Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
icon5.gif   command line and apache+ldap authentication, posted by Stefano Lacaprara on Thu Apr 6 17:36:46 2017 
    icon2.gif   Re: command line and apache+ldap authentication, posted by Stefan Ritt on Fri Apr 7 12:16:24 2017 
Message ID: 68592     Entry time: Thu Apr 6 17:36:46 2017     Reply to this: 68597
Icon: Question  Author: Stefano Lacaprara  Author Email: stefano.lacaprara@pd.infn.it 
Category: Question  OS: Linux  ELOG Version: 3.1.1 
Subject: command line and apache+ldap authentication 
Hi,
  we are running an elogd (with SSL) server on a machine and using apache as a proxy.

The authentication to the apache server is managed via LDAP module directly by apache, while, so far, we have no authentication enabled in the elogd server itself.
So, when a used want to access the elog server, he is required to provide user/pwd by apache, and then he can access the elogs.

We would like to use the elog command line to transit entries automatically from a terminal from a different host.

the command line we are trying is:

echo "Test" | elog -v -h elog.belle2.org -a Author="stefano" -a Type="Other" -l elog -s demo -u username password  -p 443

where username password are registered into LDAP.

In response we have a 401 Unauthorized. The full return message is at the end of this message.

I suspect that the "username password" we pass to elog are supposed to be that of elogd, not that of apache/ldap: I don't know if this is the case.

Does anyone have an idea how to make this work?

Thanks in advance,
  Stefano

Successfully connected to host elog.belle2.org, port 443
Request sent to host:
POST /elog/ HTTP/1.0
Content-Type: multipart/form-data; boundary=---------------------------44BDB584269C5EEC3F73204
Host: elog.belle2.org:443
User-Agent: ELOG
Content-Length: 946


Content sent to host:
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="cmd"

Submit
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="unm"

xxxxxxxx
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="upwd"

xxxxxxxx
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="exp"

elog
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="encoding"

ELCode
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="Author"

stefano
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="Type"

Other
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="Text"

demo
---------------------------44BDB584269C5EEC3F73204

Response received:
HTTP/1.1 401 Unauthorized
Date: Thu, 06 Apr 2017 15:32:37 GMT
Server: Apache/2.4.18 (Ubuntu)
WWW-Authenticate: Basic realm="Belle II internal"
Content-Length: 463
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<hr>
<address>Apache/2.4.18 (Ubuntu) Server at elog.belle2.org Port 443</address>
</body></html>

Error transmitting message
ELOG V3.1.4-bcd7b50