Member SinceNovember 30th, 2018
Last SeenMay 1st, 2020
OneClick Sudo Login for SugarCRM 8 / 9
Sudo Login (or Masquerade) allows Administrators to log in as any regular user without asking for their password and without disconnecting them. Specially useful for configuring their workspace (filters, reports, dashboard) or to support users (reproduce issues, help them step by step, etc).
Support May 8th, 2020 @ 8:40 am
Version 2.2 has been pre-released for eligeo in order to double check the problem was solved.View Comment
Thanks for your support eligeo team.
Support May 4th, 2020 @ 4:37 pm
I see we have the same certificates from Sugar University pinned on the walls :)
Else on your last sentence you mention that the plugin is working just fine with some users (also connected to ldap ?) where as others are not working correctly ?
That is really interesting because this kick out the LDAP issue from the scope.
We are really doubting the fact to create another "platform" that is out of the purposes of the module.
On the last week I spent almost all my time to try to have a working Sugar environement that could connect to LDAP servers (MAMP on mac is KO, my WAMP installation on my windows machine breaks when entering the licence on Sugar Ent 10.0.1
I am continuing to dig, but for now, no clue on the question.
I agree that solving the issue there definitively is better than fixing it on your solo side, but until now i don't have any clue on how to fix it.
Do you have a list of common settings for the affected users on your customer instance ?
Support May 1st, 2020 @ 6:36 pm
Sorry link was broken : https://fromsmash.com/XpQvWcI.0W-ctView Comment
Support May 1st, 2020 @ 6:36 pm
Hi Derek / Eligeo team,
Please be ensured we are thankfull for the message and help provided.
But to our knowledge, the module is still working as expected.
As Youtube doesn't want to let me upload the video, please find a link recorded tonight using Sugar 10.0.1 under Php 7.3 :
- You will see admin account on the right side of the screen
- regular user "test" on the left
I created some dummy accounts using test user, then under admin, log as test and create more dummies account
Then on the left side, i am still log in I can navigate, browse records, log out, log in back
On the admin session, i log out as user to be back to my admin session
I can stil log out/log in using my regular user.
So without LDAP this is just working fine.
I will have now a look if I can connect this damned LDAP server to my Sugar instance and let you knowView Comment
Support May 1st, 2020 @ 8:00 am
Hello Derek, Thanks for the follow up and help to try to dig the issue.
Unfortunately, I am really unsure about the Sugar Support answer ("base" client is dedicated to the web access whereas the "mobile" one is dedicated to mobile application access)
This help in deed to have both the web access and mobile app launched at the same time.
Aim of the module is to have full access as the sudoed user to the web channel of the application, we ever used the "base auth" as model for years.
As already staged we really think this is link to LDAP/external auth.
We searched for a fake/free ldap server to test : https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/
And so we tried to create a new demo of SugarCRM on Demand but unfortunately, despite our tries, we didn't sucessfully connected Sugar to this ldap server
I double check some ldap commands on my Mac and they were working so it appears that demo servers of Sugar does not allow to connect to LDAP server (I suspect they are blocking any other ports than 443 on the demo server)
For now, i didn't have a single second to have a look to auto-host a sugar instance by myself on my dev env to have a new look.
I know you didn't want to be bothered on the topic, but would you have by luck, such a working env connected on this sample ldap server that you could share with us in order to gain time and be focused on digging the root cause please ?
Many thanks for your answer.View Comment
Support April 22nd, 2020 @ 4:13 pm
The idea was to test for few minutes to focus on the root cause.
But I take your point, you can't/don't want to track the issue and we will have to dig on our own.
The best solution for you as of today is to ask for refund to my friends of Sugar outfitters.
They will grant it without question, no worries about it.
You'll then be able to review other addons.
In the meantime I will edit the documentation and warn the solution is not working with LDAP support + external auth only
If we got time to test using LDAP support we will update the solution here.
Best regards and sorry for the inconvenience.View Comment
Support April 22nd, 2020 @ 6:52 am
Hello and thanks for your many answers.
I have one more that is I know is not that you're willing to do but that could help me refine the symptoms and understand where to look at.
If you try to uncheck the external auth only in User management for a particular user, can he/she still log in after you used the module ?
I highly suspect that only this checkbox break the logi/session monitoring behavior because our module is working for the last 10 years, we only updated it to work with sidecar/Sugar7+ new framework.
Hope you will be able to do the test with us.
Support April 21st, 2020 @ 9:41 pm
Sorry first for all the inconvenience.
You didn't answer the scenario of number of computer used and our questions.
We can only guess that the admin is not (sounds obvious) the same computer than the user.
We can also guess the flavor and hosting solution. Sugar OnDemand use SugarIdentity and you didn't provide any information about it.
I never heard this kind of scenario before but in the same time the error message displayed mean you configured the system to only use external auth.
Did the user log in first in Sugar before using the plugin (this one is quite important as Sugar has to initialize some data for the user before to use the module)
If you created the user, log in/out with it, then you should be able to use the module without troubles
According to doc :
Once you have completed the form, you will then need to enable LDAP for users by navigating to Admin > User Management, selecting the desired user, then clicking the Advanced tab in their user profile. Enable the "LDAP Authentication Only" checkbox then click "Save". Sugar will then synchronize the user's Active Directory user name and present the password on the LDAP port. When the user next logs into Sugar, they will enter their Active Directory username and password.
Did you try to uncheck the checkbox and see if it was working for this user.
We had customers working with ldap and i didn't remember it was not working.
So I guess this is related to this checkbox.
Also as you mention something is getting corrupted in the second computer (user browser's cache) I guess more than this is not a data related problem.
I also guess from your last message that cleaning the browser is fixing the user computer and that he can log in back. For documenting the issue, what is the computer OS and browser (+version)
Is the problem reproductible just by log in / out without doing any modification also ?
Am I correct with all these assertions ?
This issues have never been reported to us before.
Unfortunately, we don't have in short term a plan to look for LDAP authentification specially if we have a working workaround.
Of course feel free to test any modules, we barely test all of them before creating ours and no one was handling the situation another way.
But this would be interesting to have your feedbacks about it.
Best regards and sorry again for the inconvenience.View Comment
Support April 21st, 2020 @ 6:26 pm
Hello ELigeo team,
Which version of SugarCRM are you using ?
OnPremise / OnDemand ?
Our plugin has never been think with external auth only in mind.
So I can't ensure you it is working.
In the mean time to what I understood :
- you sucessfully used the plugin on computer 1 to log in as user A
- you made changes (which kind of changes in which module ?)
- you logged out as the user (you were back as the admin user ?)
- on computer 1, you can still log out/log in as Admin
- you can't log anymore as user 1 on computer 1,
- can you log as user 1 on another computer ?
- did you try private browsing mode ?
- did you try to check the user settings regarding auth for this specific user ?
Unfortunately, I didn't have a LDAP system there to test myself.
Can you help me to understand the problem ?
Normally we are just writing in the browser session an information, so I don't see/understand how it could affect the system.
In the meantime hope your answers will help us to give a more detailed answer.
Support February 22nd, 2020 @ 7:59 am
Thanks for the detailled answer.
If I remember well, the permission engine is not "customizable", meaning that the change would be in the CORE, that is something we always prevented to dig in.
Our module for example uses only extension system/mecanisms to allow to use the sudo feature.
But I need to dig with latest Sugar 9.3 to be sure they didn't change/open it on the code level.
As you're a partner, if you need some modules for your customers, don't hesitate to contact us directly.
No promise on the developement of the feature for now, we are focused on finishing other modules for the next weeks.
Support February 19th, 2020 @ 10:42 pm
Unfortunately no feedback for the last 2 months. I am closing the case. Don't hesitate to let us know if anything can be added on this topic.View Comment
Support February 19th, 2020 @ 10:41 pm
Hello Derek, currently the module only support to give the power to administrators (as the famous sudo commande in UNIX/Linux terminal that require Root password) but I am interested to discuss with you to add this feature on the roadmap.
Could you elaborate a bit further on the process ?
- What is the type of user ?
- Does he manage people (do you use the User's module field "Report to")
- Is is a specific user you have in mind but no hiearchic relationship to other sugar users ?
- You want to have an admin pannel to define on the fly multiple users to enable sudo module or we could only "config" this data ?
- As the module permits to "act" as others, currently the actions are not logged as having been made by a SUDO admin. Would it be a problem and should we find a way to add a better history ?
Are you running OnDemand ? OnPremise ?
Which version and flavor are you using ?
Our team was thiinking about creating a new "higher/feature richer" release for 2020 so it could be the best place to talk about that.
Support December 16th, 2019 @ 7:26 pm
We would add to our knowledge despite the new feature introduced in Sugar 9, there's no specific evolution of the expected feature between 8 and 9 on scheduled reports.
We hope the user will be able to gain an access to either a sandbox or any 8.0.3 instance to debug it more closely, but we doubt to be in the case of a module bug, as the nature of the module that only superseed in memory the logged-in user (no business code modification in the reports module)View Comment
Support December 16th, 2019 @ 7:17 pm
Thanks for the reply.
We just tested again the feature using Sugar OnDemand 9.0.2 (lastest stable version) and this is working fine.
The scheduled reports are created either to the running user (not only admin) and you can also add additional users to a schedule to send it multiple times using only one schedule.
Using sudo login let you use the report module as the sudoed user and so schedule its own reports.
I waited the necessary time to let the scheduler trigger the cron and then check the mailbox :
the report were triggered and emails sent to the right recipient.
Do you have an available sandbox to have a look on your on-premise instance and help debug it ?View Comment
Support December 16th, 2019 @ 6:29 pm
Thanks for contacting us.
Can you please tell us the exact flavor and version of SugarCRM you are using ?
iDevIT has not rated any add-ons.
iDevIT has not verified any add-ons.
iDevIT has not created any Wanted Add-ons.