Hello, I set up my IPSConfig conf with scripts using API (no manual entry) I see that my admin user is groupid=1 in sys_group table so that, when creating a site, group_id = 1 is affected to all admin website. but unfortunatelly, in web_vhost_domain.tform.php, there is I don't know what is abnormal... group_id=1 for admin user or groupid=0 for web user
Your screenshot shows the auth preset and not the final groupid. The auth preset is as described in the comment, 0 = the id is set automatically or a value > 0 to force it to a specific user, but that's nowhere used, so always leave this setting at at 0.
Right I dig a little bit more. Here is the problem : you can see phpmyadmin view, for a website created with API for admin user here same view after opening web interface, reviewing above website and saving sys_groupid is not the same. if I well understand for API, sysgroupid taken is 1 from sys_group table for web interface, sysgroupid is 0 from sys_user table This as almost no impact on how ISPConfig configure my server. But, it makes impossible further query to API : for example function 'site_web_domain_get ', when I set client_id to 0 it returns nothing... I don't know if that is normal to have sys_user and sys_group with almost same info : usergroupid, and, both different ?
Just to make sure, you are aware that client_id is not the same as sys_useriud? These are different ID's which refer to different tables and have different values for items. The sys_userid refers to sys_user table, while client_id is the primary id of the client table, these differ, depending on the users that exist on a system.
Sorry, it was not clear to me. Thanks for your explaination. But, as you can see above. for table web_domain, code is taken sys_groupid from -> sys_user table for web interface -> sys_group table for API : groupid field --> is that correct ?
the groupd field from sys_user table refers to the sys_group table, so this should be identical and consistent. Maybe you passed an invalid client group id like client group id 0 to the API?
for admin, I don't create any client in the system... so, I don't set groupid (in API) Anyway, for other client, I don't set any groupid (in API) ... So that, groupid for admin is wrongly created somewhere ...
I think I find out : in file, ispconfig3.sql, there is : In sys_group, INSERT groupid=1 for client_id=0 (admin) Except if I wrongly understand, admin is client0 thus, groupid should be 0 If you agree, I can create a branch, correct and push mr line should be changed into ' INSERT INTO `sys_group` (`groupid`, `name`, `description`, `client_id`) VALUES (0, 'admin', 'Administrators group', 0); '
No, this assumption is wrong. Numbers in the group name do not indicate which ID the group has. If you want to look up a group, then you'll have to use the full group name and look it up in the sys_group table. This has to stay as it is, your change would simply break all systems. The value 0 means non-existent group, so sys_group table may never contain a value with this primary ID. I'm not sure which problems you have as the API is working fine here as it is. The Migration Tool uses the API and there are no issues with using it, so my guess is that you simply pass wrong or not all needed values to the API if you get wrong results while the Migration Tool, which uses the same API, gets correct results.
