| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
66952
|
Wed Nov 24 16:36:21 2010 |
 | Christoph Kukulies | kukulies@physik.rwth-aachen.de | Question | Linux | 2.8.0-2313 | Re: Don't see login page - Self register = 1 | > > Hi,
> >
> > I'm trying to configure Elog such that users can self-register. But no luck so far.
> > I cannot get the login screen. I'm connecting to a logbook (and I can do this without logging in).
> > Shouldn't I get a screen to login/register?
> >
> > Here is my elogd.cfg:
> > [global]
> > Port=8880
> > Password file = /usr/local/elog/logbooks/passwd
> > SMTP host = smtp.mydomain.de
> > SMTP user = kuku
> > Logfile = /usr/local/elog/logs/elog.log
> > Admin user = kuku other
> > Login user = abc def ghi
> > SSL=1
> > URL=https://www.mydomain.de:8880/
> > Self register = 1
> > Menu commands = List, New, Edit, Reply, Duplicate, Find, Config, Logout, Help
> > Guest menu commands = List, Find, Login, Help
> >
> > Admin user = me@mydomain.de
> > [Demo]
> > Admin Password = 9lVlUsigs4neBt9xnX44YYQay15Yu9PyLC9hK6sifI9
> > Attributes = Author, Status
> > [Linux]
> > Admin Password = 9lVlUsigs4next9PnXShhQQa515Yu9PyLC9hK6sifI9
> > Attributes = Author, Status
> > [Windows]
> > Admin Password = 9lVlUsigs4neBt9PnXShhQQay15YuxPyLC9hK6sifI9
> > Attributes = Author, Status
>
> You should not mix "Password file" with "Admin Password". Either use one or the other system, but not both. So
> remove "Admin Password", and delete all cookies in your browser, then you should see the login screen.
This is now my config - it still doesn't work. BTW, the passwd file is empty (despite of the xml header).
[global]
Port=8880
Password file = /usr/local/elog/logbooks/passwd
SMTP host = smtp.mydomain.de
SMTP user = kuku
Logfile = /usr/local/elog/logs/elog.log
Logging Level = 3
Admin user = kuku
Login user = abc def ghi
SSL=1
URL=https://myhost.mydomain:8880/
Self register = 1
Menu commands = List, New, Edit, Reply, Duplicate, Find, Config, Logout, Help
Guest menu commands = List, Find, Login, Help
[Demo]
Attributes = Author, Status
[Linux]
Attributes = Author, Status
[Windows]
Attributes = Author, Status
--
Thanks for helping.
Christoph |
|
66953
|
Wed Nov 24 16:38:12 2010 |
| Christoph Kukulies | kukulies@physik.rwth-aachen.de | Comment | Linux | 2.8.0 | Re: Forum quirks |
| Christoph Kukulies wrote: |
|
| Christoph Kukulies wrote: |
|
I just got a Proxy error from your site: When I clicked on the change password link that was sent to my email, I entered my new password (which was the same that I believed to have used before) and after submitting this form, I got the Proxy error. Also I find that I can never login with my once set password. Is it the Email or username on gives in the login field? Other quirk: I never can preview my post. When I click preview, nothing happens. Submitting worked today but yesterday I was unable to submit a post. I clicked several times on the submit button and nothing happened. -- Christoph
|
It seems that the submit/preview problem is solved. Submit/Preview buttons at the bottom of the page seem to work on the attachments only.
Sorry for the oversight on my side.
--
Christoph
|
Let me add one observation though: I always have to put the Submit or Preview button twice in this forum. The first time no reaction happens. The secend click dows the action.
--
Christoph
|
|
66956
|
Thu Nov 25 17:34:28 2010 |
| Christoph Kukulies | kukulies@physik.rwth-aachen.de | Question | Linux | 2.8.0-2313 | Re: Don't see login page - Self register = 1 |
| Yoshio Imai wrote: | Hi!
| Christoph Kukulies wrote: | I cannot get the login screen. I'm connecting to a logbook (and I can do this without logging in).
Shouldn't I get a screen to login/register? |
| Christoph Kukulies wrote: | | Guest menu commands = List, Find, Login, Help |
I might be wrong, but since you have defined "Guest menu commands", you should indeed be able to read the logbooks without logging on, only write access should be prevented. Do you get the login window when you explicitly click onto the "Login" link?
Also, I noticed that your user lists are space-separated, although as far as I know they should be comma-separated.
I hope this helps!
Yoshio |
Thanks. That was exactly what Stefan pointed me to (in private EMail which I resorted to in my desperation  .
