From dawsonka at chesterfield.ac.uk Tue Feb 1 10:06:23 2022 From: dawsonka at chesterfield.ac.uk (Kate Dawson) Date: Tue, 1 Feb 2022 10:06:23 +0000 Subject: [ZendTo] zendto-saml_1.0-1_all.deb doesn't install on Debian Bullseye References: Message-ID: Hi .. I think there may be a bug in the zendto-saml_1.0-1_all.deb package. When I go to install it on Debian 11 Bullseye, I get the following error Selecting previously unselected package zendto-saml. Preparing to unpack .../6-zendto-saml_1.0-1_all.deb ... dpkg: error processing archive /tmp/apt-dpkg-install-M7YSwI/6-zendto-saml_1.0-1_all.deb (--unpack): conffile name 'opt/zendto/simplesamlphp/config/acl.php' is not an absolute pathname Errors were encountered while processing: /tmp/apt-dpkg-install-M7YSwI/6-zendto-saml_1.0-1_all.deb E: Sub-process /usr/bin/dpkg returned an error code (1) I think this may be related to this change to dpkg https://www.mail-archive.com/debian-dpkg-cvs at lists.debian.org/msg07446.html I can work around it by altering the conffile paths and rebuilding the deb. Regards, Kate Dawson -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From ryan.mclaughlin at motorolasolutions.com Wed Feb 2 16:10:07 2022 From: ryan.mclaughlin at motorolasolutions.com (Ryan McLaughlin) Date: Wed, 2 Feb 2022 10:10:07 -0600 Subject: [ZendTo] Offline Zend.To instances References: Message-ID: Hello, I have several offline Ubuntu 18 running Zend.To 6.01.2. I recently upgraded my integration box to 6.11.2, but when I put in down time for the live boxes, the upgrade did not work and I had to revert. I was getting http 500 errors, and contact your admin errors. When doing an offline upgrade, what should I be doing? I was given this box with almost no linux experience after the previous administrator left, so any help would be appreciated. I am running PHP version 7.2.24, and memcached version 1.5.6. Thank you Ryan McLaughlin -- *For more information on how and why we collect your personal information, please visit our Privacy Policy .* -------------- next part -------------- An HTML attachment was scrubbed... URL: From Jules at Zend.To Wed Feb 2 16:26:00 2022 From: Jules at Zend.To (Jules Field) Date: Wed, 2 Feb 2022 16:26:00 +0000 Subject: [ZendTo] Offline Zend.To instances In-Reply-To: References: Message-ID: Hi Ryan, You should be able to upgrade them with ??? sudo apt update ??? sudo apt upgrade ??? sudo /opt/zendto/bin/upgrade Cheers, Jules. On 02/02/2022 4:10 pm, Ryan McLaughlin via ZendTo wrote: > ?Hello, > > I have several offline Ubuntu 18 running Zend.To 6.01.2. I recently > upgraded my integration box to 6.11.2, but when I put in down time for > the live boxes, the upgrade did not work and I had to revert. I was > getting http 500 errors,?and contact your?admin errors. When doing an > offline upgrade, what should I be doing? I was given this box with > almost no linux experience after the previous administrator left, so > any help would be appreciated. I am running PHP version 7.2.24, and > memcached version 1.5.6. > > Thank you > Ryan McLaughlin > > /For more information on how and why we collect your personal > information, please visit our Privacy Policy > ./ > > > _______________________________________________ > ZendTo mailing list > ZendTo at zend.to > http://jul.es/mailman/listinfo/zendto Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM 'I never saw a wild thing Sorry for itself.' - D.H. Lawrence www.Zend.To Twitter: @JulesFM -------------- next part -------------- An HTML attachment was scrubbed... URL: From Jules at Zend.To Fri Feb 4 11:52:37 2022 From: Jules at Zend.To (Jules Field) Date: Fri, 4 Feb 2022 11:52:37 +0000 Subject: [ZendTo] zendto-saml_1.0-1_all.deb doesn't install on Debian Bullseye In-Reply-To: References: <2632a8a1-30f5-56e6-6fa4-f7c72ec1ae8d@Zend.To> Message-ID: Hi Kate, Sorry about that, I'll take a look and fix it. The main deb package suffered the same problem, I fixed that one but forgot to do the zendto-saml package :-( Thanks for letting me know! Jules. On 01/02/2022 10:06 am, Kate Dawson via ZendTo wrote: > Hi .. I think there may be a bug in the > > zendto-saml_1.0-1_all.deb > > package. > > When I go to install it on Debian 11 Bullseye, I get the following error > > Selecting previously unselected package zendto-saml. > Preparing to unpack .../6-zendto-saml_1.0-1_all.deb ... > dpkg: error processing archive /tmp/apt-dpkg-install-M7YSwI/6-zendto-saml_1.0-1_all.deb (--unpack): > conffile name 'opt/zendto/simplesamlphp/config/acl.php' is not an absolute pathname > Errors were encountered while processing: > /tmp/apt-dpkg-install-M7YSwI/6-zendto-saml_1.0-1_all.deb > E: Sub-process /usr/bin/dpkg returned an error code (1) > > > I think this may be related to this change to dpkg > > https://www.mail-archive.com/debian-dpkg-cvs at lists.debian.org/msg07446.html > > I can work around it by altering the conffile paths and rebuilding the deb. > > Regards, > > Kate Dawson > > > Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM 'They went with songs to the battle, they were young. Straight of limb, true of eye, steady and aglow. They were staunch to the end against odds uncounted, They fell with their faces to the foe. They shall grow not old, as we that are left grow old: Age shall not weary them, nor the years condemn. At the going down of the sun and in the morning, We will remember them. They mingle not with their laughing comrades again; They sit no more at familiar tables of home; They have no lot in our labour of the day-time; They sleep beyond England's foam.' - Ode of Remembrance, Laurence Binyon www.Zend.To Twitter: @JulesFM -------------- next part -------------- An HTML attachment was scrubbed... URL: From Guy.Bertrand at exelaonline.com Tue Feb 22 16:56:49 2022 From: Guy.Bertrand at exelaonline.com (Guy Bertrand) Date: Tue, 22 Feb 2022 16:56:49 +0000 Subject: [ZendTo] autodropoff and automationUsers allowed to login interactively. Should not be. References: <88a0cf6abc904e53a4b8d53ffa497af5@exelaonline.com> Message-ID: Hi Zendto users! I?m trying to use the autodropoff feature for the first time. I?ve got it working nicely, even from Postman. This is great. I?m confused by one little thing : I was under the impression that ? automationUsers ? cannot work with the web interface. I just tested it, and yes, I can send via a auto-dropoff, but the user can also login through the web site. In my preferences file, I have : 'automationUsers' => array('autodropoff.ravi at nologin.com'), In my local users, I have : (information removed to protect the innocent) autodropoff.ravi at nologin.com xxxx xxxxx xxxx TESTING : ==================================== >>> When I try to auto-dropoff, it works! 2022-02-22 11:30:26 96.21.229.99 [Uploadit]: Info: authorization succeeded for autodropoff.ravi at nologin.com 2022-02-22 11:30:26 96.21.229.99 [Uploadit]: Info: Virus scan of dropped-off files '/var/zendto/incoming/php7B9H1O' for autodropoff.ravi at nologin.com passed successfully 2022-02-22 11:30:27 96.21.229.99 [Uploadit]: Info: Deleting request code as it has been used 2022-02-22 11:30:27 96.21.229.99 [Uploadit]: Info: successfully delivered notification email to guy.bertrand at exelaonline.com for claimID ewJmq5AN7yeRQPQ6 2022-02-22 11:30:27 96.21.229.99 [Uploadit]: Info: new unencrypted dropoff ewJmq5AN7yeRQPQ6 of 1 file created for internal user Guy the IT Guy guy.bertrand at exelaonline.com in language en_US using browser 'PostmanRuntime/7.28.4' ==================================== >>> And when I try to login to the web interface, it also works! 2022-02-22 11:40:25 96.21.229.99 [Uploadit]: Info: authorization succeeded for autodropoff.ravi at nologin.com 2022-02-22 11:42:04 96.21.229.99 [Uploadit]: Info: logged out user 'autodropoff.ravi at nologin.com' I must be missing something here. Help!! ZendTo Version 6.11-2 Regards, Guy Guy Bertrand, M.Ing Directeur informatique / IT Manager [Exela Technologies] 1155, boulevard Robert-Bourassa, suite 500 ? Montr?al (Qu?bec) ? CANADA H3B 3A7 B / O: +1 514.392.4999 ? M: +1 514.265-9754 exelatech.com ? About EXELA ? Instagram ? LinkedIn ________________________________ Attention : le pr?sent message et toutes les pi?ces jointes sont confidentiels et ?tablis ? l'attention exclusive du ou des destinataire(s) indiqu?