| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
1853
|
Thu Jun 22 11:29:17 2006 |
 | Gerald Ebberink | g.h.p.ebberink@nclr.nl | Question | Linux | 2.6.1 | Re: restrict access | > > -1- how can I restrict the access
> > of a certain user such that he can only see certain logbooks.
>
> This can be achieved with the "Login user = ..." option.
That is what I found in the mean time. And it works like a charm.
>
> > But also not showing the other logbooks on the selection page.
>
> You could try to use "top groups". This gives you "separate" groups of logbooks, so you could make a public tree
> seen by everybody and private trees only seen by a few people. Please read the documentation for details.
I'm now using this (I had to redesign our tree for that)
> > -2- How can I have a login page instead of the logbook selection page.
> > When I insert the password statement the config, I get a blank page.
>
> You get a login page instead of the selection page if the "Password file = " statement is in the [global] section
> and "Protect selection page = 1". You might have to delete all cookies in your browser if you move the password
> file statement between the [global] and the logbook sections, because otherwise the old cookies might prevent you
> from logging out.
This is not working for me, in Mozilla Firefox I'm still getting a blank page, where IE is giving me an error
stating
that the page is unavailable |
|
1854
|
Thu Jun 22 11:38:38 2006 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | 2.6.1 | Re: restrict access | > > You get a login page instead of the selection page if the "Password file = " statement is in the [global]
section
> > and "Protect selection page = 1". You might have to delete all cookies in your browser if you move the password
> > file statement between the [global] and the logbook sections, because otherwise the old cookies might
prevent you
> > from logging out.
>
> This is not working for me, in Mozilla Firefox I'm still getting a blank page, where IE is giving me an error
> stating that the page is unavailable
If I use following config file:
[global]
port = 8080
password file = passwd
protect selection page = 1
[demo1]
Attributes = Author, Type, Category, Subject
[demo2]
Attributes = Author, Type, Category, Subject
then I don't get a blank page. An unavailable page you should only get whan you use top groups, and want to
access the root. |
|
1855
|
Thu Jun 22 12:10:00 2006 |
| Gerald Ebberink | g.h.p.ebberink@nclr.nl | Question | Linux | 2.6.1 | Re: restrict access | > > > You get a login page instead of the selection page if the "Password file = " statement is in the [global]
> section
> > > and "Protect selection page = 1". You might have to delete all cookies in your browser if you move the password
> > > file statement between the [global] and the logbook sections, because otherwise the old cookies might
> prevent you
> > > from logging out.
> >
> > This is not working for me, in Mozilla Firefox I'm still getting a blank page, where IE is giving me an error
> > stating that the page is unavailable
>
> If I use following config file:
>
>
> [global]
> port = 8080
> password file = passwd
> protect selection page = 1
>
> [demo1]
> Attributes = Author, Type, Category, Subject
>
> [demo2]
> Attributes = Author, Type, Category, Subject
>
>
> then I don't get a blank page. An unavailable page you should only get whan you use top groups, and want to
> access the root.
I use the folowing file and do get this error (the company names and other sensitive information has been changed to
something simular but not so sensitive)
[global]
logbook tabs = 1
port = 80
Logbook dir = /srv/elog/logbooks/
URL = http://my.domain/
Protect selection page = 1
Password file = /srv/elog/passwords/main.passwd
Self register = 0
Admin user = Gerald
Group World = Procedures, Work
Group Work = Company, Company2
Group Company = twiddle
Group twiddle = Panels, Bond
[Procedures]
Theme = default
Comment = General Procedures for use with
Attributes = Author, Category, Subject
Options Category = Maintenance, Alignment
Required Attributes = Author, Category
Subdir = Some/dir
[Company2]
Theme = default
Comment = Company2 project Page
Attributes = Author, Category, Subject
Options Category = Scheduling, During Progress, During measuring, After
Required Attributes = Author
Subdir = some/dir
[Panels]
Theme = default
Attributes = Author, Category, Subject
Options Category = Scheduling, During Progress, During measuring, After
Required Attributes = Author
Subdir = Some/dir
Expand default = 2
Protect selection page = 1
[bond]
Theme = default
Attributes = Author, Category, Subject
Options Category = Scheduling, During Progress, During measuring, After
Required Attributes = Author
Subdir = some/dir |
|
1860
|
Fri Jun 23 12:29:30 2006 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | 2.6.1 | Re: restrict access | Even with your config file (I just changed the URL) I get the correct behaviour:
and after I supply my credentials:
My full elogd.cfg is attached for your reference.
I'm pretty sure that you did not delete your old cookies. Try from another computer. Make sure to have the most recent version of elog. Start the elogd daemon with the "-v" flag and watch the communication. I get for example:
GET / HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20
060508 Firefox/1.5.0.4
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plai
n;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: urem=1
==== Return ================================
....
As you can see, only the "urem" cookie is present. After I logged in, I get:
Cookie: urem=1; unm=stefan; upwd=Z2suZgFszgg==
These cookies identify you as logged in, so the login screen does not appear any more. |
| Attachment 1: elogd.cfg
|
[global]
logbook tabs = 1
port = 8080
URL = http://localhost:8080/
Protect selection page = 1
Password file = passwd
Self register = 0
Admin user = stefan
Group World = Procedures, Work
Group Work = Company, Company2
Group Company = twiddle
Group twiddle = Panels, Bond
[Procedures]
Theme = default
Comment = General Procedures for use with
Attributes = Author, Category, Subject
Options Category = Maintenance, Alignment
Required Attributes = Author, Category
[Company2]
Theme = default
Comment = Company2 project Page
Attributes = Author, Category, Subject
Options Category = Scheduling, During Progress, During measuring, After
Required Attributes = Author
[Panels]
Theme = default
Attributes = Author, Category, Subject
Options Category = Scheduling, During Progress, During measuring, After
Required Attributes = Author
Expand default = 2
Protect selection page = 1
[bond]
Theme = default
Attributes = Author, Category, Subject
Options Category = Scheduling, During Progress, During measuring, After
Required Attributes = Author
|
|
1861
|
Fri Jun 23 13:16:57 2006 |
| Gerald Ebberink | g.h.p.ebberink@nclr.nl | Question | Linux | 2.6.1 | Re: restrict access | My full elogd.cfg is attached for your reference.