This config (also thanks to Stefan) now works.
[global]
Port=8880
SSL=1
Self register = 1
Password file = passwd
[Demo]
Attributes = Author, Status
[Linux]
Attributes = Author, Status
[Windows]
Attributes = Author, Status
I only need to know how I get an admin passwd and user into the passwd file.
elogd -a password -l logbook does not have the desired effect. It spoils the cfg-file
again with Admin Password commands.
--
Christoph |
|
66959
|
Fri Nov 26 12:31:42 2010 |
 | Christoph Kukulies | kukulies@physik.rwth-aachen.de | Question | Linux | 2.8.0-2344 | New User in Config Menu ? | I see only Save Back Change Password Remove User in Config Menu.
How can I create a New User?
[global]
Port=8880
SSL=1
;Self register = 1
Password file = passwd
admin user = kuku
SMTP host = smtp.mydomain
[Demo]
Attributes = Author, Status
The documentation is mentioning a Config Menu and a New User item there.
--
Christoph
|
|
66961
|
Fri Nov 26 16:22:05 2010 |
| Christoph Kukulies | kukulies@physik.rwth-aachen.de | Question | Linux | 2.8.0-2344 | Re: New User in Config Menu ? |
| Stefan Ritt wrote: |
|
| Christoph Kukulies wrote: |
|
I see only Save Back Change Password Remove User in Config Menu.
How can I create a New User?
[global]
Port=8880
SSL=1
;Self register = 1
Password file = passwd
admin user = kuku
SMTP host = smtp.mydomain
[Demo]
Attributes = Author, Status
The documentation is mentioning a Config Menu and a New User item there.
|
You have to be admin user to see that Config Menu.
Admin user = kukulies (or whatever your login name is)
|
Thanks. You see in the elogd.cfg above that there is
admin user = kuku
Aaah, case sensitive ! !
--
Christoph
|
|
67142
|
Wed Nov 2 10:49:02 2011 |
| Christoph Kukulies | kukulies@physik.rwth-aachen.de | Question | Linux | 2.8.0 | multiple homes? | Is it possible to have many roots with one elogd (or run several elogds), such that you can seaparate different groups or themes from each other:
electronics
trigger
power
mechanics
detector
support
Thanks.
Christoph
|
|
67145
|
Mon Nov 7 10:12:04 2011 |
| Christoph Kukulies | kukulies@physik.rwth-aachen.de | Question | Linux | 2.8.0 | Re: multiple homes? |
| Stefan Ritt wrote: |
|
| Christoph Kukulies wrote: |
|
Is it possible to have many roots with one elogd (or run several elogds), such that you can seaparate different groups or themes from each other:
electronics
trigger
power
mechanics
detector
support
Thanks.
Christoph
|
Have a look at "top groups" in the documentation
|
Thanks. I got it working so far. One minor glitch:
I have one topgroup (with 2 subgroups),
electronics
trigger
power
and onother topgroup (only 1 subgroup)
mechanics
detector
When I get the login screen for the second (with the only one subgroup) it says in the header:
"Several logbooks are defined on this host. Please select the one to connect to:"
and below only the one group (detector) is shown, so actually nothing to select.
This may be possibly achieved by not defining a subgroup for the second one and leaving it as a topgroup,
but I don't know how it behaves, when the group admin decides to create a subgroup. Can he do
without requiring superuser or elog permissions?
--
Christoph
|
|
67178
|
Mon Jan 30 09:31:51 2012 |
| Christof Hanke | hanke@rzg.mpg.de | Question | Linux | 2.9.0 | Re: el cheapo LDAP binding | Hi Christian,
I have also the need to do auth on the webserver, but I tried to integrate it into elogd as far as I could.
However, I do not try to set a special cookie to set the username, but always use
"X-Forwarded-User". Like this, every request is authenticated by the webserver in front.
If that's not too heavy for you, try out the applied patch.
HTH,
Christof
PS:
@Stefan:
If you are willing to integrate this into the official tree,
I can provide some docs for it (like setting author
directly etc.)
