[librecat-dev] LDAP, Logging and more

Patrick Hochstenbach Patrick.Hochstenbach at UGent.be
Wed Aug 24 09:18:32 CEST 2016
Previous message: [librecat-dev] Fwd: LDAP, Logging and more
Next message: [librecat-dev] Make a report question
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi

Is there still a problem to see debug messages? At my end this is no problem

$ pwd
/opt/librecat

$ cat log4perl.conf
log4perl.category.LibreCat::Auth=DEBUG,STDERR,FILE

log4perl.category.LibreCat::FileStore=INFO,STDERR,FILE
log4perl.category.LibreCat::Worker=INFO,STDERR,FILE

log4perl.category.App=DEBUG,FILE

log4perl.appender.STDERR=Log::Log4perl::Appender::Screen
log4perl.appender.STDERR.stderr=1
log4perl.appender.STDERR.utf8=1
log4perl.appender.STDERR.layout=PatternLayout
log4perl.appender.STDERR.layout.ConversionPattern=%d [%P] - %c[%L] : %m%n

log4perl.appender.FILE=Log::Log4perl::Appender::File
log4perl.appender.FILE.filename=app.log
log4perl.appender.FILE.layout=PatternLayout
log4perl.appender.FILE.layout.ConversionPattern=%d [%P] - %c[%L] : %m%n

$ bin/authentication_admin.pl -p phochste
Password: **********
2016/08/24 07:12:36 [2516] - LibreCat.Auth.Multi[24] : authenticating: {password => "********",username => "phochste"}
2016/08/24 07:12:36 [2516] - LibreCat.Auth.Bag[24] : authenticating: {password => "********",username => "phochste"}
2016/08/24 07:12:36 [2516] - LibreCat.Auth.Bag[21] : authenticating: phochste
2016/08/24 07:12:36 [2516] - LibreCat.Auth.Bag[27] : phochste not found
2016/08/24 07:12:36 [2516] - LibreCat.Auth.Bag[24] : authenticating: {password => "********",username => "phochste"}
2016/08/24 07:12:36 [2516] - LibreCat.Auth.Bag[21] : authenticating: phochste
2016/08/24 07:12:36 [2516] - LibreCat.Auth.Bag[27] : phochste not found
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[24] : authenticating: {password => "********",username => "phochste"}
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[24] : connecting to ldaps://ldaps.ugent.be
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[33] : binding to ugentID=870910100341,ou=applications,dc=ugent,dc=be
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[36] : ...code 0
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[86] : searching phochste
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[93] : {attrs => ["ugentID"],base => "dc=ugent, dc=be",filter => "(uid=phochste)"}
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[97] : ...code 0
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[98] : ...count 1
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[58] : username: 801001101817 ; password: 8 bytes
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[63] : binding to ugentID=801001101817,ou=people,dc=UGent,dc=be
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[70] : ...code 0: error: Success
2016/08/24 07:12:36 [2516] - LibreCat.Auth.LDAP[72] : unbind
OK

For your second question. Yes, I’ve added the authentication in the catmandu.local.yml. By just copy and pasting the configuration and editing it to my local needs

$ head catmandu.local.yml

authentication:
  package: LibreCat::Auth::Multi
  options:
    methods:
      # password auth against users in config
      - package: LibreCat::Auth::Bag
        options:
          store: builtin_users
          username_attr: login
      # password auth against database users
      - package: LibreCat::Auth::Bag
        options:
          store: search
          bag: researcher
          username_attr: login
      # LDAP auth
      - package: LibreCat::Auth::LDAP
        options:
          host: 'ldaps://ldaps.ugent.be'
          base: 'ugentID=870910100341,ou=applications,dc=ugent,dc=be'
          password: ********************************************
          auth_base: 'ugentID=%s,ou=people,dc=UGent,dc=be'
          search_filter: '(uid=%s)'
          search_base: 'dc=ugent, dc=be'
          search_attr: 'ugentID'

