| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
68112
|
Fri Sep 4 10:04:20 2015 |
 | Andreas Luedeke | andreas.luedeke@psi.ch | Question | Linux | 3.1 | Re: User based theme selection | No, I don't think it is possible.
| Oliver Kleinau wrote: |
| Hi, is it somehow possible to use different themes for different users? Perhaps editing the password XML file? Thanks, Oliver |
|
|
66560
|
Fri Oct 16 12:17:15 2009 |
| Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | 2.7.7 | Re: User authorization file corruption |
| soren poulsen wrote: |
|
Hi,
Here is what happens (I think) if E-log encounters a full file system where it keeps the user authorization file:
1. When a user connects, E-log will make a backup of the file. The backup will be corrupt since the file system is full.
2. E-log will modify the contents of the original file, and write it back. The file will be corrupt since the file system is full.
3. Now, both the backup and the normal file are corrupt and you cannot log on, until someone cleans up the file system and restores a valid copy of the file.
Would it be possible to fix this ? Like abort if step 1 is not successful. And restore the backup file if step 2 is not successful.
Thanks a lot for you help
Soren
|
Ok, I finally found some time (I'm pretty busy these days) to add a check for a potential full file system in SVN revision 2258. So before the password file would get corrupted, elog shows an error message about the full file system and just stops to work until space is freed up. |
|
66565
|
Mon Oct 26 10:15:20 2009 |
| soren poulsen | soren.poulsen@cern.ch | Bug report | Linux | 2.7.7 | Re: User authorization file corruption |
| Stefan Ritt wrote: |
|
| soren poulsen wrote: |
|
Hi,
Here is what happens (I think) if E-log encounters a full file system where it keeps the user authorization file:
1. When a user connects, E-log will make a backup of the file. The backup will be corrupt since the file system is full.
2. E-log will modify the contents of the original file, and write it back. The file will be corrupt since the file system is full.
3. Now, both the backup and the normal file are corrupt and you cannot log on, until someone cleans up the file system and restores a valid copy of the file.
Would it be possible to fix this ? Like abort if step 1 is not successful. And restore the backup file if step 2 is not successful.
Thanks a lot for you help
Soren
|
Ok, I finally found some time (I'm pretty busy these days) to add a check for a potential full file system in SVN revision 2258. So before the password file would get corrupted, elog shows an error message about the full file system and just stops to work until space is freed up.
|
Great. We fully appreciate that your are busy (with other things than E-log).
Thanks for the resolution.
Soren |
|
308
|
Fri May 2 08:45:38 2003 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | | | Re: User Profile - Access to logbook group | > We would like to give access to selected users to only their Group. So that
> for instance Users1 cannot access the books of group Users3. I was
> wondering if there is any notion of "User profile" or security per logbook
> Group implemented?
No, groups of users are not yet implemented, but it's on the wishlist and I
added your vote for this item.
> What we do for now is that we have 3 different PASSELOG files and for each
> Book we need to specify which PASSELOG should be used for authentication.
> This works fine except that we prefer that users do not see the other
> logbooks listed in the main menu nor the other "inaccessible" logbook tabs
> in the logbook view. Is there a way to hide these for them (but only for
> them)?
A (poor man's) work-around right now is to run three instances of elogd on
three different ports, then use Apache as a proxy. I do this in this server
for example. Under http://midas.psi.ch/elogdemo you see the public logbooks,
while under http://midas.psi.ch/megelog you see some logbooks from an
experiment here at our institute. The access control is completely separated,
and you don't see the logbook tabs from the other group as well. |
|
312
|
Fri May 2 15:58:23 2003 |
 | Robert Keeney | rkeeney@dfs.state.fl.us | Question | | | Re: User Profile - Access to logbook group | I have managed to get this to work (so far).
What I do is use a separate password file and directory for each log.
I haven't tested it with with the current version but it worked fine before
that. My testing consisted of creating a user in the main password file and
see if he could get to anything I didn't want him to. This may not be enough
for something that requires a high level of security.
When I create a new user I move that line to the appropriate password file if
it isn't already there.
You will get an invalid user message and a prompt if you try access a log that
doesn't have your user name in the password file.
I only have six people using it so this isn't much trouble.
I would like to see groups implemented to make this more manageable.
> Hi,
>
> I was wondering if anyone had a solution for my problem.
> We are trying to run several books on one server. The books are grouped
> such as follows :
>
> Group Users1 = Book1, Book2, Book3
> Group Users2 = Book4, Book5, Book6
> Group Users3 = Book7, Book8, Book9
>
> We would like to give access to selected users to only their Group. So that
> for instance Users1 cannot access the books of group Users3. I was
> wondering if there is any notion of "User profile" or security per logbook
> Group implemented?