-----------------------------------------------------------------
Christof Hanke e-mail hanke@rzg.mpg.de
RZG (Rechenzentrum Garching) phone +49-89-3299-1041
Computing Center of the Max-Planck-Gesellschaft (MPG) and the
Institut für Plasmaphysik (IPP)
| Christian Herzog wrote: |
|
Hi all,
we would like to hook elog to our LDAP server. Instead of writing a full-featured LDAP auth module for elog, I have the following idea: use Apache's LDAP module to require LDAP auth for a single logbook:
<Location /elog/admin>
Use PhysLDAP
Use RequirePhysLDAPGroup isg
RewriteEngine On
RewriteCond %{LA-U:REMOTE_USER} (.+)
RewriteRule . - [E=RU:%1]
RequestHeader add X-Forwarded-User %{RU}e
</Location>
the two Use statements are Apache macros that define our LDAP settings. The last 4 lines are necessary for Apache to pass on the logged in user to the proxied elog (ends up in ENV X-Forwarded- User).
In elogd.c, I added
/* extract REMOTE_USER */
if ((p = strstr(request, "X-Forwarded-User:")) != NULL) {
p += 17;
while (*p && *p == ' ')
p++;
strlcpy(remote_user, p, sizeof(remote_user));
if (strchr(remote_user, '\r'))
*strchr(remote_user, '\r') = 0;
char sid[32];
/* get a new session ID */
sid_new(NULL, remote_user, (char *) inet_ntoa(rem_addr), sid);
/* set SID cookie */
set_sid_cookie(NULL, sid);
// TODO: set lbs!
}
to process_http_request in order to extract the LDAP login. I have managed to populate the author field with remote_user, but what I'd really like is to write a cookie containing this login name so that session handling kicks in. You can see that I attempt to write a cookie, but elogd segfaults at set_sid_cookie() (gdb backtrace:
set_cookie (lbs=0x0, name=0x483b22 "sid", value=0x7ffffffd7590 "4831386B7B333A99",
global=0, expiration=0x7ffffffd7300 "")
Would anyone be willing to help me with this? I'm not at all familiar with the program flow in elogd and my C is a bit rusty...
thanks,
-Christian
--
Dr. Christian Herzog <herzog@phys.ethz.ch> support: +41 44 633 26 68
IT Services Group, HPT H 8 voice: +41 44 633 39 50
Department of Physics, ETH Zurich
8093 Zurich, Switzerland http://nic.phys.ethz.ch/
|
|
| Attachment 1: elogd-addwebserverauth.patch
|
--- trunk/webservices/ELOG/elog-2.9.0/src/elogd.c 2011/10/20 14:36:27 3247
+++ trunk/webservices/ELOG/elog-2.9.0/src/elogd.c 2012/01/30 08:14:32 4130
@@ -37,6 +37,7 @@
char listen_interface[256];
char theme_name[80];
char http_host[256];
+char http_user[256];
char _param[MAX_PARAM][NAME_LENGTH];
char _value[MAX_PARAM][NAME_LENGTH];
@@ -8534,7 +8535,7 @@
if (old_pwd[0] || new_pwd[0]) {
if (user[0]) {
- if (stristr(auth, "Kerberos")) {
+ if (stristr(auth, "Kerberos") || stristr(auth, "Webserver")) {
if (strcmp(new_pwd, new_pwd2) != 0)
wrong_pwd = 2;
} else {
@@ -12677,6 +12679,12 @@
return 0;
}
+ /* if we have outsourced the authentication, use external username */
+ getcfg(lbs->name, "Authentication", str, sizeof(str));
+ if ( stristr(str, "Webserver")) {
+ strncpy(user,http_user,sizeof(user));
+ }
+
/* check for full name */
if (!isparam("new_full_name") || *getparam("new_full_name") == 0) {
sprintf(str, loc("Please enter \"%s\""), loc("Full name"));
@@ -13247,7 +13255,7 @@
rsprintf("<tr><td nowrap width=\"15%%\">%s:</td>\n", loc("Login name"));
getcfg(lbs->name, "Authentication", auth, sizeof(auth));
- if (stristr(auth, "Kerberos"))
+ if (stristr(auth, "Kerberos") || stristr(auth, "Webserver"))
rsprintf("<td><input type=text size=40 name=new_user_name value=\"%s\" readonly></td></tr>\n", str);
else
rsprintf("<td><input type=text size=40 name=new_user_name value=\"%s\"></td></tr>\n", str);
@@ -13334,6 +13342,7 @@
rsprintf("<tr><td class=\"menuframe\"><span class=\"menu1\">\n");
+ /* remove user-management buttons
if (is_admin_user(logbook, getparam("unm")) || !getcfg(logbook, "allow password change", str, sizeof(str))
