#foswiki 2014-05-13,Tue

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
***ChanServ sets mode: +o Lynnwood [02:19]
............................................... (idle for 3h52mn)
ChanServ sets mode: +o CDot [06:11]
........ (idle for 35mn)
ChanServ sets mode: +o MichaelDaum [06:46]
............... (idle for 1h13mn)
CDothttp://foswiki.org/Community/TermsOfService for review [07:59]
MichaelDaumdidn't know about Chilling Effects
CDot, about "Any registered user may remove or modify any other registered user's content." ... do we have a written form of netiquettes
[08:08]
CDotI couldn't find one (though I recall something in System web)
linking it would be a good idea
(please go ahead and edit, rather than commenting. I trust you :-) )
[08:10]
MichaelDaumhttp://foswiki.org/System/GoodStyle
we don't actually have a written-down and more specific netiquette document about online collaboration on foswiki.org specifically as far as I know.
well GoodStyle is the best available atm
made my additions
CDot, other than that the text is good
[08:11]
................ (idle for 1h18mn)
***ChanServ sets mode: +o MichaelDaum [09:33]
CDotlinked to the wikipedia article on netiquette, since it applies. [09:44]
................ (idle for 1h16mn)
***ChanServ sets mode: +o Lynnwood [11:00]
............................. (idle for 2h23mn)
ChanServ sets mode: +o gac410 [13:23]
........ (idle for 38mn)
gregg4567 has left [14:01]
....................... (idle for 1h54mn)
foswiki_irc0Anybody free for a bit to help me out with ldapcontrib?
http://pastebin.com/qbrU7PVU <-- my configuration
When I try to authenticate I get: LdapPasswdUser - dn not found (on error_log)
The only thing I can find was from the irc log here, about normalizeloginnames being enabled, but I don't
[15:55]
tsnfoofoswiki_irc0: Have you verified that you can bind with that DN using some other LDAP client?
And do any of the examples in the LDAPContrib docs work? There are some examples of listing people/groups on that page.
In the System web, once you have the contrib installed, that is.
[16:03]
foswiki_irc0Yeah, I could see in the log it was building the wikinames correctly
oh nevermind, I got it
I can log in with me username (test1234) but I was trying my wikiname (TestName)
[16:07]
tsnfooAhh... [16:08]
foswiki_irc0Thanks for the help! [16:08]
tsnfooI don't think there's an option to allow wikiname logins. My users are accustomed to ldap usernames, so it's never come up here.
np
[16:08]
foswiki_irc0Yeah, I think most people here will want this anyway too [16:09]
tsnfooIs there any gossip on FW 1.2 or 2.0? I've not found anything recent in the Tasks web. [16:16]
............ (idle for 57mn)
foswiki_irc9Does anyone have experience using CAS for authentication? [17:13]
tsnfooYes, but using a pretty hacked up, old version of the contrib. What's up? [17:19]
foswiki_irc9We're currently using the CASLoginContrib and it works for the most part..
but it doesn't log in after redirecting from our authentication server
it just says log in.. and clicking it again doesn't work unless the page is refreshed.
It also logs in if you try to edit something
[17:21]
tsnfooHuh. That sounds very familiar.
I don't think Foswiki actually does an auth check unless the view script requires it.
I take it you want to lock down the wiki to require auth?
[17:23]
foswiki_irc9That makes sense. Would there be a way to make it check auth after redirecting? [17:26]
tsnfootsnfoo lookimg - can't remember exact syntax
Try setting "DENYWEBVIEW = WikiGuest" in the SitePreferences.
[17:26]
foswiki_irc9yeah, most of the content is public.. but we have some hidden content and we want only authorized users to edit pages [17:27]
tsnfooOh
Then don't do it in SitePreferences
do it in the WebPreferences for specific webs
as per: https://wiki.denison.edu/System/AccessControl#Controlling_access_to_a_Web
[17:27]
foswiki_irc9Well the hidden webs don't show up unless the user is logged in.. [17:28]
tsnfooAh, catch 22-ish situation, then. [17:28]
foswiki_irc9yeahh, exactly. I haven't been able to figure anything out yet. [17:29]
tsnfooWe have our wiki locked down so that you must be logged in with valid university CAS creds, which may be how I worked around this problem :-/
OK, this may be kludgey, but you could add some code in your default template that tries to do some kind of auth check on each page.