Cheers
Patrick

> On 17 Aug 2016, at 14:43, Arash Samadi <samadi at sub.uni-goettingen.de> wrote:
> 
> Hi there,
> 
> is there any tips you may share?
> 
> Cheers,
> 
> A.
> 
> -------- Forwarded Message --------
> Subject:	Re: [librecat-dev] LDAP, Logging and more
> Date:	Tue, 9 Aug 2016 12:14:14 +0200
> From:	Arash Samadi <samadi at sub.uni-goettingen.de>
> Reply-To:	samadi at sub.uni-goettingen.de
> Organization:	State- and University's Library, Gerog-August University of Goettingen
> To:	librecat-dev at lists.uni-bielefeld.de <librecat-dev at lists.uni-bielefeld.de>, Nicolas.Franck at UGent.be
> CC:	Patrick Hochstenbach <Patrick.Hochstenbach at UGent.be>
> 
> 
> Hi,
> 
> allright, thank you for the feed back. Here is what I have done:
> 
> 1. I've changed the settings in log4perl.conf like this:
> 
> log4perl.category.LibreCat::Auth=DEBUG,LOGFILE
> log4perl.category.LibreCat::FileStore=DEBUG,LOGFILE
> log4perl.category.LibreCat::Worker=DEBUG,LOGFILE
> 
> log4perl.appender.LOGFILE=Log::Log4perl::Appender::File
> log4perl.appender.LOGFILE.filename=/srv/LibreCat/logs/librecat.log
> log4perl.appender.LOGFILE.mode=append
> log4perl.appender.LOGFILE.layout=PatternLayout
> log4perl.appender.LOGFILE.layout.ConversionPattern=%d [%P] - %c[%L] : %m%n
> 
> 
> Still, the only log what I get is something after the successful login and nothing more! I would like to know how to change that?
> 
> 2. I thought of something, shouldn't I add the LDAP authentication to the 'uers:' section in 'catmandu.local.yml' as well? And if so, how exactly should I do that? Is something like this correct?
> 
> - host: ug-sub-s1.sub.uni-goettingen.de
>    username_attr: cn
> 
> 3. I've tried using 'bin/authentication_admin.pl' as well. I only get one usage syntax message:
> 
> usage: bin/authentication_admin.pl [--package=MODULE] [[--param=...]] login at bin/authentication_admin.pl line 44.
> 
> So, I've tried something like this:
> 
> $ bin/authentication_admin.pl --package=LibreCat::Auth::LDAP --param host=ug-sub-s1.sub.uni-goettingen.de base=**** password=*** auth_base=cn=%s,ou=Benutzer,dc=sub,dc=uni-goettingen,dc=de
> 
> Well, I get another error saying the auth_base is missing! Any ideas?
> 
> Cheers,
> A.
> 
> PS> BTW, in new build you've removed 'Catmandu::CrossRef'. As per Péter's suggestion we can remove it from 'cpanfile', but don't we need it anymore?
> 
> On 09.08.2016 08:30, Patrick Hochstenbach wrote:
> Still in vacation here. But you can use a command line tool to test the authentication setup:
> 
> 
> 
>  $ bin/authentication_admin.pl
> 
> 
> 
> There are very many options when doing a LDAP authentication. Every institution can have local variations. If the code doesn't provide a stack trace, then the code is ok, but the authentication handshakes don't provide the desired results.
> 
> 
> 
> With the authentical_admin you have at least a Perl program you can run through a debugger and see which step doesn't provide the desired result. We based the code on what Bielefeld or Ghent University does with LDAP (both use a somewhat different strategy).
> 
> 
> 
> Cheers and till later
> 
> Patrick
> 
> 
> 
> From: librecat-dev-bounces at lists.uni-bielefeld.de <librecat-dev-bounces at lists.uni-bielefeld.de> on behalf of Arash Samadi <samadi at sub.uni-goettingen.de>
> Sent: Monday, August 8, 2016 2:16 PM
> To: librecat-dev at lists.uni-bielefeld.de
> Subject: [librecat-dev] LDAP
>  
> Hi there, hope you had a great vacation or maybe you still enjoying it ;)
> 
> Anyways, I replaced the info based on our own LDP-Configuration in 'catmandu.local.yml', but probably missing something, because it is not working. I would really appreciate your input:
> 
>       - package: LibreCat::Auth::LDAP
>         options:
>           host: 'ug-sub-s1.sub.uni-goettingen.de'
>           base: '************'
>           password: '****************'
>           auth_base: 'cn=%s,ou=Benutzer,dc=sub,dc=uni-goettingen,dc=de'
>           search_filter: '(cn=%s)'
>           search_base: 'OU=Benutzer,DC=sub,DC=uni-goettingen,DC=de'
>           search_attr: 'cn'
> 
> Cheers,
> A.
> 
> -- 
> Arash Samadi
> Digitale Biblothek, Bibliotheksysteme (BIS)
> 
> Georg-August-Universität Göttingen
> Niedersächsische Staats- und Universitätsbibliothek
> D-37073 Göttingen
> 
> Platz der Göttinger Sieben 1 (Zentralbibliothek, LRC, Raum 2.19)
> 
> Tel: +49 39-20726
> m at il: samadi at sub.uni-goettingen.de
> www: http://www.sub.uni-goettingen.de
> 
> 
> -- 
> Arash Samadi
> Digitale Biblothek, Bibliotheksysteme (BIS)
> 
> Georg-August-Universität Göttingen
> Niedersächsische Staats- und Universitätsbibliothek
> D-37073 Göttingen
> 
> Platz der Göttinger Sieben 1 (Zentralbibliothek, LRC, Raum 2.19)
> 
> Tel: +49 39-20726
> m at il: samadi at sub.uni-goettingen.de
> www: http://www.sub.uni-goettingen.de
> 
> _______________________________________________
> librecat-dev mailing list
> - send list mails to librecat-dev at lists.uni-bielefeld.de
> - to unsubscribe or change options, visit https://lists.uni-bielefeld.de/mailman2/cgi/unibi/listinfo/librecat-dev
> - project website: http://librecat.org/

Patrick Hochstenbach - digital architect
University Library Ghent
Sint-Hubertusstraat 8 - 9000 Ghent - Belgium
patrick.hochstenbach at ugent.be
+32 (0)9 264 7980
Previous message: [librecat-dev] Fwd: LDAP, Logging and more
Next message: [librecat-dev] Make a report question
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the librecat-dev mailing list