Hi all,

we would like to hook elog to our LDAP server. Instead of writing a full-featured LDAP auth module for elog, I have the following idea: use Apache's LDAP module to require LDAP auth for a single logbook:

 <Location /elog/admin>

        Use PhysLDAP

        Use RequirePhysLDAPGroup isg


        RewriteEngine On

        RewriteCond %{LA-U:REMOTE_USER} (.+)

        RewriteRule . - [E=RU:%1]

        RequestHeader add X-Forwarded-User %{RU}e

</Location>

   /* extract REMOTE_USER */

   if ((p = strstr(request, "X-Forwarded-User:")) != NULL) {

      p += 17;

      while (*p && *p == ' ')

         p++;

      strlcpy(remote_user, p, sizeof(remote_user));

      if (strchr(remote_user, '\r'))

         *strchr(remote_user, '\r') = 0;


         char sid[32];

         /* get a new session ID */

         sid_new(NULL, remote_user, (char *) inet_ntoa(rem_addr), sid);


         /* set SID cookie */

         set_sid_cookie(NULL, sid);

         // TODO: set lbs!

   }

set_cookie (lbs=0x0, name=0x483b22 "sid", value=0x7ffffffd7590 "4831386B7B333A99", global=0, expiration=0x7ffffffd7300 "")

Hi Christian,

 I have also the need to do auth on the webserver, but  I tried to integrate it into elogd as far as I could.

However, I do not try to set a special cookie to set the username, but always use 
 "X-Forwarded-User".  Like this, every request is authenticated by the webserver in front.

If that's not too heavy for you, try out the applied patch.

HTH,

Christof

PS:

@Stefan:

If you are willing to integrate this into the official tree, 

I can provide some docs for it (like setting author 

directly etc.)

-----------------------------------------------------------------
Christof Hanke e-mail hanke@rzg.mpg.de
RZG (Rechenzentrum Garching) phone +49-89-3299-1041
Computing Center of the Max-Planck-Gesellschaft (MPG) and the
Institut für Plasmaphysik (IPP)
 

 <Location /elog/admin>

        Use PhysLDAP

        Use RequirePhysLDAPGroup isg


        RewriteEngine On

        RewriteCond %{LA-U:REMOTE_USER} (.+)

        RewriteRule . - [E=RU:%1]

        RequestHeader add X-Forwarded-User %{RU}e

</Location>

   /* extract REMOTE_USER */

   if ((p = strstr(request, "X-Forwarded-User:")) != NULL) {

      p += 17;

      while (*p && *p == ' ')

         p++;

      strlcpy(remote_user, p, sizeof(remote_user));

      if (strchr(remote_user, '\r'))

         *strchr(remote_user, '\r') = 0;


         char sid[32];

         /* get a new session ID */

         sid_new(NULL, remote_user, (char *) inet_ntoa(rem_addr), sid);


         /* set SID cookie */

         set_sid_cookie(NULL, sid);

         // TODO: set lbs!

   }

set_cookie (lbs=0x0, name=0x483b22 "sid", value=0x7ffffffd7590 "4831386B7B333A99", 
global=0, expiration=0x7ffffffd7300 "")

Hi Christof,

wow thanks, that's (almost) exactly what I was looking for! I only had to add

 --- src/elogd.c.orig 2012-02-03 09:11:42.000000000 +0100
+++ src/elogd.c 2012-02-03 09:11:32.000000000 +0100
@@ -8375,6 +8375,10 @@
    strcpy(list[i], "remote_host");
    strlcpy(value[i++], rem_host, NAME_LENGTH);

+   /* add LDAP author */
+   strcpy(list[i], "http_user");
+   strlcpy(value[i++], http_user, NAME_LENGTH);
+

    /* add local host */
    strcpy(list[i], "host");
    strlcpy(value[i++], host_name, NAME_LENGTH);

Preset Author = $http_user

to work.  I fully support getting your patches into upstream.

Hallo and thanks for a great program.

At my work we have previously been using another program (Rednotebook) for our lab journals, but now we wish to migrate to elog because it is more configurable and because it runs in a browser.

We would off course like to move all of our old log entries with us. Luckily Rednotebook uses a standard module (YAML) for data storage, so I can easily access the data (e.g. with python) and I have already done do, and I have exchanged the native markup with html.

Now I would prefer it if I can make the elog data files directly, in stead of using the elog command, because that makes it possible and easy to revert the change, and also to not have to handle escaping html string before feeding them to elog on the commandline. I have actually already written the program that produces the elog data files, but now I have a few questions:

1) Is there an overall way of validating the datafiles, to make sure elog doesn't choke on them at some point in the future when I try to open one of the old entries. Along the same lines, does elog parse all the files when the demon is started, so if it starts then I'm ok?