If you see something strange. Here is my code : Code: $tstamp=date("Y-m-d H:i:s") ; $params = array( 'server_id' => 1, 'ip_address' => '*', 'domain' => $CONFIG['domain'], 'type' => 'vhost', 'parent_domain_id' => 0, 'vhost_type' => 'name', 'hd_quota' => -1, 'traffic_quota' => -1, 'cgi' => 'n', 'ssi' => 'n', 'ruby' => 'n', 'python' => 'n', 'perl' => 'n', 'suexec' => 'n', 'errordocs' => 1, 'is_subdomainwww' => 1, 'subdomain' => 'none', 'php' => 'php-fpm', 'redirect_type' => '', 'redirect_path' => '', 'seo_redirect' => 'www_to_non_www', 'rewrite_to_https' => 'y', 'ssl' => 'y', 'ssl_letsencrypt' => 'y', 'ssl_letsencrypt_exclude' => 'n', 'ssl_state' => '', 'ssl_locality' => '', 'ssl_organisation' => '', 'ssl_organisation_unit' => '', 'ssl_country' => '', 'ssl_domain' => '', 'ssl_request' => '', 'ssl_key' => '', 'ssl_cert' => '', 'ssl_bundle' => '', 'ssl_action' => '', 'stats_password' => '**hidden**', 'stats_type' => 'awstats', 'allow_override' => 'All', 'apache_directives' => '#WordPress #security <IfModule mod_headers.c> Header unset Server Header always unset X-Powered-By Header unset X-CF-Powered-By Header unset X-Mod-Pagespeed Header unset X-Pingback Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Header always set Content-Security-Policy "upgrade-insecure-requests;" Header always set Referrer-Policy "no-referrer, same-origin" Header always set X-Content-Type-Options "nosniff" Header always set X-Frame-Options "SAMEORIGIN" Header set X-XSS-Protection "1; mode = block" </IfModule> ', 'php_fpm_use_socket' => 'y', 'php_fpm_chroot' => 'n', 'pm' => 'ondemand', 'pm_max_children' => 10, 'pm_start_servers' => 2, 'pm_min_spare_servers' => 1, 'pm_max_spare_servers' => 5, 'pm_process_idle_timeout' => 10, 'pm_max_requests' => 0, 'pm_max_requests' => 0, 'custom_php_ini' => ' memory_limit = 512M file_uploads = On upload_max_size = 128M post_max_size = 128M upload_max_filesize = 64M max_execution_time = 180 max_input_time = 120 ', 'backup_interval' => 'none', 'backup_copies' => 2, 'backup_format_web' => 'default', 'backup_format_db' => 'gzip', 'backup_encrypt' => 'n', 'backup_password' => '' , 'backup_excludes' => '', 'active' => 'y', 'traffic_quota_lock' => 'n', 'http_port' => '80', 'https_port' => '443', 'log_retention' => 5 , 'proxy_protocol' => 'n' , 'added_date' => $tstamp , 'added_by' => 'admin' ); $client_id=0; $sites_web_id = $client->sites_web_domain_add($session_id, $client_id, $params, $readonly = false) I try removing 'parent_domain_id' => 0, it had no impact !
In params, I try to add " 'sys_groupid' => 0, " it has no impact. At the end of website creation process through API, sys_groupid=1 in web_domain table !
Sorry, when I wrote, "'parent_domain_id' => 0,", that was php coding extract... So that, I had : Code: array(..., 'parent_domain_id' => 0, ...) I test with : Code: array(..., ...) I removed that 'parent_domain_id' part of code. NO tests I did show solution...
Digging the code, I finally come to the idea that typically a remote user hasn't got "admin" type in the system... To set up admin type, remote user should be named "admin". Do you confirm ? Anyway I gonna test that !
Remote users have always admin priveliges, the api is not bound to client limits. That's why you set the client_id in the remote API calls, use client_id = 0 if you want to create a record to be owned by the admin user.
@till I am quite disappointed. I look at that topic for days. I believe you expertise on ISPConfig, but... 1. My code to API (above) is very simple. I don't see any missing or wrong values. You mention none... I look at 'login' function, you explain that is not that... As I connect to API normally, I think there is nothing there. 2. The issue I face is invisible to "normal" ISPConfig user. After using API to create a website with $client_id=0, everything is working well: nothing is visible. You can see it in mariadb, ispconfig base, table web_domain, field sys_groupid (it is wrongly 1, instead of 0) The only possibility to see something is, to call a function in API. For some functions (not all functions), an API request will give back nothing... If you open admin website and save (changing nothing) Web interface will change sys_groupid to 0 and remove issue. After that, if I call API, no more problem: API will answer well. 3. My understanding of code action is: -> when using API, in table web_domain, sys_groupid is coming from sys_group.groupid -> when using web interface, in table web_domain, sys_groupid is coming from sys_group.groupid except for admin where it is set to 0 (0 is the working value) 4. After migration process, did you check that particular item : sys_groupid for admin websites in web_domain table ? Sorry for insisting so much, but for the moment, my API script (for admin) is a automated/manual process !
Feel free to make a issue report in the ISPConfig bug tracker at git.ispconfig.org so we can have a further look at the issue.