(s). Toute autre diffusion ou utilisation non autoris?e est interdite. Si vous recevez ce message par erreur, veuillez imm?diatement en avertir l'exp?diteur par e-mail en retour, d?truire le message et vous abstenir de toute r?f?rence aux informations qui y figurent afin d'?viter les sanctions attach?es ? la divulgation et ? l'utilisation d'informations confidentielles. Les messages ?lectroniques sont susceptibles d'alt?ration. Exela Technologies et ses filiales d?clinent toute responsabilit? en cas d'alt?ration ou de falsification du pr?sent message. ________________________________ Please consider the environment before printing or forwarding this email. If you do print this email, please recycle the paper. This email message may contain confidential, proprietary and/or privileged information. It is intended only for the use of the intended recipient(s). If you have received it in error, please immediately advise the sender by reply email and then delete this email message. Any disclosure, copying, distribution or use of the information contained in this email message to or by anyone other than the intended recipient is strictly prohibited. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Exela Technologies, Inc. or its subsidiaries. This email does not constitute an agreement to conduct transactions by electronic means and does not create any legally binding contract or enforceable obligation against Exela in the absence of a fully signed written agreement. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 35601 bytes Desc: image001.png URL: From Jules at Zend.To Tue Feb 22 17:16:45 2022 From: Jules at Zend.To (Jules Field) Date: Tue, 22 Feb 2022 17:16:45 +0000 Subject: [ZendTo] autodropoff and automationUsers allowed to login interactively. Should not be. In-Reply-To: References: <88a0cf6abc904e53a4b8d53ffa497af5@exelaonline.com> <68cc9923-a0db-9412-3ee7-b1f4c7a045ac@Zend.To> Message-ID: Guy, The "automationUsers" can *login* to the web interface, but if you try actually doing much once logged in, you'll rapidly find most tasks don't actually work correctly. Feel free to give it a try... Hence the need to separate the "real" users from the "automation" users. You can even create the automation users (you often only need 1) as a "local" user, and use SAML or something pretty with MFA for authenticating your "real" users. That's how you authenticate the automation user while all the real users have to use MFA (which you can't automate). Cheers, Jules. On 22/02/2022 4:56 pm, Guy Bertrand via ZendTo wrote: > > Hi Zendto users! > > I?m trying to use the autodropoff feature for the first time.I?ve got > it working nicely, even from Postman.This is great. > > I?m confused by one little thing?: I was under the impression that > ??automationUsers?? cannot work with the web interface. I just tested > it, and yes, I can send via a auto-dropoff, but the user can also > login through the web site. > > In my preferences file, I have?: > > 'automationUsers' => array('autodropoff.ravi at nologin.com'), > > In my local users, I have?: (information removed to protect the innocent) > > autodropoff.ravi at nologin.comxxxx > xxxxxxxxx > > TESTING?: > > ==================================== > > >>> When I try to auto-dropoff, it works! > > 2022-02-22 11:30:26 96.21.229.99 [Uploadit]: Info: authorization > succeeded for autodropoff.ravi at nologin.com > > 2022-02-22 11:30:26 96.21.229.99 [Uploadit]: Info: Virus scan of > dropped-off files'/var/zendto/incoming/php7B9H1O' for > autodropoff.ravi at nologin.com passed successfully > > 2022-02-22 11:30:27 96.21.229.99 [Uploadit]: Info: Deleting request > codeas it has been used > > 2022-02-22 11:30:27 96.21.229.99 [Uploadit]: Info: successfully > delivered notification email to guy.bertrand at exelaonline.com for > claimID ewJmq5AN7yeRQPQ6 > > 2022-02-22 11:30:27 96.21.229.99 [Uploadit]: Info: new unencrypted > dropoff ewJmq5AN7yeRQPQ6 of 1 file created for internal user Guy the > IT Guy guy.bertrand at exelaonline.com in language en_US using browser > 'PostmanRuntime/7.28.4' > > ==================================== > > >>> And when I try to login to the web interface, it also works! > > 2022-02-22 11:40:25 96.21.229.99 [Uploadit]: Info: authorization > succeeded for autodropoff.ravi at nologin.com > > 2022-02-22 11:42:04 96.21.229.99 [Uploadit]: Info: logged out user > 'autodropoff.ravi at nologin.com' > > I must be missing something here.Help!! > > ZendTo Version 6.11-2 > > Regards, > > Guy > > *Guy Bertrand, M.Ing* > Directeur informatique / IT Manager > > Exela Technologies > > 1155, boulevard Robert-Bourassa, suite 500 ???Montr?al (Qu?bec) > ???CANADA H3B 3A7 > B / O: +1 514.392.4999 ???M: +1 514.265-9754 > exelatech.com ?About EXELA > ?Instagram > ?LinkedIn > > > ------------------------------------------------------------------------ > Attention : le pr?sent message et toutes les pi?ces jointes sont > confidentiels et ?tablis ? l'attention exclusive du ou des > destinataire(s) indiqu?