| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
68577
|
Wed Feb 8 18:16:30 2017 |
 | Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | 3.1.1 | Re: Possible misuse of email headers Message-Id and In-Reply-To |
A pull request would be highy appreciated, because you can then test it thoroughly on your side. Adding a random number to the message id is simple. "Reply-to" indeed does not make sense since elog cannot receive emails. Most sites use a generic "noreply@<domain>" to indicate to the user that a reply does not make sense. I guess the "Reply-to" does not have to be unique, right?
| fbretel wrote: |
|
Hi,
As mentionned before, we happen to fail to receive email messages related to updates on elog entries at our site. My understanding is that the SMTP header Message-Id MUST be unique for each email message. Whereas all elogd email messages get something like <logbook>-<entryId>@<domain>. See source code. For this header to become unique, there should be a random part in it.
Having the same Message-Id in multiple email messages results in only the first one being delivered on some email systems.
Moreover, elogd sets the In-Reply-To: header in the same manner (<logbook>-<entryId>@<domain>). Which is incorrect because this header relates to email messages, not elog entries, and should contain the email Message-Id of the email message to which it replies, itself handled by the email messaing system. But elogd hasn't received any email messsage in the first place. So I believe this header should simply be dropped.
I think I can provide a pull request on bitbucket for the Message-Id issue, and probably also for the In-Reply-To: if you decide it can be removed.
Cheers
|
|
|
68578
|
Wed Mar 15 16:04:13 2017 |
| fbretel | nothx@hello.com | Bug report | Linux | 3.1.1 | Re: Possible misuse of email headers Message-Id and In-Reply-To |
Pull-request posted. Cheers. |
|
68579
|
Wed Mar 15 16:42:35 2017 |
| Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | 3.1.1 | Re: Possible misuse of email headers Message-Id and In-Reply-To |
Pull-request merged.
|
|
68592
|
Thu Apr 6 17:36:46 2017 |
 | Stefano Lacaprara | stefano.lacaprara@pd.infn.it | Question | Linux | 3.1.1 | command line and apache+ldap authentication |
Hi,
we are running an elogd (with SSL) server on a machine and using apache as a proxy.
The authentication to the apache server is managed via LDAP module directly by apache, while, so far, we have no authentication enabled in the elogd server itself.
So, when a used want to access the elog server, he is required to provide user/pwd by apache, and then he can access the elogs.
We would like to use the elog command line to transit entries automatically from a terminal from a different host.
the command line we are trying is:
echo "Test" | elog -v -h elog.belle2.org -a Author="stefano" -a Type="Other" -l elog -s demo -u username password -p 443
where username password are registered into LDAP.
In response we have a 401 Unauthorized. The full return message is at the end of this message.
I suspect that the "username password" we pass to elog are supposed to be that of elogd, not that of apache/ldap: I don't know if this is the case.
Does anyone have an idea how to make this work?
Thanks in advance,
Stefano
Successfully connected to host elog.belle2.org, port 443
Request sent to host:
POST /elog/ HTTP/1.0
Content-Type: multipart/form-data; boundary=---------------------------44BDB584269C5EEC3F73204
Host: elog.belle2.org:443
User-Agent: ELOG
Content-Length: 946
Content sent to host:
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="cmd"
Submit
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="unm"
xxxxxxxx
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="upwd"
xxxxxxxx
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="exp"
elog
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="encoding"
ELCode
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="Author"
stefano
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="Type"
Other
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="Text"
demo
---------------------------44BDB584269C5EEC3F73204
Response received:
HTTP/1.1 401 Unauthorized
Date: Thu, 06 Apr 2017 15:32:37 GMT
Server: Apache/2.4.18 (Ubuntu)
WWW-Authenticate: Basic realm="Belle II internal"
Content-Length: 463
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<hr>
<address>Apache/2.4.18 (Ubuntu) Server at elog.belle2.org Port 443</address>
</body></html>
Error transmitting message |
|
68597
|
Fri Apr 7 12:16:24 2017 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | 3.1.1 | Re: command line and apache+ldap authentication |
Hi, the elog command line client does not know anything about Apache authentication, therefore the authentication with the elog username/password fails. As an alternative to the command line client you can use the "curl" utility (available under Linux). This tools has the "-u" flag, which works with Apache. The tricky thing is now to "emulate" your browser submitting an entry. You can do
$ curl -u <username>:<password> -F cmd=Submit -F Author=CURL -F Text="This is the CURL text" http://<your host>:8080/<logbook>
(of course your attributes might be different than "Author"). If you have a multiline text body, you can read that from a file (in this case "file.txt"):
$ curl -u <username>:<password> -F cmd=Submit -F Author=CURL -F Text="@file.txt" http://<your host>:8080/<logbook>
When I wrote "elog" orginiallly (199x?), "curl" was not available or at least I didn't know of. Right now it almoste completely can replace the elog tool.
