Changes in 5.6.4

[FEATURE] Client/Server: Added Active Directory integration
[FEATURE] Client/Server: Added Event log Task
[FEATURE] Client/Server: Added error that is raised when no files are copied in Copy files Task. Change this new behavior in On error tab.
[BUGFIX] Client/Server: Fixed minor generic decryption problem
[BUGFIX] Server: Fixed V5R4M0 FTP raw interpretation
[BUGFIX] Server: Fixed problem with overwriting files in WebDAV Upload Task

Notes about Active Directory integration:

* the new features are located:
(1) in the Server settings where you activate allowance of Active Directory logon and where you also set which groups OR users that have access to VisualCron
(2) in the Server Manager where you create a Server connections. You need to create one connection and select "Use Active Directory logon"
(3) in the permissions window where you can see if it is an AD user and control the permissions for that user
* these features are in an early testing phase and we need your feedback to see if the basics are working. Please test by specifying both users and groups that are "allowed". * when a new user, that has not logged in before, logs in, the default permissions for this user is created.

We need to discuss here, in this post:

* errors that may arise
* should we create some default roles that you select is default for new logins? Which roles and permissions should those roles have?
* do we need to create our own roles and should we use these instead?
* more features around this like setting permissions on Jobs etc.

---

As mentioned in my original post a few key permissions would streamline management of VisualCron and remove obstacles to user delegation for various levels of support personnel:

1) Ability to prevent a user from seeing individual Jobs
2) Give a user the ability to completely manage/administrate individual Jobs
3) Give a user the ability to "Inactivate/Reactive" a Job or Task without giving the user Edit ability
4) Ability for a user to view all aspects/details of a Job or Task without giving them Edit ability

Thank you,

Hi,

In the client you can right click a job and select: Run Job 'jobname'.
You than get the option to run the job With or Without Conditions.

These two options are only available if you run the client and did not selected a task within a job. If you click the cross sign in front of a job and select a task, the option to run the job 'With' Conditions is gone.

I have version 5.5.5 running in production, and there the client always shows both options.

Regards,
Erik

---

Hi,

You can add the task 'List AD Object Paths' if you click on the add task button in the job, but you can't select it in the drop-down in the main settings tab of the task.

Furthermore the task names differs in both situations for the Active Directory. If you click on the add task button in the job, I see 'AD' in the task description, and in the drop-down in the main settings tab of the task the word 'AD' isn't there.
I think it should be a match.

Regards,
Erik

---

I tried to log in as an AD user into the client. Here is my feedback:

I wanted to add a AD user in the Manage server window. I tolled me to enable this feature in the settings->Logon tab.
I had to login to the client with a different user (used admin) to go to this tab.

The name of the tab is however: Users/Logon

I checked the Allow Active Directory Logon checkbox and clicked on 'Refresh lists'. The AD server was already filled in.

I found myself and checked the box in front of my name. I applied the settings.

In the 'User Permissions' I'm only able to add a AD user??? but I'm not able to add a user anymore because I have to enter a name. The only field enabled is the email address, so this isn't working at the moment.
If I edit a current local user, it is still telling me with the checkbox that it is a AD user, and I'm not able to change anything but the email address. Not the way it should be.

Now I wanted to add a user in the manage servers window, so I went there and added a Active Directory Logon. The username 'admin' is showing up in grey, and after adding this it looks like I have two admin users in the list. Cant see that one is for AD, and the 2nd username 'admin' isn't true.

I could login with the AD credentials and created a job. The 'Created By' username was empty. My Firt and Lastname are not filled in the AD for this user. You might want to put here the Username instead. This one is filled always.

Now if I go back to the User Permissions, there is an extra user permission. It's an empty line here.?? I think this is the one for the AD, but the GUI is handling it the same as before, only the field email address is active. I can however change permissions without having the message that I need to enter a name. If I change permissions here I can see they are working for the AD user.

This might not be an AD issue, but when I delete the user which I currently use in the client, I cannot disconnect myself anymore. The button is disabled due to the fact the user isn't there anymore.

If I delete the AD user in the 'Manage Servers' GUI, the empty line in the 'User Permissions' GUI is still there.

When I login with the AD user, I want to see my username in client. In the client one level higher than the jobs, you van see 'localhost - username'. This username should be the logged on AD username.

What might be an issue is that every logged on AD user has the same rights. This might be something to look at.

---
So, I an able to login with an AD user!

There are some things that need to be changed:
The GUI 'User Permissions' isn't working properly.
The Username in the GUI 'Manage Servers' should be something like [AD USER]. This name should match the name in the 'User Permissions' GUI.
The popup telling you the tab-name where to allow AD logon is not giving the right name.

I like the (default) role based setup. After applying a role you should be able to modify the rights. You might want to go for a different role, or a custom one. You can also use this for all the local users in VC. Than everything is role based. It is easy to clone a user, so rights are the same, but when you want to change rights for a few people, roles are easier.

regards,
Erik

Hope I tested it well and you can go on developing this.

---

Thanks for your feedback.

Some issues like the permissions Add are fixed here:

http://www.visualcron.co...osts&m=6583#post6583 

We also added filters for searching users/groups in AD in the above version.

Just wanted to remind you that Permissions for a users are added automatically when logging in the first time. However, we used the username for name if no firstname/lastname is specified in the above version.

You are not able to add an AD user from permissions Add dialog. You just login with that user once the user or group is allowed.

We do not fetch any local users - only us AD right now.

Please continue discussion on the above link.

---

As mentioned in my original post a few key permissions would streamline management of VisualCron and remove obstacles to user delegation for various levels of support personnel:

1) Ability to prevent a user from seeing individual Jobs
2) Give a user the ability to completely manage/administrate individual Jobs
3) Give a user the ability to "Inactivate/Reactive" a Job or Task without giving the user Edit ability
4) Ability for a user to view all aspects/details of a Job or Task without giving them Edit ability

Thank you,

Please continue discussion about permissions and roles here:

http://www.visualcron.co....aspx?g=posts&t=1424 

---

Hi

I have setup an AD user. The password box is grey when doing so which is fine as I would expect that the password will be the one in the AD.
But when I connect with my client, enter my username and my AD password it doesn't work : i have to put a blank password which isn't exactly the behaviour expected.
What am I doing wrong?

Thanks

Hi

I have setup an AD user. The password box is grey when doing so which is fine as I would expect that the password will be the one in the AD.
But when I connect with my client, enter my username and my AD password it doesn't work : i have to put a blank password which isn't exactly the behaviour expected.
What am I doing wrong?

Thanks

The idea with AD integration is that you don't need to use a username or password. VisualCron uses the logged in user.

If you have setup AD integration correctly in VisualCron you should not have to enter username/password at all.

---

A user found a security issue in Active Directory logon which is fixed in a version attached to this post:

http://www.visualcron.co....aspx?g=posts&t=1462 

---