[librecat-dev] LDAP, Logging and more
Patrick Hochstenbach
Patrick.Hochstenbach at UGent.be
Wed Aug 24 09:18:32 CEST 2016
Hi
Is there still a problem to see debug messages? At my end this is no problem
$ pwd
/opt/librecat
$ cat log4perl.conf
log4perl.category.LibreCat::Auth=DEBUG,STDERR,FILE
log4perl.category.LibreCat::FileStore=INFO,STDERR,FILE
log4perl.category.LibreCat::Worker=INFO,STDERR,FILE
log4perl.category.App=DEBUG,FILE
log4perl.appender.STDERR=Log::Log4perl::Appender::Screen
log4perl.appender.STDERR.stderr=1
log4perl.appender.STDERR.utf8=1
log4perl.appender.STDERR.layout=PatternLayout
log4perl.appender.STDERR.layout.ConversionPattern=%d [%P] - %c[%L] : %m%n
log4perl.appender.FILE=Log::Log4perl::Appender::File
log4perl.appender.FILE.filename=app.log
log4perl.appender.FILE.layout=PatternLayout
log4perl.appender.FILE.layout.ConversionPattern=%d [%P] - %c[%L] : %m%n
$ bin/authentication_admin.pl -p phochste
Password: **********
2016/08/24 07:12:36 [2516] - LibreCat.Auth.Multi[24] : authenticating: {password => "********",username => "phochste"}
2016/08/24 07:12:36 [2516] - LibreCat.Auth.Bag[24] : authenticating: {password => "********",username => "phochste"}
2016/08/24 07:12:36 [2516] - LibreCat.Auth.Bag[21] : authenticating: phochste
2016/08/24 07:12:36 [2516] - LibreCat.Auth.Bag[27] : phochste not found
2016/08/24 07:12:36 [2516] - LibreCat.Auth.Bag[24] : authenticating: {password => "********",username => "phochste"}
2016/08/24 07:12:36 [2516] - LibreCat.Auth.Bag[21] : authenticating: phochste
2016/08/24 07:12:36 [2516] - LibreCat.Auth.Bag[27] : phochste not found
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[24] : authenticating: {password => "********",username => "phochste"}
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[24] : connecting to ldaps://ldaps.ugent.be
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[33] : binding to ugentID=870910100341,ou=applications,dc=ugent,dc=be
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[36] : ...code 0
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[86] : searching phochste
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[93] : {attrs => ["ugentID"],base => "dc=ugent, dc=be",filter => "(uid=phochste)"}
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[97] : ...code 0
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[98] : ...count 1
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[58] : username: 801001101817 ; password: 8 bytes
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[63] : binding to ugentID=801001101817,ou=people,dc=UGent,dc=be
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[70] : ...code 0: error: Success
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[72] : unbind
OK
For your second question. Yes, I’ve added the authentication in the catmandu.local.yml. By just copy and pasting the configuration and editing it to my local needs
$ head catmandu.local.yml
authentication:
package: LibreCat::Auth::Multi
options:
methods:
# password auth against users in config
- package: LibreCat::Auth::Bag
options:
store: builtin_users
username_attr: login
# password auth against database users
- package: LibreCat::Auth::Bag
options:
store: search
bag: researcher
username_attr: login
# LDAP auth
- package: LibreCat::Auth::LDAP
options:
host: 'ldaps://ldaps.ugent.be'
base: 'ugentID=870910100341,ou=applications,dc=ugent,dc=be'
password: ********************************************
auth_base: 'ugentID=%s,ou=people,dc=UGent,dc=be'
search_filter: '(uid=%s)'
search_base: 'dc=ugent, dc=be'
search_attr: 'ugentID'
Cheers
Patrick
> On 17 Aug 2016, at 14:43, Arash Samadi <samadi at sub.uni-goettingen.de> wrote:
>
> Hi there,
>
> is there any tips you may share?
>
> Cheers,
>
> A.
>
> -------- Forwarded Message --------
> Subject: Re: [librecat-dev] LDAP, Logging and more
> Date: Tue, 9 Aug 2016 12:14:14 +0200
> From: Arash Samadi <samadi at sub.uni-goettingen.de>
> Reply-To: samadi at sub.uni-goettingen.de
> Organization: State- and University's Library, Gerog-August University of Goettingen
> To: librecat-dev at lists.uni-bielefeld.de <librecat-dev at lists.uni-bielefeld.de>, Nicolas.Franck at UGent.be
> CC: Patrick Hochstenbach <Patrick.Hochstenbach at UGent.be>
>
>
> Hi,
>
> allright, thank you for the feed back. Here is what I have done:
>
> 1. I've changed the settings in log4perl.conf like this:
>
> log4perl.category.LibreCat::Auth=DEBUG,LOGFILE
> log4perl.category.LibreCat::FileStore=DEBUG,LOGFILE
> log4perl.category.LibreCat::Worker=DEBUG,LOGFILE
>
> log4perl.appender.LOGFILE=Log::Log4perl::Appender::File
> log4perl.appender.LOGFILE.filename=/srv/LibreCat/logs/librecat.log
> log4perl.appender.LOGFILE.mode=append
> log4perl.appender.LOGFILE.layout=PatternLayout
> log4perl.appender.LOGFILE.layout.ConversionPattern=%d [%P] - %c[%L] : %m%n
>
>
> Still, the only log what I get is something after the successful login and nothing more! I would like to know how to change that?