Like edit your WebLeftBar topic to check for view rights on ne of the hidden thingies
and conditionally include links to that stuff.
For example, I have "WebAdminBar" topics in most of my webs.
[17:29]
foswiki_irc9Could I edit the wikiGuest bar to do that? conditionally using the IF macro? [17:32]
tsnfooI believe so. You can edit anything in foswiki :-)
What version of CAS are you running? Do you have acess to make changes to it?
(just curious; thinging of another idea)
s/thinging/thinking/g
[17:33]
foswiki_irc9I know I made a page in the sandbox that only displays content if the user isn't a guest,, and it didn't work. the user info just shows the wikiguest info if the log in link doesn't show my user information [17:34]
tsnfooCrap. [17:35]
foswiki_irc9I can change anything on the wiki. I'm not sure, I'll try to check the version [17:35]
tsnfooI wish I could remember if we made any changes to resolve that, other than complete lock-down.
foswiki_irc9: are you comfortable with JavaScript/AJAX?
[17:35]
foswiki_irc9tsnfoo: I couldn't find the version of our CAS.. i can ask my manager sometime if it would help. I'm an intern at Notre Dame btw.
tsnfoo: I'm comfortable with js but it's been a while since I did anything with ajax
[17:39]
tsnfooI was just wondering if you could try something ghetto, like add a script to your default footer that tries an edit call if your are wikiguest, but you have a CAS service ticket cookie.
Or, if your CAS administrator could crafy a custom redirect URL for you, injecting a custom query parameter (e.g., cas_session=true)
And you trigger some innocuous edit call when you see that the first time.
These suggestions might all be terrible, and/or more work than just fixing this in CasLoginContrib
:-)
SvenDowideit: are you around for a CasLoginContrib question?
[17:40]
foswiki_irc9That makes sense. I was thinking to try something like that, but I wasn't sure how to call edit. haha.. at least we're able to log in at all right now. [17:44]
tsnfoofoswiki_irc9: I might take your question to the mailing list. A lot of folks on here are not in our timezone. [17:44]
foswiki_irc9tsnfoo: Thanks, I really appreciate the help! [17:45]
tsnfoonp
Our sysadmin wrote the orginal CasLoginContrib, but SvenDowideit competely re-wrote it, so he might be a good place to start with advanced questions.
[17:45]
foswiki_irc9Okay, that definitely sounds like he might be able to help [17:47]
............. (idle for 1h1mn)
gac410tsnfoo: foswiki_irc9 There is some code in lib/Foswiki/LoginManager.pm which might be related to the failure to recognize the remote user. ... If the internal mechanism is that apache sets the remote user env variable.
I don't understand why it's doing what it is doing, so I'm not going to change it. But.... in LoginManager.pm subroutine userLoggedIn() Right up at the start, it does:
return if $session->inContext('command_line') || $session->{remoteUser} && $authUser && $authUser eq $session->{remoteUser}; # same user
What this does is bail out, and fails to set the "authenticated" context if the requested user == the apache remoteUser ...
[18:48]
tsnfooHmm… I'll take a look.
thx
[18:51]
gac410If you commented out that last bit. ... && $authUser && $authUser eq $session->{remoteUser}; and let it fall through, that might help fw recognize the remoteUser
I had to deal with the "command line" issue for 1.2, because it also fails to set "authenticated" context when running from the cli, which causes issues. cli should typically be considered authenticated.
but touching some of this code ... rather dangerous stuff and I don't really understand all of what it's doing.
[18:52]
....................................... (idle for 3h10mn)
***gregg4567 has left [22:04]
...... (idle for 28mn)
gac410hm tsnfoo: This appears to be basic apache. The REMOTE_USER variable is undef if the script doesn't require authentication. So even though the user has authenticated at some time and the browser remembers the auth,
Foswiki is only informed of the user when the script explicitly requires authentication.,
[22:32]
As far as relationship to Caslogin, I don't think it has anything to do with it. CasLogin doesn't use apache auth from what I can tell. [22:41]
........ (idle for 38mn)
***ChanServ sets mode: +o pharvey [23:19]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)