|| atoi(str) == 1)
rsprintf("<input type=submit name=cmd value=\"%s\">\n", loc("Change password"));
@@ -13345,7 +13354,7 @@
strlcpy(str, loc("Change config file"), sizeof(str));
rsprintf("<input type=submit name=cmd value=\"%s\">\n", str);
}
-
+ */
rsprintf("</span></td></tr></table>\n\n");
show_bottom_text(lbs);
rsprintf("</form></body></html>\r\n");
@@ -13579,9 +13588,9 @@
/*---- header ----*/
getcfg(lbs->name, "Authentication", str, sizeof(str));
- if (stristr(str, "Kerberos")) {
+ if (stristr(str, "Kerberos")|| stristr(str, "Webserver")) {
show_error
- ("This installation of ELOG uses site authentification\nwhere password recovery is not possible");
+ ("This installation of ELOG has outsourced its authentification\nwhere password recovery is not possible");
return;
}
@@ -13609,6 +13618,7 @@
void show_new_user_page(LOGBOOK * lbs, char *user)
{
+ char str[256];
/*---- header ----*/
show_html_header(lbs, TRUE, loc("ELOG new user"), TRUE, FALSE, NULL, FALSE);
@@ -13644,13 +13654,14 @@
rsprintf("<tr><td nowrap>Email:</td>\n");
rsprintf("<td colspan=2><input type=text size=40 name=new_user_email></tr>\n");
+ getcfg(lbs->name, "Authentication", str, sizeof(str));
+ if (!stristr(str, "Kerberos") && !stristr(str, "Webserver")) {
+ rsprintf("<tr><td nowrap>%s:</td>\n", loc("Password"));
+ rsprintf("<td colspan=2><input type=password size=40 name=newpwd>\n");
- rsprintf("<tr><td nowrap>%s:</td>\n", loc("Password"));
- rsprintf("<td colspan=2><input type=password size=40 name=newpwd>\n");
-
- rsprintf("<tr><td nowrap>%s:</td>\n", loc("Retype password"));
- rsprintf("<td colspan=2><input type=password size=40 name=newpwd2>\n");
-
+ rsprintf("<tr><td nowrap>%s:</td>\n", loc("Retype password"));
+ rsprintf("<td colspan=2><input type=password size=40 name=newpwd2>\n");
+ }
rsprintf("</td></tr></table>\n");
/*---- menu buttons ----*/
@@ -25391,7 +25402,12 @@
if (!enum_user_line(lbs, 0, str, sizeof(str))) {
if (isparam("new_user_name"))
return TRUE;
- show_new_user_page(lbs, NULL);
+ getcfg(lbs->name, "Authentication", str, sizeof(str));
+ if (stristr(str, "Webserver")) {
+ show_new_user_page(lbs, http_user);
+ } else {
+ show_new_user_page(lbs, NULL);
+ }
return FALSE;
}
@@ -25417,7 +25433,9 @@
}
}
- /* if invalid or no session ID, show login page */
+ /* if invalid or no session ID, show login page,
+ unless we have outsourced the authentication to webserver
+ */
if (!skip_sid_check && !sid_check(sid, user_name)) {
if (isparam("redir"))
strlcpy(str, getparam("redir"), sizeof(str));
@@ -26397,6 +26415,25 @@
if (lbs->n_attr < 0)
return;
+ /* if we outsource the authentication to Webserver and have no sid, just set a new sid */
+ getcfg(lbs->name, "Authentication", str, sizeof(str));
+ if (stristr(str, "Webserver")) {
+ if (http_user[0]) {
+ if (!sid_check(getparam("sid"), http_user)) { /* if we don't have a sid yet, set it */
+ /* get a new session ID */
+ sid_new(lbs, http_user, (char *) inet_ntoa(rem_addr), sid);
+ /* set SID cookie */
+ set_sid_cookie(lbs, sid);
+ }
+ } else {
+ sprintf(str, "Error: Misconfigured webserver, did not get X-Forwarded-User from it.");
+ show_error(str);
+ return;
+ }
+ }
+
+
+
/* check for new login */
if (isparam("uname") && isparam("upassword")) {
/* log logins */
@@ -27650,6 +27693,17 @@
*strchr(http_host, '\r') = 0;
}
+ /* extract X-Forwarded-User into http_user if Authentication==Webserver */
+ http_user[0] = 0;
+ if ((p = strstr(request, "X-Forwarded-User:")) != NULL) {
+ p += 17;
+ while (*p && *p == ' ')
+ p++;
+ strlcpy(http_user, p, sizeof(http_user));
+ if (strchr(http_user, '\r'))
+ *strchr(http_user, '\r') = 0;
+ }
+
/* extract "X-Forwarded-For:" */
if ((p = strstr(request, "X-Forwarded-For:")) != NULL) {
p += 16;
|
|