Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Akram

Pages: [1]
1
Ideas / Road Map of improvments
« on: April 30, 2013, 05:49:13 pm »
Feng Office is a great project. It has potential to be a great of Web Office. Since version 1.7 the progress was a slow paste. There are many things to add so it can be a super application. In this article I will talk about my ideas of how to improve Feng Office and make it as a road map.
 
1- Security
   Goals        To make tow types of admins: system/security admins (operator) and admins of   workspaces (workspace-wise contents and security)
             To add SSL feature and make it default/option
   Reason        To make the contents more secured and have more privacy
             How to Recode Super admins and admins so cannot view any workspace contents
             Recode Personal workspaces so it belong only to its owner and cannot be viewed by another one
             Add code for encryption so FengOffice encrypt contents in DB or OS File System
             Add Usage Quota for each workspaces, default is 0 (unlimited)
             Recode accoun that a user who can add users cannot create user with the same level only types below. ex: Admin cannot create admin, same to managers
             Add the ability to users to change their LDAP password
             Add a property to user object (Yes/No) If LDAP present, users will be authenticated only by LDAP. Yes is default to all users except Super Admin
             Recode so there is only one super admin in the system

2- Internationalization
   Goals     More Internationalization support
   Reason     RTL languages has no support in the interface or reports, custom fields are not multilingual
   How to    Recode to move all CSS to theme folder (some CSS properties specially that define the language direction are coded outside the theme)
          Add Language Direction (TRL/RTL) field when define language
          Recode CSS/HTML themes and Reports Creation to switch the right language direction based on Direction Field
          Add file based translation for Custom Properties just like a typical language file

3- Task Management
   Goals    To enhance task workflow
   Reason    Task needs two types of workflows one is circulations workflow (free style) and predefined workflow system to make the office more productive
   How to    Add check box on Tasks tabs to allow circulation workflow. Freestyle can only be from workspace manger to another space manager, from manger  to another user in the same space or vise versa
         Add Steps to Templates
         Add step has linkable objects, duration, task info, next steps list, custom fields, date and time, duration
         Add database link for custom field and add picture field type
         Add Custom Properties object type to Templates
         Add automatic actions to step like sending email or moving to a next step based on value of custom feilds

4- More DMS/ECM
   Goals    To enhance DMS feature so Feng Office can be a real DMS platform
   Reason    No document viewer, no folders and subfolders in Documents, no WebDAV/SharePoint/CMIS support, Barcode, Spredsheet, no metadata on doc
   How to    Add subfolder for documents
         Add separate meta-data for documents and subfolders and include bar coding as standard metadata
         Add passing values from Feng Office to CK editor document like dates/contact names/reports/task info.....
         Add WebDav function
         Add Spread sheets, and document viewer for PDF/Graphics files/MS Office/OpenOffice
         Add CMIS (server/client)
         Add SharePoint service so Feng Office act as SharePoint server

5- Portal
   Goals    To make workspace as portal
   Reason    Workspaces are great features but one missing feature is workspace portal.
   How to    Add Public tab to each workspace. By default, every user is allowed to view this tab. public information is just linked objects of space repository
         Add functionality to organize Public tab
         
6- Import/Export
   Goals    To make Feng Office
   Reason    No user import/export, no auto user grab from LDAP directory.
   How to    Add Export/Import page to administrator Tab
         Add Auto Import LDAP users check box
         Add Export and    Import users controls

7- More Project Management
   Goals    To make Feng Office
   Reason    No user import/export, no auto user grab from LDAP directory.
   How to    Add PM fields like budgets and resources to workspace
         Add resource management

8- More API
   Goals    To expand the API
   Reason    API has very few and limited functionality
   How to    Expand object api specially documents and workflow

9- The Studio
   Goals    To ease creating plugins and add new functionality to Feng Office
   Reason    No visual creating of plugins
   How to    Add the function mentioned in the WIKI that described how to do studio

Road map
Version    Feature
2.4       Security
2.5       Internationalization
2.6       Export/Import
3.0       Task Management
4.0       More DMS/ECM
4.2       More DMS/ECM
4.5       More DMS/ECM
5.0       Portals
6.0       More Project Management
6.2       More overall enhancement
6.5       More overall enhancement
6.7       More overall enhancement
7.0       More API
7.2       The studio

2
Getting Started / Problem in 1.7.5 with sub types
« on: January 31, 2012, 07:00:21 pm »
I am using 1.7.5 and everything is ok so far except on problem:
Feng Office does not allow UTF-8 such as Arabic charachters to be stored in Sub type name. After saving the name with UTF-8 it replies with succesful message but when I get back to subtype again it does not show the new entries I made instead shows "null" and no list. I checked the database and the entries stored correctly. I have to change the names in the databse to western letter so the system show the list of subtypes.
Can some one help me. It seems to me a bug!

