Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
Message ID: 69727     Entry time: Sun Feb 18 11:43:07 2024
Icon: Question  Author: James  Author Email: richo-sm@outlook.com 
Category: Question  OS: Linux | Windows  ELOG Version: 3.1.4 
Subject: Webserver Auth Method and Self Registration 

Hi there. I have been testing a set-up of elog behind an Apache reverse proxy using the Webserver auth method. Apache has been configured for LDAPS with Active Directory allowing us to restrict Elogs by AD group, something not able to be done with the LDAP module.

Testing with Elog 3.1.4 (on Windows) and also Elog 3.1.5 (compiled on Ubuntu 20.04) I experience an issue that when the user logs in for the first time using the above they get the self registration box asking for name and email, and then once they hit save they get an error that says: "Error: Command "Config" not allowed".  Once the error is dismissed it never comes back, but its confusing for users who call for help when they first see it.

Is there a way to skip the self registration with the Webserver auth method? and if not is there a reason for the error?

Attached is a copy of the error and an elog config file. Any ideas?

PS. As a side piece the logout options for Webserver needs some enhancement, maybe an option to close the web browser or tab so that it does not retain the logged in cookies.

Attachment 1: login-error.png  3 kB  | Show | Show all
Attachment 2: elogd.cfg  2 kB  | Show | Show all
ELOG V3.1.5-2eba886