>
> What we do for now is that we have 3 different PASSELOG files and for each
> Book we need to specify which PASSELOG should be used for authentication.
> This works fine except that we prefer that users do not see the other
> logbooks listed in the main menu nor the other "inaccessible" logbook tabs
> in the logbook view. Is there a way to hide these for them (but only for
> them)?
>
> Tomas |
|
313
|
Fri May 2 18:10:36 2003 |
| Tomas Rudolf | tomas@mba.be | Question | | | Re: User Profile - Access to logbook group | Robert, this is exactly what we managed to do as well. And it works fine.
The only issue is that the users from one group can "SEE" the book names
available to other groups.
The solution Stephane suggested seems like the only possible right now.
Anyways, thank you for your answers, Robert & Stephane !
Tomas
> I have managed to get this to work (so far).
>
> What I do is use a separate password file and directory for each log.
>
> I haven't tested it with with the current version but it worked fine before
> that. My testing consisted of creating a user in the main password file and
> see if he could get to anything I didn't want him to. This may not be
enough
> for something that requires a high level of security.
>
> When I create a new user I move that line to the appropriate password file
if
> it isn't already there.
>
> You will get an invalid user message and a prompt if you try access a log
that
> doesn't have your user name in the password file.
>
> I only have six people using it so this isn't much trouble.
>
> I would like to see groups implemented to make this more manageable.
>
> > Hi,
> >
> > I was wondering if anyone had a solution for my problem.
> > We are trying to run several books on one server. The books are grouped
> > such as follows :
> >
> > Group Users1 = Book1, Book2, Book3
> > Group Users2 = Book4, Book5, Book6
> > Group Users3 = Book7, Book8, Book9
> >
> > We would like to give access to selected users to only their Group. So
that
> > for instance Users1 cannot access the books of group Users3. I was
> > wondering if there is any notion of "User profile" or security per
logbook
> > Group implemented?
> >
> > What we do for now is that we have 3 different PASSELOG files and for
each
> > Book we need to specify which PASSELOG should be used for
authentication.
> > This works fine except that we prefer that users do not see the other
> > logbooks listed in the main menu nor the other "inaccessible" logbook
tabs
> > in the logbook view. Is there a way to hide these for them (but only for
> > them)?
> >
> > Tomas |
|
66535
|
Tue Sep 8 14:44:33 2009 |
| Stefan Ritt | stefan.ritt@psi.ch | Bug report | Windows | 2.3.9 | Re: Use eLOG with Google Chrome |
| Robert-Jan Schrijvers wrote: |
|
Hi Stephan,
one of the eLOG users at our company, has problems using eLOG in combination with Google Chrome (version 2.0.172.43), log in gives no problem, when selecting the appropiate department, he get's the following error:
Technical Information (for support personnel)
- Error Code: 502 Proxy Error. The ISA Server denied the specified Uniform Resource Locator (URL). (12202)
- IP Address: 130.78.137.1
- Date: 8-9-2009 07:13:55 [GMT]
- Server: NLISA1.top.local
- Source: proxy
This problem does not appear with other browsers like IE7/8 and Firefox.
Do you have any clue?
Tnx in advance.
kind regards, RJ Schrijvers.
|
When Chrome came out, I vaguely remember that there were some initial problems, but they have been fixed since about a year. But I see you are using a pretty old version of ELOG, so please consider upgrading. |
|
68621
|
Wed May 17 08:42:17 2017 |
| Christof Hanke | hanke@rzg.mpg.de | Question | Linux | 3.1.1 | Re: Use X-Forwarded-User as preset in author field | > Hi,
> I have an elog server which uses apache/ldap for authentication.
> I would like to have the username used for ldap to be set automatically as author field in the elog.
>
> I'm using:
> Authentication = Webserver
> and I do set the env-variable X-Forwarded-User correctly to the ldap username
>
> GET /test/?cmd=New HTTP/1.1
> Host: localhost:8080
> Authorization: Basic bGFjYXByYXI6TWEwMiSyYnVt
> ...
> Cookie: elmode=Summary; sid=D7DE678B7CAA1D10; ufnm=lacaprar; urem=0
> ...
> X-Forwarded-User: lacaprar
>
> How can I preset author to X-Forwarded-User?
> Preset Author = $??
> I've tried $short_name/$long_name but I got Anonymous.
> I understand that it is so because these are meant to be filled when password authentication is used: any way to use some other variable with the Webserver auth?
>
> thanks in advance,
> Stefano
Hi,
I use an older version of elog, but
Preset Author = $short_name <$long_name>
works for me.
One thing to note is that I also have :
Self register = 1
So at first login, the user has to type in his name and email adress,
maybe that's why you got "Anonymous". (Otherwise the variable $shortname etc. are not set.)
HTH,
Christof |
|