| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
68579
|
Wed Mar 15 16:42:35 2017 |
 | Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | 3.1.1 | Re: Possible misuse of email headers Message-Id and In-Reply-To | Pull-request merged.
|
|
68592
|
Thu Apr 6 17:36:46 2017 |
 | Stefano Lacaprara | stefano.lacaprara@pd.infn.it | Question | Linux | 3.1.1 | command line and apache+ldap authentication | Hi,
we are running an elogd (with SSL) server on a machine and using apache as a proxy.
The authentication to the apache server is managed via LDAP module directly by apache, while, so far, we have no authentication enabled in the elogd server itself.
So, when a used want to access the elog server, he is required to provide user/pwd by apache, and then he can access the elogs.
We would like to use the elog command line to transit entries automatically from a terminal from a different host.
the command line we are trying is:
echo "Test" | elog -v -h elog.belle2.org -a Author="stefano" -a Type="Other" -l elog -s demo -u username password -p 443
where username password are registered into LDAP.
In response we have a 401 Unauthorized. The full return message is at the end of this message.
I suspect that the "username password" we pass to elog are supposed to be that of elogd, not that of apache/ldap: I don't know if this is the case.
Does anyone have an idea how to make this work?
Thanks in advance,
Stefano
Successfully connected to host elog.belle2.org, port 443
Request sent to host:
POST /elog/ HTTP/1.0
Content-Type: multipart/form-data; boundary=---------------------------44BDB584269C5EEC3F73204
Host: elog.belle2.org:443
User-Agent: ELOG
Content-Length: 946
Content sent to host:
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="cmd"
Submit
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="unm"
xxxxxxxx
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="upwd"
xxxxxxxx
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="exp"
elog
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="encoding"
ELCode
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="Author"
stefano
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="Type"
Other
---------------------------44BDB584269C5EEC3F73204
Content-Disposition: form-data; name="Text"
demo
---------------------------44BDB584269C5EEC3F73204
Response received:
HTTP/1.1 401 Unauthorized
Date: Thu, 06 Apr 2017 15:32:37 GMT
Server: Apache/2.4.18 (Ubuntu)
WWW-Authenticate: Basic realm="Belle II internal"
Content-Length: 463
Connection: close
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<hr>
<address>Apache/2.4.18 (Ubuntu) Server at elog.belle2.org Port 443</address>
</body></html>
Error transmitting message |
|
68597
|
Fri Apr 7 12:16:24 2017 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | 3.1.1 | Re: command line and apache+ldap authentication | Hi, the elog command line client does not know anything about Apache authentication, therefore the authentication with the elog username/password fails. As an alternative to the command line client you can use the "curl" utility (available under Linux). This tools has the "-u" flag, which works with Apache. The tricky thing is now to "emulate" your browser submitting an entry. You can do
$ curl -u <username>:<password> -F cmd=Submit -F Author=CURL -F Text="This is the CURL text" http://<your host>:8080/<logbook>
(of course your attributes might be different than "Author"). If you have a multiline text body, you can read that from a file (in this case "file.txt"):
$ curl -u <username>:<password> -F cmd=Submit -F Author=CURL -F Text="@file.txt" http://<your host>:8080/<logbook>
When I wrote "elog" orginiallly (199x?), "curl" was not available or at least I didn't know of. Right now it almoste completely can replace the elog tool.
Stefan |
|
68620
|
Tue May 16 10:21:18 2017 |
 | Stefano Lacaprara | stefano.lacaprara@pd.infn.it | Question | Linux | 3.1.1 | Use X-Forwarded-User as preset in author field | Hi,
I have an elog server which uses apache/ldap for authentication.
I would like to have the username used for ldap to be set automatically as author field in the elog.
I'm using:
Authentication = Webserver
and I do set the env-variable X-Forwarded-User correctly to the ldap username
GET /test/?cmd=New HTTP/1.1
Host: localhost:8080
Authorization: Basic bGFjYXByYXI6TWEwMiSyYnVt
...
Cookie: elmode=Summary; sid=D7DE678B7CAA1D10; ufnm=lacaprar; urem=0
...
X-Forwarded-User: lacaprar
How can I preset author to X-Forwarded-User?
Preset Author = $??
I've tried $short_name/$long_name but I got Anonymous.
I understand that it is so because these are meant to be filled when password authentication is used: any way to use some other variable with the Webserver auth?
thanks in advance,
Stefano |
|
68621
|
Wed May 17 08:42:17 2017 |
| Christof Hanke | hanke@rzg.mpg.de | Question | Linux | 3.1.1 | Re: Use X-Forwarded-User as preset in author field | > Hi,
> I have an elog server which uses apache/ldap for authentication.
