> The only common denominator that could possibly cover all contingencies would
> be LDAP authentication.  One way of doing this in a more-or-less universal
> fashion is to offload the auth task from eLog itself and place the burden on
> Apache.  This means figuring out how to get Apache to pass auth info to eLog
> when eLog operates behind Apache.  In the end, anything that can use LDAP as an
> authentication mechanism (like AD) can host eLog - as long as eLog can glom off
> of Apache's ability to do the actual authenticating.  

That sounds to me like a great idea. If anybody gets this working, people would be
grateful if this could be submitted to the "Contributions" section of this forum.

I have a computer that has a different idea of its name from the DNS 
server. When I run ELOG and someone clicks "Search" I get a page not found.
I tried starting with "-n <hostname>", but elog still uses gethostname.
The example is that DNS says my machine is "abc.company.com" and netstat -
a says elog is listening on 8080 abc.personaldomain.com

Here is the code from elogd.c:

   /* get host name for mail notification */
   gethostname(host_name, sizeof(host_name));
   phe = gethostbyname(host_name);
   if (phe != NULL)
      phe = gethostbyaddr(phe->h_addr, sizeof(int), AF_INET);
   /* if domain name is not in host name, hope to get it from phe */
   if (strchr(host_name, '.') == NULL && phe != NULL)
      strcpy(host_name, phe->h_name);

I think you should be using tcp_hostname instead of gethostname if it is 
specified.

> > The only common denominator that could possibly cover all contingencies would
> > be LDAP authentication.  One way of doing this in a more-or-less universal
> > fashion is to offload the auth task from eLog itself and place the burden on
> > Apache.  This means figuring out how to get Apache to pass auth info to eLog
> > when eLog operates behind Apache.  In the end, anything that can use LDAP as an
> > authentication mechanism (like AD) can host eLog - as long as eLog can glom off
> > of Apache's ability to do the actual authenticating.  
> 
> That sounds to me like a great idea. If anybody gets this working, people would be
> grateful if this could be submitted to the "Contributions" section of this forum.

Ah, you test me!  Perhaps I will attempt to dig into this but I may have to leave the
integration up to you, Stefan.  Seems that there would be two roads to go:
1> Move away from standalone and start to rely on Apache
2> Continue with the standalone theme and build in LDAP authentication (which could
also give you groups functions as well). 

I think I would opt for <2>

> Ah, you test me!  Perhaps I will attempt to dig into this but I may have to leave the
> integration up to you, Stefan.  Seems that there would be two roads to go:
> 1> Move away from standalone and start to rely on Apache
> 2> Continue with the standalone theme and build in LDAP authentication (which could
> also give you groups functions as well). 
> 
> I think I would opt for <2>

<1> would only make sense if the functionality could be completely implemented inside
Apache, without (much) modification of elog. Otherwise I agree that <2> would be more
following the general lines of elog. I was considering to implement PAM (pluggable
authorization module) support into elog, which is quite easy to implement and gives you
to power of having LDAP, Kerberos, Unix username, Windows NT Domain and much more. But
that would them be restricted to elog running under Linux (and Solaris I guess), since
I'm not aware of a PAM implementation under Windows.

Implementing LDAP directly into elog gives me the problem that we don't use LDAP
authentication at our institute (it's Kerberos in fact). So I would have to set up my own
LDAP server for testing, plus we at our institute don't have a direct benefit from that,
which would make it hard for me to justify to spend time on.

> > Ah, you test me!  Perhaps I will attempt to dig into this but I may have to leave the
> > integration up to you, Stefan.  Seems that there would be two roads to go:
> > 1> Move away from standalone and start to rely on Apache
> > 2> Continue with the standalone theme and build in LDAP authentication (which could
> > also give you groups functions as well). 
> > 
> > I think I would opt for <2>
> 
> <1> would only make sense if the functionality could be completely implemented inside
> Apache, without (much) modification of elog. Otherwise I agree that <2> would be more
> following the general lines of elog. I was considering to implement PAM (pluggable
> authorization module) support into elog, which is quite easy to implement and gives you
> to power of having LDAP, Kerberos, Unix username, Windows NT Domain and much more. But
> that would them be restricted to elog running under Linux (and Solaris I guess), since
> I'm not aware of a PAM implementation under Windows.
> 
> Implementing LDAP directly into elog gives me the problem that we don't use LDAP
> authentication at our institute (it's Kerberos in fact). So I would have to set up my own
> LDAP server for testing, plus we at our institute don't have a direct benefit from that,
> which would make it hard for me to justify to spend time on.


Yes, PAM is highly dependent upon Unix and PAM would work under Solaris just fine.  Your
problem lies with Windows - hence my LDAP suggestion.

And LDAP isn't an easy thing to setup, but I bet there is a quick and dirty "test" bench that
could be rigged using OpenLDAP.  Like I indicated, I'll see what I can dig up on this front -
but I make no promises wrt delivery time!

> I think you should be using tcp_hostname instead of gethostname if it is 
> specified.

Sorry my late reply, I was ill for some time. I implemented your suggestion in
revision 1.522 which is available from CVS.

Note that there is also the "URL = xxx" option in the configuration file which
lets you specify the whole URL including the host name.

know that illness...  :-(  but was the last of the family of 4 people

i'd like to ask for an other usefull change togehter with this and how url's are 
handled by elog:

since there may be spaces in the name of a logbook (ex. "1stWordOfLogbook 
2ndWordOfLogbook") it is very userfriendly to name logbooks. also it's easy th 
make a reference for a other entry by copy and paste:

Display ThisURL = http://localhost:8080/$logbook/$message id

however, using spaces in the logbook name may give a wrong result, because the 
url would be http://localhost:8080/1stWordOfLogbook

and the space as well as the 2ndWordOfLogbook//$message id is only normal text.

may it be possible stefan, to replace the space in an url (starting 
with "http://") with a "+" or "%20"? this would allow to automate some things. 
actual the logbook name has to be hardcoded.


> > I think you should be using tcp_hostname instead of gethostname if it is 
> > specified.
> 
> Sorry my late reply, I was ill for some time. I implemented your suggestion in
> revision 1.522 which is available from CVS.
> 
> Note that there is also the "URL = xxx" option in the configuration file which
> lets you specify the whole URL including the host name.

Ok, I changed that in version 2.5.5-3. Note that one can also use the "elog:..."
substitution, like

Display ThisURL = elog:$logbook/$message id