2) What exactly are the requirements for the HTML content

2a) Will any valid html do, or are there some speciel requirements (e.g. like   at blank lines)

2b) Does it require a particular version of html, because then I could at least validate it against that doctype beforehand

3) Is there a log from elog where I can see if it encounters something it doesn't like?

I hope the you can answer some of my questions.

Regards Kenneth

We are using the Elog client from one vlan to insert entries into our Elog system on a different vlan.

Works fine for the most part but we occasionally have network connection issues which prevents some entries from being added, and we don't find out about it until later.

Is there a Return Code associated with the client pgm? Or some suggestion to promptly verify a successful enrty? (We'd queue and resubmit in bulk once running again, if we knew about it.)

Thanks.

It depends on how you actually call the elog client, but it outputs a message

 Message successfully transmitted, ID=(new message id)

to the console upon successful transmission. Maybe you can catch this and evaluate?

After patching a windows 7 computer with MS12-006, can no longer connect to elog, get page cannot be displayed

See

http://support.microsoft.com/kb/2643584

 A little more information here

We are running elog on an Ubuntu server

Elog was working fine, then, on a windows 7 machine, MS12-006 was installed, rebooted, and could no longer connect to the elog web page.

Discovered that in Internet Explorer 8, by unchecking the use TLS 1.0 in options advanced tab, and making sure that SSL 3.0, TLS 1.1, TLS 1.2 were checked, that the page once again worked.  I'm guessing the elog does not support SSL 3.0, otherwise, I assume I would have to uncheck that as well.  Things do appear to still work on XP, thus far, only Windows 7 appears to break.  While we have a work around, ideally we would like to see a bug fix so that (for legacy reasons), elog will still work with TLS 1.0 on Windows 7.

 Also, strangely, I am able to use the elog forum page https://midas.psi.ch/elogs/Forum while TLS 1.0 is checked.  I notice the version number is 2.9.0-2425, while we are using 2.9.0-2396, so wondering if this is fixed in this newer version.

The forum does not use TLS, but has Apache in front of it which works as a proxy. So TLS is actually handled by Apache, which might have a newer implementation of TLS. The ELOG version number certainly does not make a difference, I did not touch the SSL functionality in a while. But when you compile ELOG on your Ubunto server, you can maybe play with different versions of OpenSSL and see if that changes anything?

- Stefan 

Hello,

I tried to update our ELOG installation 2.7.8 to 2.9.0. If I try to start the service i get the error:

Error 193: %1 is not a valid win32 application.

I uninstalled the old version an installed the new one.

Do you have any Idea? The OS is windows 2000 Server.

Best regards

Michael

Could not start the elogd service on local Computer

Can you start elogd.exe manually in a DOS box? If you get the same error there, the download file might be corrupted and you should try to re-load it again.

Best regards,

Stefan

Michael,

I had this problem with the service/elogd.exe not starting on the later versions of ELog and with Stefan's help we tracked it down to some missing Microsoft C runtime library files.
In my case it was a fresh install of Win2k3.

Try installing one the following and see if it helps (mine was solved with the middle option).

http://www.microsoft.com/download/en/details.aspx?id=3387
http://www.microsoft.com/download/en/details.aspx?id=5582
http://www.microsoft.com/download/en/details.aspx?id=5555

Regards

Grant

 Thanks probelm is solved.

ELOG was installed at a windows 2000 Server. After Grant's Tip I moved it to W2003R2 and installed the midlle option. No it works without any problems.

Regards

Michael

I have been using v2.6.  I works fine so far for what I need except that I could not disable the attachments in the notification emails.  Now I need to upgrade to a latest version v2.9.  However, with this latest version, I've received this error when navigate pages:  "Error: Too many parameters (> 120). Cannot perform operation".   What does this error mean?  Should I do to fix it?  I also have tested other version 2.7 and 2.8 as well.  The problem exists.

Maybe you have indeed too many options in your configuration file. Can you please post it here or send it to my privately so that I can have a look?

- Stefan 

First I have tried to checkout the source code and got an error shown in below.  So, I clicked on the Web Access link to download the trunk.tar.gz.  I have opened elogd.sln in Visual Studio 2010.  Despite of downloading openssl and and installing krb5, I still received errors related to header files that could not be opened or found.  Has anyone checked out all files from trunk.tar.gz and built successfully.  Any hint or advise prior to build this elogd solution in VS2010 will be highly appreciated. 

>svn checkout svn+ssh://svn@savannah.psi.ch/repos/meg/elog/trunk elog
svn: E720002: Unable to connect to a repository at URL 'svn+ssh://svn@savannah.psi.ch/repo
s/meg/elog/trunk'
svn: E720002: Can't create tunnel: The system cannot find the file specified.

This may be already answered somewhere around here, but I could not find it. 

Question: Is it possible to have a pull down will a sub menu.  Something like,

Entry 1

Entry 2 --> Entry 2a

                   Entry 2b

                   Entry 2c

Entry 3

Entry 4

Thanks!

 The way I do this is