(s). Toute autre diffusion ou utilisation non > autoris?e est interdite. Si vous recevez ce message par erreur, > veuillez imm?diatement en avertir l'exp?diteur par e-mail en retour, > d?truire le message et vous abstenir de toute r?f?rence aux > informations qui y figurent afin d'?viter les sanctions attach?es ? la > divulgation et ? l'utilisation d'informations confidentielles. Les > messages ?lectroniques sont susceptibles d'alt?ration. Exela > Technologies et ses filiales d?clinent toute responsabilit? en cas > d'alt?ration ou de falsification du pr?sent message. > ------------------------------------------------------------------------ > Please consider the environment before printing or forwarding this > email. If you do print this email, please recycle the paper. > > This email message may contain confidential, proprietary and/or > privileged information. It is intended only for the use of the > intended recipient(s). If you have received it in error, please > immediately advise the sender by reply email and then delete this > email message. Any disclosure, copying, distribution or use of the > information contained in this email message to or by anyone other than > the intended recipient is strictly prohibited. Any views expressed in > this message are those of the individual sender, except where the > sender specifically states them to be the views of Exela Technologies, > Inc. or its subsidiaries. > > This email does not constitute an agreement to conduct transactions by > electronic means and does not create any legally binding contract or > enforceable obligation against Exela in the absence of a fully signed > written agreement. > > _______________________________________________ > ZendTo mailing list > ZendTo at zend.to > http://jul.es/mailman/listinfo/zendto Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites, whisk and place in a warm oven for 40 minutes. www.Zend.To Twitter: @JulesFM -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 35601 bytes Desc: not available URL: From Guy.Bertrand at exelaonline.com Tue Feb 22 17:23:19 2022 From: Guy.Bertrand at exelaonline.com (Guy Bertrand) Date: Tue, 22 Feb 2022 17:23:19 +0000 Subject: [ZendTo] autodropoff and automationUsers allowed to login interactively. Should not be. In-Reply-To: References: <88a0cf6abc904e53a4b8d53ffa497af5@exelaonline.com> <68cc9923-a0db-9412-3ee7-b1f4c7a045ac@Zend.To> <654cbe4553e04861ab48c1e50419ea36@exelaonline.com> Message-ID: Jules, Thanks for the prompt response. My head was hurting trying to figure this one out. My users are actually using Google IMAP and AD email addresses for the moment. My automation users will only be configured in the Local DB. This is working fine. 'authMultiAuthenticators' => array('Local','IMAP', 'AD'), In that case, I would like to submit a ? request for enhancement ? for a future version : * A user listed in the ? automationUsers ? cannot login to the web interface?at all. Just to keep the auditors happy. Regards, Guy From: Jules Field Sent: Tuesday, February 22, 2022 12:17 PM To: ZendTo Users Cc: Guy Bertrand Subject: Re: [ZendTo] autodropoff and automationUsers allowed to login interactively. Should not be. CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Please contact suspicious.emails at exelaonline.com with any concerns. Guy, The "automationUsers" can *login* to the web interface, but if you try actually doing much once logged in, you'll rapidly find most tasks don't actually work correctly. Feel free to give it a try... Hence the need to separate the "real" users from the "automation" users. You can even create the automation users (you often only need 1) as a "local" user, and use SAML or something pretty with MFA for authenticating your "real" users. That's how you authenticate the automation user while all the real users have to use MFA (which you can't automate). Cheers, Jules. On 22/02/2022 4:56 pm, Guy Bertrand via ZendTo wrote: Hi Zendto users! I?m trying to use the autodropoff feature for the first time. I?ve got it working nicely, even from Postman. This is great. I?m confused by one little thing : I was under the impression that ? automationUsers ? cannot work with the web interface. I just tested it, and yes, I can send via a auto-dropoff, but the user can also login through the web site. In my preferences file, I have : 'automationUsers' => array('autodropoff.ravi at nologin.com'), In my local users, I have : (information removed to protect the innocent) autodropoff.ravi at nologin.com xxxx xxxxx xxxx TESTING : ==================================== >>> When I try to auto-dropoff, it works! 