Stefan |
|
68620
|
Tue May 16 10:21:18 2017 |
 | Stefano Lacaprara | stefano.lacaprara@pd.infn.it | Question | Linux | 3.1.1 | Use X-Forwarded-User as preset in author field |
Hi,
I have an elog server which uses apache/ldap for authentication.
I would like to have the username used for ldap to be set automatically as author field in the elog.
I'm using:
Authentication = Webserver
and I do set the env-variable X-Forwarded-User correctly to the ldap username
GET /test/?cmd=New HTTP/1.1
Host: localhost:8080
Authorization: Basic bGFjYXByYXI6TWEwMiSyYnVt
...
Cookie: elmode=Summary; sid=D7DE678B7CAA1D10; ufnm=lacaprar; urem=0
...
X-Forwarded-User: lacaprar
How can I preset author to X-Forwarded-User?
Preset Author = $??
I've tried $short_name/$long_name but I got Anonymous.
I understand that it is so because these are meant to be filled when password authentication is used: any way to use some other variable with the Webserver auth?
thanks in advance,
Stefano |
|
68621
|
Wed May 17 08:42:17 2017 |
| Christof Hanke | hanke@rzg.mpg.de | Question | Linux | 3.1.1 | Re: Use X-Forwarded-User as preset in author field |
> Hi,
> I have an elog server which uses apache/ldap for authentication.
> I would like to have the username used for ldap to be set automatically as author field in the elog.
>
> I'm using:
> Authentication = Webserver
> and I do set the env-variable X-Forwarded-User correctly to the ldap username
>
> GET /test/?cmd=New HTTP/1.1
> Host: localhost:8080
> Authorization: Basic bGFjYXByYXI6TWEwMiSyYnVt
> ...
> Cookie: elmode=Summary; sid=D7DE678B7CAA1D10; ufnm=lacaprar; urem=0
> ...
> X-Forwarded-User: lacaprar
>
> How can I preset author to X-Forwarded-User?
> Preset Author = $??
> I've tried $short_name/$long_name but I got Anonymous.
> I understand that it is so because these are meant to be filled when password authentication is used: any way to use some other variable with the Webserver auth?
>
> thanks in advance,
> Stefano
Hi,
I use an older version of elog, but
Preset Author = $short_name <$long_name>
works for me.
One thing to note is that I also have :
Self register = 1
So at first login, the user has to type in his name and email adress,
maybe that's why you got "Anonymous". (Otherwise the variable $shortname etc. are not set.)
HTH,
Christof |
|
68622
|
Thu May 18 09:39:16 2017 |
| Stefano Lacaprara | stefano.lacaprara@pd.infn.it | Question | Linux | 3.1.1 | Re: Use X-Forwarded-User as preset in author field |
> I use an older version of elog, but
>
> Preset Author = $short_name <$long_name>
>
> works for me.
>
> One thing to note is that I also have :
> Self register = 1
>
> So at first login, the user has to type in his name and email adress,
> maybe that's why you got "Anonymous". (Otherwise the variable $shortname etc. are not set.)
>
> HTH,
>
> Christof
Many thanks for your answer.
however it seems that your solution requires to have a eLog "password" authentication, which I'd like to avoid since I'd like to use only webserver one.
best,
Stefano |