> I would like to have the username used for ldap to be set automatically as author field in the elog.
>
> I'm using:
> Authentication = Webserver
> and I do set the env-variable X-Forwarded-User correctly to the ldap username
>
> GET /test/?cmd=New HTTP/1.1
> Host: localhost:8080
> Authorization: Basic bGFjYXByYXI6TWEwMiSyYnVt
> ...
> Cookie: elmode=Summary; sid=D7DE678B7CAA1D10; ufnm=lacaprar; urem=0
> ...
> X-Forwarded-User: lacaprar
>
> How can I preset author to X-Forwarded-User?
> Preset Author = $??
> I've tried $short_name/$long_name but I got Anonymous.
> I understand that it is so because these are meant to be filled when password authentication is used: any way to use some other variable with the Webserver auth?
>
> thanks in advance,
> Stefano
Hi,
I use an older version of elog, but
Preset Author = $short_name <$long_name>
works for me.
One thing to note is that I also have :
Self register = 1
So at first login, the user has to type in his name and email adress,
maybe that's why you got "Anonymous". (Otherwise the variable $shortname etc. are not set.)
HTH,
Christof |
|
68622
|
Thu May 18 09:39:16 2017 |
| Stefano Lacaprara | stefano.lacaprara@pd.infn.it | Question | Linux | 3.1.1 | Re: Use X-Forwarded-User as preset in author field | > I use an older version of elog, but
>
> Preset Author = $short_name <$long_name>
>
> works for me.
>
> One thing to note is that I also have :
> Self register = 1
>
> So at first login, the user has to type in his name and email adress,
> maybe that's why you got "Anonymous". (Otherwise the variable $shortname etc. are not set.)
>
> HTH,
>
> Christof
Many thanks for your answer.
however it seems that your solution requires to have a eLog "password" authentication, which I'd like to avoid since I'd like to use only webserver one.
best,
Stefano |
|
68623
|
Thu May 18 10:37:16 2017 |
| Christof Hanke | hanke@rzg.mpg.de | Question | Linux | 3.1.1 | Re: Use X-Forwarded-User as preset in author field | > > I use an older version of elog, but
> >
> > Preset Author = $short_name <$long_name>
> >
> > works for me.
> >
> > One thing to note is that I also have :
> > Self register = 1
> >
> > So at first login, the user has to type in his name and email adress,
> > maybe that's why you got "Anonymous". (Otherwise the variable $shortname etc. are not set.)
> >
> > HTH,
> >
> > Christof
>
> Many thanks for your answer.
> however it seems that your solution requires to have a eLog "password" authentication, which I'd like to avoid since I'd like to use only webserver one.
>
No, I'm also using the webserver authentication.
May I ask why you think "password" auth is required ?
The elog has an internal userdatabase with longname, shortname, email etc.
Even if you are authenticated via the webserver, you also have to have an entry in that userdatabase.
This entry has to be created by the user who is allowed to get into elog by the webserver.
Thus, the Self register option.
Bests,
Christof |
|
68624
|
Thu May 18 10:51:05 2017 |
| Christof Hanke | hanke@rzg.mpg.de | Question | Linux | 3.1.1 | Re: Use X-Forwarded-User as preset in author field | > > > I use an older version of elog, but
> > >
> > > Preset Author = $short_name <$long_name>
> > >
> > > works for me.
> > >
> > > One thing to note is that I also have :
> > > Self register = 1
> > >
> > > So at first login, the user has to type in his name and email adress,
> > > maybe that's why you got "Anonymous". (Otherwise the variable $shortname etc. are not set.)
> > >
> > > HTH,
> > >
> > > Christof
> >
> > Many thanks for your answer.
> > however it seems that your solution requires to have a eLog "password" authentication, which I'd like to avoid since I'd like to use only webserver one.
> >
> No, I'm also using the webserver authentication.
> May I ask why you think "password" auth is required ?
>
> The elog has an internal userdatabase with longname, shortname, email etc.
> Even if you are authenticated via the webserver, you also have to have an entry in that userdatabase.
> This entry has to be created by the user who is allowed to get into elog by the webserver.
> Thus, the Self register option.
>
> Bests,
>
> Christof
Sorry, I just double-checked, this userdatabase, I was talking about is the Password-file...
Please try the following snippet :
allow password change = 0
Authentication = Webserver, File
Preset Author = $short_name <$long_name>
Locked Attributes = Author
Password file = PASSWD.file
Christof |
|