2022-02-22 11:30:26 96.21.229.99 [Uploadit]: Info: authorization succeeded for autodropoff.ravi at nologin.com 2022-02-22 11:30:26 96.21.229.99 [Uploadit]: Info: Virus scan of dropped-off files '/var/zendto/incoming/php7B9H1O' for autodropoff.ravi at nologin.com passed successfully 2022-02-22 11:30:27 96.21.229.99 [Uploadit]: Info: Deleting request code as it has been used 2022-02-22 11:30:27 96.21.229.99 [Uploadit]: Info: successfully delivered notification email to guy.bertrand at exelaonline.com for claimID ewJmq5AN7yeRQPQ6 2022-02-22 11:30:27 96.21.229.99 [Uploadit]: Info: new unencrypted dropoff ewJmq5AN7yeRQPQ6 of 1 file created for internal user Guy the IT Guy guy.bertrand at exelaonline.com in language en_US using browser 'PostmanRuntime/7.28.4' ==================================== >>> And when I try to login to the web interface, it also works! 2022-02-22 11:40:25 96.21.229.99 [Uploadit]: Info: authorization succeeded for autodropoff.ravi at nologin.com 2022-02-22 11:42:04 96.21.229.99 [Uploadit]: Info: logged out user 'autodropoff.ravi at nologin.com' I must be missing something here. Help!! ZendTo Version 6.11-2 Regards, Guy Guy Bertrand, M.Ing Directeur informatique / IT Manager [Exela Technologies] 1155, boulevard Robert-Bourassa, suite 500 ? Montr?al (Qu?bec) ? CANADA H3B 3A7 B / O: +1 514.392.4999 ? M: +1 514.265-9754 exelatech.com ? About EXELA ? Instagram ? LinkedIn ________________________________ Attention : le pr?sent message et toutes les pi?ces jointes sont confidentiels et ?tablis ? l'attention exclusive du ou des destinataire(s) indiqu?(s). Toute autre diffusion ou utilisation non autoris?e est interdite. Si vous recevez ce message par erreur, veuillez imm?diatement en avertir l'exp?diteur par e-mail en retour, d?truire le message et vous abstenir de toute r?f?rence aux informations qui y figurent afin d'?viter les sanctions attach?es ? la divulgation et ? l'utilisation d'informations confidentielles. Les messages ?lectroniques sont susceptibles d'alt?ration. Exela Technologies et ses filiales d?clinent toute responsabilit? en cas d'alt?ration ou de falsification du pr?sent message. ________________________________ Please consider the environment before printing or forwarding this email. If you do print this email, please recycle the paper. This email message may contain confidential, proprietary and/or privileged information. It is intended only for the use of the intended recipient(s). If you have received it in error, please immediately advise the sender by reply email and then delete this email message. Any disclosure, copying, distribution or use of the information contained in this email message to or by anyone other than the intended recipient is strictly prohibited. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Exela Technologies, Inc. or its subsidiaries. This email does not constitute an agreement to conduct transactions by electronic means and does not create any legally binding contract or enforceable obligation against Exela in the absence of a fully signed written agreement. _______________________________________________ ZendTo mailing list ZendTo at zend.to http://jul.es/mailman/listinfo/zendto Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM IMPORTANT: This email is intended for the use of the individual addressee(s) named above and may contain information that is confidential, privileged or unsuitable for overly sensitive persons with low self-esteem, no sense of humour or irrational religious beliefs. If you are not the intended recipient, any dissemination, distribution or copying of this email is not authorised (either explicitly or implicitly) and constitutes an irritating social faux pas. Unless the word absquatulation has