I'm pretty sure that you did not delete your old cookies. Try from another computer. Make sure to have the most recent version of elog. Start the elogd daemon with the "-v" flag and watch the communication. I get for example:
Well actualy these old cookies don't exist, but I found an error in the verbose mode.
GET / HTTP/1.1
Host: hostname
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.4) Gecko/20060608 Ubuntu/dapper-security Firefox/1.5.0.4
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: urem=0
Remote host "hostname" matches "ALL" in "Hosts deny". Access denied.
Remote host "hostname" matches "hostname" in "Hosts allow". Access granted.
Internal error, no valid header!
As you can see, I have implemented a temporary fix in the way of allowing only certain hosts access.
But where does this Internal error come from.
I use the standard packaged version of elog (V2.6.1) from the Ubuntu repositories. |
|
1862
|
Fri Jun 23 13:43:03 2006 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | 2.6.1 | Re: restrict access |
| Gerald Ebberink wrote: | | As you can see, I have implemented a temporary fix in the way of allowing only certain hosts access. But where does this Internal error come from. |
I only can identify this error if you send me your current ("de-sensified") elogd.cfg. |
|
1863
|
Fri Jun 23 14:57:02 2006 |
| Gerald Ebberink | g.h.p.ebberink@nclr.nl | Question | Linux | 2.6.1 | Re: restrict access | | I only can identify this error if you send me your current ("de-sensified") elogd.cfg. |
Here you are.. |
; Simple ELOG configuration for demonstration.
[global]
;Setup Logbook groups Universe
Group Universe = Maintenance, World
Group Maintenance = Hostel, System
Group World = Differ, Refer, Windows
;Setup Logbook groups Work
Group Work = Company1, Company2
Group Company2 = precer
Group precer = Acoustic, Bond
;general logbook settings
logbook tabs = 1
port = 80
Logbook dir = /srv/elog/logbooks/
URL = http://hostname/
Suppress default = 3
;Security
Password file = /srv/elog/passwords/main.passwd
Self register = 0
Admin user = gerald
Protect selection page = 0
Resolve host names = 1
Hosts allow = List of hosts
Hosts deny = ALL
;Suppres the autoquote
Quote on reply = 0
[Hostel]
Theme = default
Comment = General Procedures for use with
Attributes = Author, Category, Subject
Options Category = Emergency, Scheduled
Required Attributes = Author, Category
Subdir = hostel
Preset Author = $long_name from $remote_host
Display mode = threaded
[System]
Theme = default
Comment = General Procedures for use with Eureka
Attributes = Author, Category, Subject
Options Category = Emergency, Scheduled
Required Attributes = Author, Category
Subdir = System
Preset Author = $long_name from $remote_host
Display mode = threaded
[Company1]
Theme = default
Comment = P&W project Page
Attributes = Author, Category, Subject, Laser
Options Category = Scheduling, During Progress, During measuring, After
Options Laser = Sirius, Eureka
Required Attributes = Author
Subdir = Work/Company1
Preset Author = $long_name from $remote_host
Display mode = threaded
[Acoustic]
Theme = default
Attributes = Author, Category, Subject, Laser
Options Category = Scheduling, During Progress, During measuring, After
Options Laser = Sirius, Eureka
Required Attributes = Author
Subdir = Hostel/Company2/precert/Acoustic
Expand default = 2
Preset Author = $long_name from $remote_host
Display mode = threaded
[Bonded]
Theme = default
Attributes = Author, Category, Subject, Laser
Options Category = Scheduling, During Progress, During measuring, After
Options Laser = Sirius, Eureka
Required Attributes = Author, Subject
Subdir = Hostel/Company2/precert/Bond
Preset Author = $long_name from $remote_host
Display mode = threaded
[Refer]
Theme = default
Attributes = Author, Category, Status, Subject
Options Category = arrived, installed, removed, disposed, general
Options Status = usable, unusable
Required Attributes = Author, Subject
Subdir = some/dir
Preset Author = $long_name from $remote_host
[Differ]
Theme = default
Attributes = Author, Category, Status, Name, Ident, Pattern, Pitch X, Pitch Y, Beams X, Beams Y, Length X, Length Y, Alfa X, Alfa Y, Homogeneity, Diff. Efficiency, AR-Coated, Efficiency, Subject
Options Category = arrived, installed, removed, disposed, general
Options Status = usable, unusable
Options Pattern = hexagonal, square
Options AR-coated = boolean
Required Attributes = Author, Subject
Subdir = some/dir
Preset Author = $long_name from $remote_host
Thread display = $Name, $Ident, $Pattern, $Status, $Category, $Subject
List display = $Name, $Ident, $Pattern, $Status, $Category, Edit, $Subject
Display mode = threaded
[Windows]
Theme = default
Attributes = Author, Category, Status, Subject
Options Category = arrived, installed, removed, disposed, general
Options Status = usable, unusable
Required Attributes = Author, Subject
Subdir = some/dir
Preset Author = $long_name from $remote_host
Display mode = threaded
|