Hi all,

we would like to hook elog to our LDAP server. Instead of writing a full-featured LDAP auth module for elog, I have the following idea: use Apache's LDAP module to require LDAP auth for a single logbook:

 <Location /elog/admin>

        Use PhysLDAP

        Use RequirePhysLDAPGroup isg


        RewriteEngine On

        RewriteCond %{LA-U:REMOTE_USER} (.+)

        RewriteRule . - [E=RU:%1]

        RequestHeader add X-Forwarded-User %{RU}e

</Location>

   /* extract REMOTE_USER */

   if ((p = strstr(request, "X-Forwarded-User:")) != NULL) {

      p += 17;

      while (*p && *p == ' ')

         p++;

      strlcpy(remote_user, p, sizeof(remote_user));

      if (strchr(remote_user, '\r'))

         *strchr(remote_user, '\r') = 0;


         char sid[32];

         /* get a new session ID */

         sid_new(NULL, remote_user, (char *) inet_ntoa(rem_addr), sid);


         /* set SID cookie */

         set_sid_cookie(NULL, sid);

         // TODO: set lbs!

   }

set_cookie (lbs=0x0, name=0x483b22 "sid", value=0x7ffffffd7590 "4831386B7B333A99", global=0, expiration=0x7ffffffd7300 "")

Hi Christian,

 I have also the need to do auth on the webserver, but  I tried to integrate it into elogd as far as I could.

However, I do not try to set a special cookie to set the username, but always use 
 "X-Forwarded-User".  Like this, every request is authenticated by the webserver in front.

If that's not too heavy for you, try out the applied patch.

HTH,

Christof

PS:

@Stefan:

If you are willing to integrate this into the official tree, 

I can provide some docs for it (like setting author 

directly etc.)

-----------------------------------------------------------------
Christof Hanke e-mail hanke@rzg.mpg.de
RZG (Rechenzentrum Garching) phone +49-89-3299-1041
Computing Center of the Max-Planck-Gesellschaft (MPG) and the
Institut für Plasmaphysik (IPP)
 

 <Location /elog/admin>

        Use PhysLDAP

        Use RequirePhysLDAPGroup isg


        RewriteEngine On

        RewriteCond %{LA-U:REMOTE_USER} (.+)

        RewriteRule . - [E=RU:%1]

        RequestHeader add X-Forwarded-User %{RU}e

</Location>

   /* extract REMOTE_USER */

   if ((p = strstr(request, "X-Forwarded-User:")) != NULL) {

      p += 17;

      while (*p && *p == ' ')

         p++;

      strlcpy(remote_user, p, sizeof(remote_user));

      if (strchr(remote_user, '\r'))

         *strchr(remote_user, '\r') = 0;


         char sid[32];

         /* get a new session ID */

         sid_new(NULL, remote_user, (char *) inet_ntoa(rem_addr), sid);


         /* set SID cookie */

         set_sid_cookie(NULL, sid);

         // TODO: set lbs!

   }

set_cookie (lbs=0x0, name=0x483b22 "sid", value=0x7ffffffd7590 "4831386B7B333A99", 
global=0, expiration=0x7ffffffd7300 "")

It depends on how you actually call the elog client, but it outputs a message

 Message successfully transmitted, ID=(new message id)

to the console upon successful transmission. Maybe you can catch this and evaluate?

Hallo and thanks for a great program.

At my work we have previously been using another program (Rednotebook) for our lab journals, but now we wish to migrate to elog because it is more configurable and because it runs in a browser.

We would off course like to move all of our old log entries with us. Luckily Rednotebook uses a standard module (YAML) for data storage, so I can easily access the data (e.g. with python) and I have already done do, and I have exchanged the native markup with html.

Now I would prefer it if I can make the elog data files directly, in stead of using the elog command, because that makes it possible and easy to revert the change, and also to not have to handle escaping html string before feeding them to elog on the commandline. I have actually already written the program that produces the elog data files, but now I have a few questions:

1) Is there an overall way of validating the datafiles, to make sure elog doesn't choke on them at some point in the future when I try to open one of the old entries. Along the same lines, does elog parse all the files when the demon is started, so if it starts then I'm ok?

2) What exactly are the requirements for the HTML content

2a) Will any valid html do, or are there some speciel requirements (e.g. like   at blank lines)

2b) Does it require a particular version of html, because then I could at least validate it against that doctype beforehand

3) Is there a log from elog where I can see if it encounters something it doesn't like?

I hope the you can answer some of my questions.

Regards Kenneth

Hi Christof,

wow thanks, that's (almost) exactly what I was looking for! I only had to add

 --- src/elogd.c.orig 2012-02-03 09:11:42.000000000 +0100
+++ src/elogd.c 2012-02-03 09:11:32.000000000 +0100
@@ -8375,6 +8375,10 @@
    strcpy(list[i], "remote_host");
    strlcpy(value[i++], rem_host, NAME_LENGTH);

+   /* add LDAP author */
+   strcpy(list[i], "http_user");
+   strlcpy(value[i++], http_user, NAME_LENGTH);
+

    /* add local host */
    strcpy(list[i], "host");
    strlcpy(value[i++], host_name, NAME_LENGTH);

Preset Author = $http_user

to work.  I fully support getting your patches into upstream.

Hi All,

Perhaps a trivial question but some issues have arisen accessing my long-running elog with SSL enabled.  I suspect firewalls and browser updates are involved and I do not have the time or experience to diagnose and debug such a potential black-hole of difficulties.  Instead I am looking for a quick fix, and the first step - switching off sll - seems to work.  Now I would like to use redirect so that the elog is running under apache, however this is where I have stumbled; I have passwords so the plan is to eventually secure using apache.  Apache works fine and is running pages on ports 80 and 443, although I seem unable to redirect the elog (port 8080).  Following the instructions on the administrators guide I get:

Forbidden

You don't have permission to access /elog/ on this server.

The page is found at least so my redirect is doing something, and I suspect the solution is trivial, though I'm not too sure where to start.

-------------------

Also, what is  the best practice for updating one's elog version.  I originally installed using a tarball.

 Hi,

I am using Top text becouse I would like to have the same header in all logbooks. However it is working in the "new user registration page" and I would like to evoid it. Is that possible?

Thank you so much!!

Diego

 I loathe the idea of 'bumping' up one's own posting, but here I go...

Has anyone seen this issue, or have any solution? We've got people who register 8 or more times, since they see the "Error" message with each registration.