Hi all,

I am using the Apache webserver authentication and redirection over http (not https). I have configured it 1:1 as described in the Adminguide. In the elog.cfg I set Authentication = Webserver.

All works fine; the webserver requests an authentication and elog recognizes me correctly.
However, when I close and reopen the browser and log in as a different user, elog does not change the user (tested with Firefox and Edge).
I can only change the user if I use a different browser or restart the elogd (reload is not enough).
The X-Forwarded-User header is set to the correct username - I have checked it with a CustomLog in Apache.

Best regards,
Frank

Hi,
as I understand right you can do this in the elogd.cfg via
Interface = 127.0.0.1
port = 8080

however than this can be changed by any user how has global admin rights in elog.

So I changed the line in the elogd.service startscript
ExecStart=/usr/local/sbin/elogd -D -p 8080 -n 127.0.0.1  -c /usr/local/elog/elogd.cfg

I hope this has the priority (not tested).

I found the reason of the bug:
In line 27441 of elogd.cxx the http_user is overwritten by the user saved in the sid_ array as a sideeffect of the sid_check function:
sid_check(getparam("sid"), http_user)

It can solved by changing elogd.cxx @ line 27441

27441c27441,27446
<          if (!sid_check(getparam("sid"), http_user)) { /*  if we don't have a sid yet, set it */
---
>          i=sid_check(getparam("sid"), thumb_name);
>          if (i && strcmp(http_user,thumb_name)!=0) {  /* user changed */
>             sid_remove(getparam("sid"));
>             i=FALSE;
>          }
>          if (!i) { /*  if we don't have a sid yet, set it */

Remark: I have used the variables i & thumb_name of the function in a local context.

Hi Christof,

wow thanks, that's (almost) exactly what I was looking for! I only had to add

 --- src/elogd.c.orig 2012-02-03 09:11:42.000000000 +0100
+++ src/elogd.c 2012-02-03 09:11:32.000000000 +0100
@@ -8375,6 +8375,10 @@
    strcpy(list[i], "remote_host");
    strlcpy(value[i++], rem_host, NAME_LENGTH);

+   /* add LDAP author */
+   strcpy(list[i], "http_user");
+   strlcpy(value[i++], http_user, NAME_LENGTH);
+

    /* add local host */
    strcpy(list[i], "host");
    strlcpy(value[i++], host_name, NAME_LENGTH);

Preset Author = $http_user

to work.  I fully support getting your patches into upstream.

The issue is still present and now it's quite urgent to move this last service into the Swarm. Does anyone maybe have an idea what's wrong? To sum up: if there is a non-empty password file, the login page chokes in an infinite loop of redirects. I am using the same HAProxy load balancer configuration as for all the other services (running Apache, NGINX, GitLab, XWiki, etc.):

backend be_elog.km3net.de
    mode http

    option forwardfor except 127.0.0.1
    http-request add-header X-Forwarded-Proto https if { ssl_fc }

    server-template km3net-elog- 1 km3net-elog_elog:8080 check resolvers docker init-addr libc,none

If a message is submitted via the elog command then the reply string '> ' is only inserted in the first line if a reply is made.
This message was submitted with the following commandline:
elog -v -h midas.psi.ch -p 80 -s elogdemo -l Forum -a "Icon=icon4.gif" -a "Author=Heiko Scheit"  -a "Author Email=h.scheit@mpi-hd.mpg.de" -a "Subject=elog submit problem" "...Message-text..."

Please press the reply button to see the problem.

When the option 'Reverse sort = 1' is used then the first entry
is not displayed (ID=1) when threaded mode is requested.

Probably you can see the problem using this link and switching 
on reverse sort.  

http://midas.psi.ch/elogdemo/Linux/last20?mode=threaded

The exit status of elog is always 1.  It should be zero for
a successful submission.