Topic: User-Manager Open to the World

[Smitro]

Hi all,

Is there a way to make User-Manager (https://server-name/user-manager/) accessable to the world?

There is posts on this, but those posts indicate adding 0.0.0.0 as a local network, thus making the server thing the whole world is a local network. I don't want to risk this security. I don't want to make my Server-Manager open. I want user-manager only.

This has been done in version 6 there was an upgrade/contrib for horde that did this. It added it in as an option in Horde. Over 80% of my users are external, and they are not expert enough to use putty to tunnel (yes I know how to, but they don't).

I know a little about Apache, so I might be able to figure this out and help others, just need to know where to start looking.

Can anyone help?

[egerards]

A way to achieve this would be the following:

- Edit /etc/e-smith/templates/etc/httpd/conf/httpd.conf/92ProxyPassUser
- Locate the block:

Code: [Select]

ProxyPass /user-manager http://127.0.0.1:980/user-manager/
<Location /user-manager>
    SSLRequireSSL
    order deny,allow
    deny from all
    allow from $localAccess $externalSSLAccess
</Location>

and remove the lines:

Code: [Select]

   order deny,allow
    deny from all
    allow from $localAccess $externalSSLAccess
- Execute /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf and restart the webserver.

A more neat way would be to create a custom-template, but I'm not quite sure how such a custom-template should look like.

[mmccarn]

To use a custom template, just copy the original template to the corresponding folder under templates-custom, and edit it there.  If there is a custom template with the same name as a regular template, the custom template wins.

Code: [Select]


mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/

cd /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/

cp /etc/e-smith/templates/etc/httpd/conf/httpd.conf/92ProxyPassUser .

vi 92ProxyPassUser

(make the changes suggested by egerards)

/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf

/etc/init.d/httpd-e-smith restart
/etc/init.d/httpd-admin restart
(Note the "." at the end of the "cp" command, telling cp where to put the copy)

[Smitro]

Thanks this worked perfectly.

Only recommendation I would make is to use "pico" for the text editor instead of "vi" much easier to use. But that's just a personal preference (after spending about 15 mins just trying to work out how to exit)

[mmccarn]

vi 92ProxyPassUser

would become pico -w 92ProxyPassUser

The "-w" is important, and keeps pico from automatically wrapping long lines when you past them in...

[Smitro]

Thanks, I didn't realise it wrapped. Much appricated.

[stephen noble]

there is a db setting

http://www.dungog.net/sme/changelog/smeserver-userpanel-0.9-9.noarch.rpm.txt

* Fri Feb 11 2005 Stephen Noble <support@dungog.net>

- allow remote access to /user, with alt IP range from /server-manager access
-  /sbin/e-smith/db configuration set httpd-user 188.122.45.122
-  /sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
-  /etc/rc.d/init.d/httpd-e-smith restart
-  see also /sbin/e-smith/db configuration show httpd-admin for format
- [1.6.5-1]

[Smitro]

snoble,

Is there a way, that will enable my users to be on any IP address login to user manager over https. I have only local 2 users they rest are external and I'd prefer they changed their passwords themselves.

Something like this:
/sbin/e-smith/db configuration set httpd-user 0.0.0.0

But would this change access for the server manager?
if so, is there a way of keeping these separate?

[stephen noble]

httpd-user stopped working with the most recent change
it is not longer separate from the server-manager
check before and after httpd.conf if you want to try to get it to work again

and i think userpasswords has a bug at the moment
both regular and user-manager versions

[Smitro]

check before and after httpd.conf if you want to try to get it to work again

Do you mean using the method above first?

The Method above doesn't work any more, the templates have been changed around a bit since then. I've been looking through the template files and I'm not sure which one it would be that I should change. Maybe it's best if I wait till the bugs are ironed out..?

[stephen noble]

yes, if you can work around your problems

the most relevant is bug
http://bugs.contribs.org/show_bug.cgi?id=2455