been used in its correct context somewhere other than in this warning, it does not have any legal or no grammatical use and may be ignored. No animals were harmed in the transmission of this email, although the kelpie next door is living on borrowed time, let me tell you. Those of you with an overwhelming fear of the unknown will be gratified to learn that there is no hidden message revealed by reading this warning backwards, so just ignore that Alert Notice from Microsoft. However, by pouring a complete circle of salt around yourself and your computer you can ensure that no harm befalls you and your pets. If you have received this email in error, please add some nutmeg and egg whites, whisk and place in a warm oven for 40 minutes. www.Zend.To Twitter: @JulesFM ________________________________ Attention : le pr?sent message et toutes les pi?ces jointes sont confidentiels et ?tablis ? l'attention exclusive du ou des destinataire(s) indiqu?(s). Toute autre diffusion ou utilisation non autoris?e est interdite. Si vous recevez ce message par erreur, veuillez imm?diatement en avertir l'exp?diteur par e-mail en retour, d?truire le message et vous abstenir de toute r?f?rence aux informations qui y figurent afin d'?viter les sanctions attach?es ? la divulgation et ? l'utilisation d'informations confidentielles. Les messages ?lectroniques sont susceptibles d'alt?ration. Exela Technologies et ses filiales d?clinent toute responsabilit? en cas d'alt?ration ou de falsification du pr?sent message. ________________________________ Please consider the environment before printing or forwarding this email. If you do print this email, please recycle the paper. This email message may contain confidential, proprietary and/or privileged information. It is intended only for the use of the intended recipient(s). If you have received it in error, please immediately advise the sender by reply email and then delete this email message. Any disclosure, copying, distribution or use of the information contained in this email message to or by anyone other than the intended recipient is strictly prohibited. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Exela Technologies, Inc. or its subsidiaries. This email does not constitute an agreement to conduct transactions by electronic means and does not create any legally binding contract or enforceable obligation against Exela in the absence of a fully signed written agreement. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 35601 bytes Desc: image001.png URL: From Jules at Zend.To Wed Feb 23 16:08:58 2022 From: Jules at Zend.To (Jules Field) Date: Wed, 23 Feb 2022 16:08:58 +0000 Subject: [ZendTo] autodropoff and automationUsers allowed to login interactively. Should not be. In-Reply-To: References: <88a0cf6abc904e53a4b8d53ffa497af5@exelaonline.com> <68cc9923-a0db-9412-3ee7-b1f4c7a045ac@Zend.To> <654cbe4553e04861ab48c1e50419ea36@exelaonline.com> <2acd767e-b012-5bda-1fb1-d1acdda52e96@Zend.To> Message-ID: Hi Guy, Good idea, provided it's reasonably simple to do. When using SAML auth for the main users, I suspect it's not so easy. There must be a good reason I didn't do this to start with... I'll take a look, but no promises (the normal and automation users run almost the same code, it's just the output type that varies: normal users get pretty HTML, automation users get HTTP headers). Cheers, Jules. On 22/02/2022 5:23 pm, Guy Bertrand wrote: > > Jules, > > Thanks for the prompt response.My head was hurting trying to figure > this one out. > > My users are actually using Google IMAP and AD email addresses for the > moment.My automation users will only be configured in the Local > DB.This is working fine. > > 'authMultiAuthenticators' => array('Local','IMAP', 'AD'), > > In that case, I would like to submit a ??request for enhancement?? for > a future version?: > > * A user listed in the ??automationUsers?? cannot login to the web > interface?at all.Just to keep the auditors happy. > > Regards, > > Guy > > *From:*Jules Field > *Sent:* Tuesday, February 22, 2022 12:17 PM > *To:* ZendTo Users > *Cc:* Guy Bertrand > *Subject:* Re: [ZendTo] autodropoff and automationUsers allowed to > login interactively. Should not be. > > CAUTION:This email originated from outside of the organization. Do not > click links or open attachments unless you