3
Getting Started / Re: LDAP logout white screen
« on: September 27, 2010, 07:36:05 pm »
INet/LDAP2 is totally new to me. But it can be done through Net/LDAP2.

We have to build two or there functions using Net/LDAP2.
You can visit
http://pear.php.net/package/Net_LDAP2/docs/latest/li_Net_LDAP2.html to see more on this

4
Getting Started / Re: LDAP logout white screen
« on: September 24, 2010, 12:30:45 pm »
"Watch out for little trick. if user is not listed in the domain, the user  can be added to the domain and someone use LDAP password to login and the user doesn't know what is happening"

It means. If you register the user in the domain that means there is one account has two working passwords managed differently by to two separate systems. For small orginization it may not mean anything. But for others specially for FO admin and domain admins are not the same it means security problem.

Net/LDAP2 is a very large scale class. It allows you to totally manage any LDAP.
I started to write a class for changing LDAP password this what I have figured out so far:

   function changeUserPWLdap($user, $password, $config) {
   
      // Connecting using the configuration:
      require_once "Net/LDAP2.php";
      
      $ldap = Net_LDAP2::connect($config);

      // Testing for connection error
      if (PEAR::isError($ldap))
         {return false;}
         
      $filter = Net_LDAP2_Filter::create($config['uid'], 'equals', $user);
      $search = $ldap->search(null, $filter, null);

      if (Net_LDAP2::isError($search))
         {return false;}
      
      if ($search->count() != 1)
         {return false;}
         
      $userEntries = $search->entries();
      
      $userEntry = $userEntry->replace( array( 'userPassword'   => $password));
      $userEntry->update();
      if( Net_LDAP2::isError($userEntry->upate()) )
         {return false;}
        return true;
           
      }

I ma still searching on how to do it. once this function is done. We can use it with the function I made isValidUserLdap to check in the process of changing password. We insert the code before changing password take place:
if isValidUserLdap then we fire changeUserPWLdap and quite otherwise we continue for local password. I need help.  Help  will be appreciated.

5
Getting Started / Re: LDAP logout white screen
« on: September 23, 2010, 07:17:35 pm »
I am sorry for my spelling.  your name is gman (not geman)
qoute from my previous post  "
To solve this:
1- We need to check the user account is domain or FO.
2- Modify the way the user change the password to allow the user change domain password from FO.

I hope someone help us in these two points. I will try to figure it out.

I think I can answer the first question

We need to add this class into User.Class.php file

   function isValidUserLdap($user, $config) {
   
      // Connecting using the configuration:
      require_once "Net/LDAP2.php";
      
      $ldap = Net_LDAP2::connect($config);

      // Testing for connection error
      if (PEAR::isError($ldap)) {
         return false;
      }
      $filter = Net_LDAP2_Filter::create($config['uid'], 'equals', $user);
      $search = $ldap->search(null, $filter, null);

      if (Net_LDAP2::isError($search)) {
         return false;
      }
      
      if ($search->count() != 1)
         {return false;}
         else {return true;}
      }

then we can modify previous authentication procedure

 if ($user->isCompanyAdmin(owner_company()))
      {$userIsValidPassword = $user->isValidPassword($password);}
      elseif (($config_ldap_is_set === true) && $user->isValidUserLdap($username,  $config_ldap))
         {$userIsValidPassword = $user->isValidPasswordLdap($username, $password, $config_ldap);}
         else {$userIsValidPassword = $user->isValidPassword($password);}

This way we know the use is domain or FO only. I will  test this class.

The second step is more challenging.

