ELOG Forum

we would like to hook elog to our LDAP server. Instead of writing a full-featured LDAP auth module for elog, I have the following idea: use Apache's LDAP module to require LDAP auth for a single logbook:

<Location /elog/admin> Use PhysLDAP Use RequirePhysLDAPGroup isg RewriteEngine On RewriteCond %{LA-U:REMOTE_USER} (.+) RewriteRule . - [E=RU:%1] RequestHeader add X-Forwarded-User %{RU}e </Location>

   /* extract REMOTE_USER */

   if ((p = strstr(request, "X-Forwarded-User:")) != NULL) {

      p += 17;

      while (*p && *p == ' ')

         p++;

      strlcpy(remote_user, p, sizeof(remote_user));

      if (strchr(remote_user, '\r'))

         *strchr(remote_user, '\r') = 0;


         char sid[32];

         /* get a new session ID */

         sid_new(NULL, remote_user, (char *) inet_ntoa(rem_addr), sid);


         /* set SID cookie */

         set_sid_cookie(NULL, sid);

         // TODO: set lbs!

   }

to process_http_request in order to extract the LDAP login. I have managed to populate the author field with remote_user, but what I'd really like is to write a cookie containing this login name so that session handling kicks in. You can see that I attempt to write a cookie, but elogd segfaults at set_sid_cookie() (gdb backtrace:

set_cookie (lbs=0x0, name=0x483b22 "sid", value=0x7ffffffd7590 "4831386B7B333A99", 
global=0, expiration=0x7ffffffd7300 "")

Would anyone be willing to help me with this? I'm not at all familiar with the program flow in elogd and my C is a bit rusty...

thanks,

-Christian

Dr. Christian Herzog <herzog@phys.ethz.ch> support: +41 44 633 26 68

IT Services Group, HPT H 8 voice: +41 44 633 39 50

Department of Physics, ETH Zurich

8093 Zurich, Switzerland http://nic.phys.ethz.ch/

> Hi, > I have an elog server which uses apache/ldap for authentication. > I would like to have the username used for ldap to be set automatically as author field in the elog. > > I'm using: > Authentication = Webserver > and I do set the env-variable X-Forwarded-User correctly to the ldap username > > GET /test/?cmd=New HTTP/1.1 > Host: localhost:8080 > Authorization: Basic bGFjYXByYXI6TWEwMiSyYnVt > ... > Cookie: elmode=Summary; sid=D7DE678B7CAA1D10; ufnm=lacaprar; urem=0 > ... > X-Forwarded-User: lacaprar > > How can I preset author to X-Forwarded-User? > Preset Author = $?? > I've tried $short_name/$long_name but I got Anonymous. > I understand that it is so because these are meant to be filled when password authentication is used: any way to use some other variable with the Webserver auth? > > thanks in advance, > Stefano Hi, I use an older version of elog, but Preset Author = $short_name <$long_name> works for me. One thing to note is that I also have : Self register = 1 So at first login, the user has to type in his name and email adress, maybe that's why you got "Anonymous". (Otherwise the variable $shortname etc. are not set.) HTH, Christof

> > I use an older version of elog, but > > > > Preset Author = $short_name <$long_name> > > > > works for me. > > > > One thing to note is that I also have : > > Self register = 1 > > > > So at first login, the user has to type in his name and email adress, > > maybe that's why you got "Anonymous". (Otherwise the variable $shortname etc. are not set.) > > > > HTH, > > > > Christof > > Many thanks for your answer. > however it seems that your solution requires to have a eLog "password" authentication, which I'd like to avoid since I'd like to use only webserver one. > No, I'm also using the webserver authentication. May I ask why you think "password" auth is required ? The elog has an internal userdatabase with longname, shortname, email etc. Even if you are authenticated via the webserver, you also have to have an entry in that userdatabase. This entry has to be created by the user who is allowed to get into elog by the webserver. Thus, the Self register option. Bests, Christof

> > > I use an older version of elog, but > > > > > > Preset Author = $short_name <$long_name> > > > > > > works for me. > > > > > > One thing to note is that I also have : > > > Self register = 1 > > > > > > So at first login, the user has to type in his name and email adress, > > > maybe that's why you got "Anonymous". (Otherwise the variable $shortname etc. are not set.) > > > > > > HTH, > > > > > > Christof > > > > Many thanks for your answer. > > however it seems that your solution requires to have a eLog "password" authentication, which I'd like to avoid since I'd like to use only webserver one. > > > No, I'm also using the webserver authentication. > May I ask why you think "password" auth is required ? > > The elog has an internal userdatabase with longname, shortname, email etc. > Even if you are authenticated via the webserver, you also have to have an entry in that userdatabase. > This entry has to be created by the user who is allowed to get into elog by the webserver. > Thus, the Self register option. > > Bests, > > Christof Sorry, I just double-checked, this userdatabase, I was talking about is the Password-file... Please try the following snippet : allow password change = 0 Authentication = Webserver, File Preset Author = $short_name <$long_name> Locked Attributes = Author Password file = PASSWD.file Christof