recognize the sender and > know the content is safe. Please contact > suspicious.emails at exelaonline.com with any concerns. > > Guy, > > The "automationUsers" can *login* to the web interface, but if you try > actually doing much once logged in, you'll rapidly find most tasks > don't actually work correctly. Feel free to give it a try... > Hence the need to separate the "real" users from the "automation" users. > > You can even create the automation users (you often only need 1) as a > "local" user, and use SAML or something pretty with MFA for > authenticating your "real" users. That's how you authenticate the > automation user while all the real users have to use MFA (which you > can't automate). > > Cheers, > Jules. > > On 22/02/2022 4:56 pm, Guy Bertrand via ZendTo wrote: > > Hi Zendto users! > > I?m trying to use the autodropoff feature for the first time.I?ve > got it working nicely, even from Postman.This is great. > > I?m confused by one little thing?: I was under the impression that > ??automationUsers?? cannot work with the web interface.I just > tested it, and yes, I can send via a auto-dropoff, but the user > can also login through the web site. > > In my preferences file, I have?: > > 'automationUsers' => array('autodropoff.ravi at nologin.com'), > > In my local users, I have?: (information removed to protect the > innocent) > > autodropoff.ravi at nologin.comxxxx > xxxxxxxxx > > TESTING?: > > ==================================== > > >>> When I try to auto-dropoff, it works! > > 2022-02-22 11:30:26 96.21.229.99 [Uploadit]: Info: authorization > succeeded for autodropoff.ravi at nologin.com > > 2022-02-22 11:30:26 96.21.229.99 [Uploadit]: Info: Virus scan of > dropped-off files'/var/zendto/incoming/php7B9H1O' for > autodropoff.ravi at nologin.com passed successfully > > 2022-02-22 11:30:27 96.21.229.99 [Uploadit]: Info: Deleting > request codeas it has been used > > 2022-02-22 11:30:27 96.21.229.99 [Uploadit]: Info: successfully > delivered notification email to guy.bertrand at exelaonline.com for > claimID ewJmq5AN7yeRQPQ6 > > 2022-02-22 11:30:27 96.21.229.99 [Uploadit]: Info: new unencrypted > dropoff ewJmq5AN7yeRQPQ6 of 1 file created for internal user Guy > the IT Guy guy.bertrand at exelaonline.com in language en_US using > browser 'PostmanRuntime/7.28.4' > > ==================================== > > >>> And when I try to login to the web interface, it also works! > > 2022-02-22 11:40:25 96.21.229.99 [Uploadit]: Info: authorization > succeeded for autodropoff.ravi at nologin.com > > 2022-02-22 11:42:04 96.21.229.99 [Uploadit]: Info: logged out user > 'autodropoff.ravi at nologin.com' > > I must be missing something here.Help!! > > ZendTo Version 6.11-2 > > Regards, > > Guy > > *Guy Bertrand, M.Ing* > Directeur informatique / IT Manager > > Exela Technologies > > > 1155, boulevard Robert-Bourassa, suite 500 ???Montr?al (Qu?bec) > ???CANADA H3B 3A7 > B / O: +1 514.392.4999 ???M: +1 514.265-9754 > exelatech.com > > ?About EXELA > > ?Instagram > > ?LinkedIn > > > ------------------------------------------------------------------------ > > Attention : le pr?sent message et toutes les pi?ces jointes sont > confidentiels et ?tablis ? l'attention exclusive du ou des > destinataire(s) indiqu?(s). Toute autre diffusion ou utilisation > non autoris?e est interdite. Si vous recevez ce message par > erreur, veuillez imm?diatement en avertir l'exp?diteur par e-mail > en retour, d?truire le message et vous abstenir de toute r?f?rence > aux informations qui y figurent afin d'?viter les sanctions > attach?es ? la divulgation et ? l'utilisation d'informations > confidentielles. Les messages ?lectroniques sont susceptibles > d'alt?ration. Exela Technologies et ses filiales d?clinent toute > responsabilit? en cas d'alt?ration ou de falsification du pr?sent > message. > > ------------------------------------------------------------------------ > > Please consider the environment before printing or forwarding this > email. If you do print this email, please recycle the paper. > > This email message may contain confidential, proprietary and/or > privileged information. It is intended only for the use of the > intended recipient(s). If you have received it in error, please > immediately advise the sender by reply email and then delete this > email message. Any