6
Getting Started / Re: LDAP logout white screen
« on: September 23, 2010, 06:35:17 pm »
geman
Quick answer. Try this. I haven't tested though.

   if ($user->isCompanyAdmin(owner_company()))
      {$userIsValidPassword = $user->isValidPassword($password);}
      elseif (($config_ldap_is_set === true) && $user->isValidPasswordLdap($username, $password, $config_ldap))
         {$userIsValidPassword = $user->isValidPasswordLdap($username, $password, $config_ldap);}
         else {$userIsValidPassword = $user->isValidPassword($password);}

This will allow even the LDAP users to login with their FO or LDAP passwords. Watch out for little trick. if user is not listed in the domain, the user  can be added to the domain and someone use LDAP password to login and the user doesn't know what is happening. This should be avoided.

To solve this:
1- We need to check the user account is domain or FO.
2- Modify the way the user change the password to allow the user change domain password from FO.

I hope someone help us in these two points. I will try to figure it out.

7
Getting Started / Re: LDAP logout white screen
« on: August 17, 2010, 11:21:16 am »
The code for making FO
1- admins only local
2- If LDAP fails due to configuration, connection or bad password/user the check local FO users

         if ($user->isCompanyAdmin(owner_company())) {
            $userIsValidPassword = $user->isValidPassword($password);
         }  else {
            if  (($config_ldap_is_set === true)  && ($user->isValidPasswordLdap($username, $password, $config_ldap)))  {
               $userIsValidPassword = $user->isValidPasswordLdap($username, $password, $config_ldap);
            } else {
               $userIsValidPassword = $user->isValidPassword($password);
            }
          }





8
Getting Started / Re: LDAP logout white screen
« on: August 16, 2010, 08:05:51 pm »
markc, I see how your setup is working. I mean the patch so local FO and LDAP working at the same time. But what  If admins are only local. In your situation if LDAP fails, you can check against local. However,  if LDAP admin is just a normal user of FO and FO admin is another guy. LDAP admin can gain access as an FO admin easily by just adding the same FO admin user name into the LDAP. I see this a security problem.
On the other hand, it is going to be interesting to combine my approach and yours so you can check normal users/passwords against  LDAP first then local and FO admins are only local. I will try to do that.

9
Getting Started / Re: LDAP logout white screen
« on: August 14, 2010, 05:59:18 pm »
I just figured out how to make FO admins local only and the rest LDAP. Just use this code in Line 109 of AccessController.class.php
 
         if($config_ldap_is_set === true) {
                        if ($user->isCompanyAdmin(owner_company())) {$userIsValidPassword = $user->isValidPassword($password);}
                    else {$userIsValidPassword = $user->isValidPasswordLdap($username, $password, $config_ldap);}
                        } else {
                          $userIsValidPassword = $user->isValidPassword($password);
                        }

I test it and works fine. I ama  VB programmer not PHP one. FO seems to have lots of handy classes.

 Thanks FO team.

I just wish that FO team document these classes so someone can use them or produce a web service to enhance FO. FO is in real need of a web service and plugin system and more devs documentation.

10
Getting Started / Re: LDAP logout white screen
« on: August 14, 2010, 09:46:35 am »
Thank you markc for your response

Yes I mean solution for keeping FO admins local. I tired the solution posted in the forum but it did not do it. It basicly reroutes password check to local for all users. IT is equal to LDAP set to false.

I am still having the logout white screen it is for admin accounts only, regular users are ok.

11
Getting Started / LDAP logout white screen
« on: August 11, 2010, 04:36:05 pm »
I installed FO 1.7 and enabled LDAP function with WIndows 2003 AD. For those of you getting problem with AD these are the settings I used to get AD uses login including all the uses in any OU:

      'binddn'    => 'CN=admin_user,CN=Users,DC=domain_part1,DC=domain_part2',
      'bindpw'    => 'user_pw',
      'port'      => 3268,
      'basedn'    => 'DC=domain_part1,DC=domain_part2',
      'host'      => 'ldap://domain_ip:3268',
      'password_encoding' => 'MD5',
      'uid'       => 'sAMAccountName'

There are one problem and one issue:
1- The problem is logout ends with white screen and does not even logout the user. so it keeps use session alive even if you go to main URL.
I am using LAMP turnkeylinux.org ubuntu with samba installed and registered in DNS and AD.

2- The issue is admin account now is an AD account and for security reason it should remains FO account even if admin accounts are listed in LDAP server. This is because AD admins are often not the same of FO admins and in cases they should be the same at all.  There is a solution for this: FO should check if the user is an admin then verify accounts locally or exit; otherwise continue normal authentication check whether LDAP true or false.

Pages: [1]