>
> 2. I thought of something, shouldn't I add the LDAP authentication to the 'uers:' section in 'catmandu.local.yml' as well? And if so, how exactly should I do that? Is something like this correct?
>
> - host: ug-sub-s1.sub.uni-goettingen.de
> username_attr: cn
>
> 3. I've tried using 'bin/authentication_admin.pl' as well. I only get one usage syntax message:
>
> usage: bin/authentication_admin.pl [--package=MODULE] [[--param=...]] login at bin/authentication_admin.pl line 44.
>
> So, I've tried something like this:
>
> $ bin/authentication_admin.pl --package=LibreCat::Auth::LDAP --param host=ug-sub-s1.sub.uni-goettingen.de base=**** password=*** auth_base=cn=%s,ou=Benutzer,dc=sub,dc=uni-goettingen,dc=de
>
> Well, I get another error saying the auth_base is missing! Any ideas?
>
> Cheers,
> A.
>
> PS> BTW, in new build you've removed 'Catmandu::CrossRef'. As per Péter's suggestion we can remove it from 'cpanfile', but don't we need it anymore?
>
> On 09.08.2016 08:30, Patrick Hochstenbach wrote:
> Still in vacation here. But you can use a command line tool to test the authentication setup:
>
>
>
> $ bin/authentication_admin.pl
>
>
>
> There are very many options when doing a LDAP authentication. Every institution can have local variations. If the code doesn't provide a stack trace, then the code is ok, but the authentication handshakes don't provide the desired results.
>
>
>
> With the authentical_admin you have at least a Perl program you can run through a debugger and see which step doesn't provide the desired result. We based the code on what Bielefeld or Ghent University does with LDAP (both use a somewhat different strategy).
>
>
>
> Cheers and till later
>
> Patrick
>
>
>
> From: librecat-dev-bounces at lists.uni-bielefeld.de <librecat-dev-bounces at lists.uni-bielefeld.de> on behalf of Arash Samadi <samadi at sub.uni-goettingen.de>
> Sent: Monday, August 8, 2016 2:16 PM
> To: librecat-dev at lists.uni-bielefeld.de
> Subject: [librecat-dev] LDAP
>
> Hi there, hope you had a great vacation or maybe you still enjoying it ;)
>
> Anyways, I replaced the info based on our own LDP-Configuration in 'catmandu.local.yml', but probably missing something, because it is not working. I would really appreciate your input:
>
> - package: LibreCat::Auth::LDAP
> options:
> host: 'ug-sub-s1.sub.uni-goettingen.de'
> base: '************'
> password: '****************'
> auth_base: 'cn=%s,ou=Benutzer,dc=sub,dc=uni-goettingen,dc=de'
> search_filter: '(cn=%s)'
> search_base: 'OU=Benutzer,DC=sub,DC=uni-goettingen,DC=de'
> search_attr: 'cn'
>
> Cheers,
> A.
>
> --
> Arash Samadi
> Digitale Biblothek, Bibliotheksysteme (BIS)
>
> Georg-August-Universität Göttingen
> Niedersächsische Staats- und Universitätsbibliothek
> D-37073 Göttingen
>
> Platz der Göttinger Sieben 1 (Zentralbibliothek, LRC, Raum 2.19)
>
> Tel: +49 39-20726
> m at il: samadi at sub.uni-goettingen.de
> www: http://www.sub.uni-goettingen.de
>
>
> --
> Arash Samadi
> Digitale Biblothek, Bibliotheksysteme (BIS)
>
> Georg-August-Universität Göttingen
> Niedersächsische Staats- und Universitätsbibliothek
> D-37073 Göttingen
>
> Platz der Göttinger Sieben 1 (Zentralbibliothek, LRC, Raum 2.19)
>
> Tel: +49 39-20726
> m at il: samadi at sub.uni-goettingen.de
> www: http://www.sub.uni-goettingen.de
>
> _______________________________________________
> librecat-dev mailing list
> - send list mails to librecat-dev at lists.uni-bielefeld.de
> - to unsubscribe or change options, visit https://lists.uni-bielefeld.de/mailman2/cgi/unibi/listinfo/librecat-dev
> - project website: http://librecat.org/
Patrick Hochstenbach - digital architect
University Library Ghent
Sint-Hubertusstraat 8 - 9000 Ghent - Belgium
patrick.hochstenbach at ugent.be
+32 (0)9 264 7980
More information about the librecat-dev
mailing list