server, not the host).
I think there might be some benefit in coding a wrapper page, so we have better control of the results, but what I have done so far works well for me.

Update to SVN 1085 for this, then from the main menu, select Admin > Audit LDAP Directory.

(This menu item will be a blank line if you have not enabled LDAP support on the main Admin> Config page)

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Fri Nov 07, 2008 11:35 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Here's a little trick.

Download wget for windows from here...

http://users.ugent.be/~bpuype/wget/#download

(linux users may well be familiar with wget, as it is part of most distros, they can use a similar trick from a bash script).
Place this in the folder where you run your domain audit scripts, then create a batch file similar to this.

[code]
@echo off
rem Delete the old file
del ./ldap_audit_script.php
rem get the page in order to run the audit.
wget https://{myopenauditserver}/openaudit/ldap_audit_script.php --no-check-certificate --output-file = null
[/code]

(Change {myopenauditserver} to meet your needs. )

This will allow you to schedule an LDAP audit from the same workstation as your domain audit by running this batch file.

The code above uses wget to download the page, (ignores any certificate errors) and tries to make as little "mess" as possible by throwing away its output. It deletes the previous output each time it runs, otherwise wget will create fie1, file2, file3 etc every time it is run.

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Wed Dec 10, 2008 11:19 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
I have just added most of the remaining fields for Active Directory to the database, this involved a lot of cutting and pasting, can you guys check that I haven't introduced too many niggles, before I go on to alter the ldap_audit script. i.e. check the upgrade completes without breaking anything.

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Thu Dec 11, 2008 6:02 pm 
Offline
Open-AudIT Fellow

Joined: Thu May 17, 2007 5:47 pm
Posts: 568
Location: Italy
The update is OK. The only issue I see is the missing hyperlink on the full name and this notice in list_viewdef_ldap_users.php:
[code]
Notice: Undefined variable: ldap_full_details in ...\list_viewdef_ldap_users.php on line 35
[/code]
It's caused by the $ldap_full_details var. being defined as $full_details in include_config.php, so we need fixing lines 3,4 and 35 in list_viewdef_ldap_users.php.

_________________
Edoardo


Top
 Profile  
Reply with quote  
PostPosted: Thu Dec 11, 2008 7:36 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Its all still at the thinking stage, 'cos i haven't modded the php audit script to harvest the rest of these fields. Once I have this working, I will probably recode the user views.

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Thu Dec 11, 2008 10:52 pm 
Offline
Contributor

Joined: Fri Jul 28, 2006 6:30 am
Posts: 157
Location: London
Andrew,

Just picked up your PM and will reply when I've digested it. I have a question. What are we achieving by pulling all this AD data into OA? We can already pull this data directly from the "live" database (i.e. AD) when it's needed.

Cheers, Nick.

_________________
Cheers, Nick.

[size=85]OA Server: Windows Server 2003 / Apache 2
Auditing: 1600 Workstations, 200 Servers
OS's: Windows XP / Windows 2000 / Windows 2003 Server / Windows Vista
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Fri Dec 12, 2008 7:13 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
[quote="NickBrown"]Andrew,

Just picked up your PM and will reply when I've digested it. I have a question. What are we achieving by pulling all this AD data into OA? We can already pull this data directly from the "live" database (i.e. AD) when it's needed.

Cheers, Nick.


The data gives us the ability to track changes to the AD, things like last logon domain logon time of both the user and the machine, also since we are picking up info from more than one domain, we can now look up user and computer ldap details for all of the domains, rather than just the currently attached domain.

One final point, some people run multiple AD schemas, and audit each, merging the database, in this case the ldap audit script may be run from a domain which is not even a part of the current trust relationships or shcema, and thus we couldn't see any of these details directly.

Finally if I back up the database, and restore it at a future date I can see how things were at a particular time.

One additional feature I would like to add if possible is the ability to pull the AD printers also in to OA.

One little trick I just thought of, if we harvest the full details, it would be possible to recreate a user, or indeed a whole bunch of users in the AD (using a vbscript or whatever) even if some halfwit deletes them either accidentally or on purpose. One could even recreate some or all of the users and/or computers in an entirely new domain or forest.

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 68 posts ]  Go to page Previous  1, 2, 3, 4, 5  Next

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group