disclosure, copying, distribution or use of the > information contained in this email message to or by anyone other > than the intended recipient is strictly prohibited. Any views > expressed in this message are those of the individual sender, > except where the sender specifically states them to be the views > of Exela Technologies, Inc. or its subsidiaries. > > This email does not constitute an agreement to conduct > transactions by electronic means and does not create any legally > binding contract or enforceable obligation against Exela in the > absence of a fully signed written agreement. > > _______________________________________________ > > ZendTo mailing list > > ZendTo at zend.to > > http://jul.es/mailman/listinfo/zendto > > > > > Jules > -- > Julian Field MEng CEng CITP MBCS MIEEE MACM > IMPORTANT: This email is intended for the use of the individual > addressee(s) named above and may contain information that is > confidential, privileged or unsuitable for overly sensitive persons > with low self-esteem, no sense of humour or irrational religious > beliefs. If you are not the intended recipient, any dissemination, > distribution or copying of this email is not authorised (either > explicitly or implicitly) and constitutes an irritating social faux > pas. > Unless the word absquatulation has been used in its correct context > somewhere other than in this warning, it does not have any legal > or no grammatical use and may be ignored. No animals were harmed > in the transmission of this email, although the kelpie next door > is living on borrowed time, let me tell you. Those of you with an > overwhelming fear of the unknown will be gratified to learn that > there is no hidden message revealed by reading this warning backwards, > so just ignore that Alert Notice from Microsoft. > However, by pouring a complete circle of salt around yourself and > your computer you can ensure that no harm befalls you and your pets. > If you have received this email in error, please add some nutmeg > and egg whites, whisk and place in a warm oven for 40 minutes. > www.Zend.To > > Twitter: @JulesFM > ------------------------------------------------------------------------ > Attention : le pr?sent message et toutes les pi?ces jointes sont > confidentiels et ?tablis ? l'attention exclusive du ou des > destinataire(s) indiqu?(s). Toute autre diffusion ou utilisation non > autoris?e est interdite. Si vous recevez ce message par erreur, > veuillez imm?diatement en avertir l'exp?diteur par e-mail en retour, > d?truire le message et vous abstenir de toute r?f?rence aux > informations qui y figurent afin d'?viter les sanctions attach?es ? la > divulgation et ? l'utilisation d'informations confidentielles. Les > messages ?lectroniques sont susceptibles d'alt?ration. Exela > Technologies et ses filiales d?clinent toute responsabilit? en cas > d'alt?ration ou de falsification du pr?sent message. > ------------------------------------------------------------------------ > Please consider the environment before printing or forwarding this > email. If you do print this email, please recycle the paper. > > This email message may contain confidential, proprietary and/or > privileged information. It is intended only for the use of the > intended recipient(s). If you have received it in error, please > immediately advise the sender by reply email and then delete this > email message. Any disclosure, copying, distribution or use of the > information contained in this email message to or by anyone other than > the intended recipient is strictly prohibited. Any views expressed in > this message are those of the individual sender, except where the > sender specifically states them to be the views of Exela Technologies, > Inc. or its subsidiaries. > > This email does not constitute an agreement to conduct transactions by > electronic means and does not create any legally binding contract or > enforceable obligation against Exela in the absence of a fully signed > written agreement. Jules -- Julian Field MEng CEng CITP MBCS MIEEE MACM 'Gaze not into the abyss, lest you become recognised as an abyss domain expert, and they expect you to keep gazing into the damn thing.' - @nickm_tor www.Zend.To Twitter: @JulesFM -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 35601 bytes Desc: not available URL: