openHAB 4.0 wishlist

If you have defined tags, semantics and metadata in text files as well, it should work.
I can give you some examples on how to define those in text files. This will be part of the documentation enhancement we are workin on for main_widget.

Now I got it. This is my solution:

Timer item:

DateTime EingLampe_Ti "EingLampe_Ti"

and rule:

val TI = 15     // Timer in minutes

// Triggered - switch item on
rule "EingLampe triggered"
when
    Item ItemTest_SE changed to ON
then
    EingLampe.sendCommand(ON)
end

// Switched on manually or triggered - set timer item
rule "EingLampe ON"
when
    Item EingLampe changed to ON
then
    val DateTimeType elt = new DateTimeType(now.plusMinutes(TI))
    EingLampe_Ti.postUpdate(elt)        // set timer item
end

// Timer expired
rule "EingLampe OFF"
when
    Time is EingLampe_Ti
then
    EingLampe.sendCommand(OFF)
end

It’s an elegant solution, clearer code and no need to reset the timer.

Thanks for your support - you made me happy :wink:

@rlkoshak - Fair point (which I agree with) - I was more just trying to recall the only things which really need intervention outside the UI… The persistence is the only one on my wish list, as I no longer use the exec binding (Although that may change if I look to implement the cloud disconnect workaround posted on the forum earlier !!)

Looking at the response from @J-N-K , it looks like my wish might come true for the persistence config in the UI… :slight_smile: … Great work!!

Cheers

I wish for the textual config to be accessible in the browser !
Syntax highlighting and hover status peek included, of course :wink:

This is already possible with VS Code.

Part of idea beyond first implementation of security api for Eclipse Smart Home was possibility to bring different implementations of AuthenticationProvider. Default one was based on JAAS (username + password) and text file, however JAAS login module are interchangeable and text file login module can be always replaced with LDAP login module. For reference - Apache Karaf on top of which openHAB is being built, ships built in ldap login module: Apache Karaf Container 4.x - Documentation, which can be configured at runtime.

I’ve already made work on bringing initial security API back in fork of openHAB I use: Reorganization of authentication and security API. · opensmarthouse/opensmarthouse-core@947e116 · GitHub (this is commit which contains bunch of internal reorganizations on top of openhab core which been divided into smaller modules). Main points in linked commit are - unification of servlet and rest resource processing, support for different credential types (user+pw, jwt token with external identity provider, cookie, or completely custom).
Some points are discussed in other topic on this forum: RBAC model in openHAB (and potential security vulnerability found).
If there is desire and wish to go over that change from core maintainers I can port mentioned changes into OH 4.0 codebase in 1Q2023. :wink:

Cheers,
Łukasz

3 Likes

Hi Lukasz,
thanks for the explanation and all the work you did.
I looked at the github link you sent but my python skills are too limited to understand what you did :frowning:

Is there a reason against LDAP and a centralized user authentication system (apart from the work which needs to be done)?
I guess many OH users have more services running than OH and this would ease the user management.

Personally I would find it very appealing to have LDAP groups (e.g. admin, childs, wife, guest) and the UI would be loaded according to the group the current user is in. Nobody in the house, accept me for example, is interested in the heating statistics and I also don’t want that my son changes the boiler water temperature.

BR
Marco

1 Like

Why making things so complicated instead of implementing user management within openHAB (see RBAC diskussion)
I really do not want to set up anything outside openHAB to use such a feature. Or did I miss something ?

2 Likes

Hi Hans-Jörg,
real life reason: Wife changes the default password for all services which have LDAP support.
In our household:

  • nextlcloud
  • openvpn
  • mailserver
  • kimai
  • samba file sever (actually a samba domain controller is used which provides LDAP).

Than she logs into openhab and she needs change it there too. Workaround is the proxy webserver with LDAP support. Drawback: Different look and feel, no logout button, all users have the same main ui.

It would be good to have the same user/group management for all services and I think LDAP is more or less a standard.

E.g. the openvpn config:

<Group>
	BaseDN "CN=Users,DC=trautes,DC=heim"
	SearchFilter "(cn=VPN Users)"
	MemberAttribute "member"
</Group>

Or for nextcloud I have a group “Cloud Users” and for the others services other groups.
BR
Marco

Sorry, but I would call this an edge use case and overpacing.
Not everyone has such a complex setup at home like you have. :wink:

EDIT:
What I could imagine though, having a chooseable usermanagement, LDAP and internal.
That might be harder to implement, but makes ist more flexible from user perspective and would suit both of us :wink:

1 Like

That’s a valid point :slight_smile:
If it is not useful to other OH users than it dosn’t make sense to have this.
I don’t know if a kind of vote for all the points on the whishlist makes sense. Of course the developers and maintainers decide what they want to implement but at least this way they could see what would be most loved by the users.

1 Like

Continuing the discussion from openHAB 4.0 wishlist:

I’d love to see a table (or tree) view of my things and items, and beeing able to edit them in bulk (like in excel). Also filtering by abitrary columns and searching would be nice.

At the moment I’m using a excelsheet + vba to generate my things and item files for my KNX installation, since updating one at a time in the ui is painfull.

1 Like

I think that’s what @marco_hoefle was suggesting in the first place. Not to make it so OH only supports LDAB but to give it the option to support LDAP. And LDAP wouldn’t replace RBAC, it would just change where the information comes from that the RBAC works off of.

I personally would use this were it an option. I too have a lot of services with enough users to manage where centralizing that would be a benefit.

In the mean time the API Explorer can be your friend. One way to quickly make similar changes to lots of Things (for example):

  1. Make the change on one Thing
  2. Query for the changed Thing in the API Explorer
  3. Copy the JSON, paste it into the API Explorer for the “change Thing” end point
  4. Edit the JSON with the changes necessary for another similar Thing (e.g. addresses, names, etc.)
  5. Post to the new Thing.
  6. Repeat 4 and 5 for each Thing that needs the change.

This doesn’t cover all cases but in cases where the differences between Things is minor you can update a bunch of Things very rapidly.

4 Likes

I wrote some time ago a feature request for implementing formal relations between entities (items, things, channels) and to be able via relations to make complex generic rules. Here the issue: Feature request: A way to create relations between items · Issue #1740 · openhab/openhab-core · GitHub

A side question - if I decide to create a small improvement for an addon that usually I support and I wrote, which branch should I aim for - 4.0 or 3.x will still have room for such improvements?

Best regards,
Konstantin

My understanding right now is that unlike the change from OH 2 to OH 3, we are not going to have an extended period where 3.4 is maintained in parallel with 4.0. I believe we are on track for a June release of 4.0. So I would say to target 4.0.

But that’s just an assumption. I don’t know that’s official policy.

Frankly… the only problem I see is the JVM required version. Will try to install the new JVM 17 on the with the old karaf version and let’s see if it works. Thanks!

Thank you for the tip!
For a temporary solution it’s okay I guess.
Compared to a table-view solution it’s still a bit clunky (e.g. just update the table and hit update)
Since there is a database and some kind of table-view already in the UI (to display the items and things) it might be easy to implement? (Just guessing here, most probably it’s just “easy” at first glance)

1 Like

Yes Rich,
this is exactly what I mean. LDAP is just an option as for many setups the current method is sufficient.
So we are two finding this useful :slight_smile:

I did an updated version of the tutorial. However, it left me only with a partly operational editor. There are some issues that need to be fixed.

1 Like

Hi everyone,

Can you fix the loss of the first characters in the openhab log files( after [error] [missing characters y.upnp…]
Example:
2023-01-13 10:46:34.124 [ERROR] [y.upnp.internal.UpnpDiscoveryService] - Could not restart UPnP network components.
and is it possible to have additional info on witch binding, item, thing, … the error is referring. Would be easier to fix the error.

Also nice to have in the addons documentation to know if a binding is local (no internet), mixed or need internet connection.

Thanks
Patrick