Forums

Resolved
0 votes
Hi,

Following an unknown bug of the software,
https://www.clearos.com/clearfoundation/social/community/error-when-adding-user#COM_EASYDISCUSS_REPLY_PERMALINK-274951

While I can add a user to ClearOS, but when I try to add it to the existing groups, for instance, I followed what my other accounts are in:
usermod -a -G allusers,openvpn_plugin,user_certificates_plugin,domain_users newuser

Then, after a system reboot, executing
groups newuser
does not show any change about the group it is in.

Is there some particular mechanism somewhere in ClearOS I need to use when adding a user to groups?
The purpose is for allowing this user to access OpenVPN and LAN via WAN.
In Users
Sunday, October 27 2019, 09:00 PM
Share this post:
Responses (3)
  • Accepted Answer

    Wednesday, October 30 2019, 11:05 AM - #Permalink
    Resolved
    0 votes
    I've had a message from a dev who helped someone to do something similar with the program clearos_user (type "clearos_user -h"). Change:
    $user_factory = new User_Factory();
    $user = $user_factory->create($options['u']);
    to:
    $user_factory = new User_Factory();
    $user = $user_factory->create($options['u']);
    $group_memberships['pptpd_plugin'] = TRUE;
    $user->set_group_memberships($group_memberships);

    This would, as an example, add the user to the pptpd_plugin group.

    Another change:
    $user_info['extensions'] = array();
    $user->add($user_info, $options['p']);
    to:
    $user_info['plugins']['web_proxy'] = array ('state' => 1);
    $user_info['extensions'] = array();
    $user->add($user_info, $options['p']);

    would enable a plugin (in this case, web proxy), when updating a user.

    He also says that, ideally, the script would be enhanced by adding a -g flag along with the group you wanted the user to belong to and maybe other flags like --web-proxy, to automatically add them to an extension.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, October 28 2019, 03:44 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    Like Users, Group membership is stored in LDAP so it is LDAP you need to modify rather than traditional group manipulation utilities. Normally this is done through the webconfig. I guess it would be possible to use phpLDAPadmin or other LDAP editing utilities.

    Note that if you are manipulating OpenVPN access, you'll also need to manipulate User Certificate membership.


    Thanks Nick for the suggestions, I will look into this.
    The reply is currently minimized Show
  • Accepted Answer

    Sunday, October 27 2019, 09:28 PM - #Permalink
    Resolved
    0 votes
    Like Users, Group membership is stored in LDAP so it is LDAP you need to modify rather than traditional group manipulation utilities. Normally this is done through the webconfig. I guess it would be possible to use phpLDAPadmin or other LDAP editing utilities.

    Note that if you are manipulating OpenVPN access, you'll also need to manipulate User Certificate membership.
    The reply is currently minimized Show
Your Reply