#foswiki 2014-08-05,Tue

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
***wdenk1 has quit IRC (Ping timeout: 255 seconds) [01:22]
....................................................................... (idle for 5h51mn)
ChanServ sets mode: +o MichaelDaum [07:13]
.... (idle for 17mn)
ColasNahaboo has quit IRC (Ping timeout: 256 seconds) [07:30]
................................................................... (idle for 5h30mn)
Tarbox1MichaelDaum, have you been able to look at caching any? Do you need anything from me? [13:00]
MichaelDaumTarbox1 = Fred?
not yet
jmeter is a beast
but I finally groked it I think
[13:00]
Tarbox1K. My vacation starts tonight so I won't be around for a couple weeks. [13:03]
MichaelDaumTarbox1, did you use the patch to lib/Foswiki/PageCache/DBI.pm to always return undef? [13:03]
Tarbox1yes
Behavior without the patch is erratic.
[13:03]
MichaelDaumim on vacation next week.
I wasn't able to repro it using sqlite.
[13:04]
Tarbox1It can take hours for a deadlock to show up, but we had one episode where it did nothing but deadlock for several minutes. I have no idea if our "live" deadlock is the same as the deadlock I can force through the undef, but gotta start somewhere.
I switched to mysql because sqlite was randomly failing to deliver pages in lieu of a deadlock error.
[13:04]
MichaelDaumstrange
what perl version have you got?
[13:05]
Tarbox1This is perl 5, version 14, subversion 2 (v5.14.2) built for x86_64-linux-gnu-thread-multi [13:06]
jasthave you tested your RAM yet? :) [13:06]
Tarbox1how do I do that?
It's a vm.
[13:07]
jastthat's difficult then [13:07]
MichaelDaumlet me create a simple test for my poor jmeter and fire it up [13:07]
***Lavr has quit IRC (*.net *.split)
card.freenode.net sets mode: +o Lavr
[13:13]
MichaelDaumokay testing 10 threads on a public page with caching enabled; storing meta in a mysql ... lets see
1000 samples ...
[13:15]
Tarbox1:(
how long does it take to deliver a page?
[13:16]
MichaelDaum177kb/sec [13:17]
Tarbox1No, I meant latency. [13:17]
MichaelDaumavg 46
median 41
0% errors
[13:17]
Tarbox1Bleah.
It's 1.5s for me. What am I doing wrong?
[13:18]
MichaelDaumah ... forgotten to botch DBI.pm
again
now it caches again and again the same page
avg at 727ms
107kb/sec
approaching 1000 samples
let me up the number of foswiki backends
was three on this test
again no errors after 1.4k samples
[13:18]
Tarbox1I use 6.
But hey, go for broke, use 10.
[13:24]
MichaelDaumthats what I just did :)
here goes my servee....
ramping up ...
there they are
[13:25]
Tarbox1\o/ [13:29]
MichaelDaumDeadlock found when trying to get; lock try restarting transaction at /lib/Foswiki/PageCache/DBI.pm line 372 [13:30]
GithubBot[foswiki] FoswikiBot pushed 1 new commit to master: http://git.io/wOrF4Q
foswiki/master 165c00c KennethLavrsen: Item12978: ExpandTopicContentPlugin enhancements incl REVISIONATTIME macro...
[13:30]
***GithubBot has left [13:30]
MichaelDaumyet still the pages come rolling in. no http error that is. [13:30]
Tarbox1You're using sqlite? [13:30]
MichaelDaummysql
DBD::mysql::st execute failed: Deadlock found when trying to get lock; try restarting transaction at
[13:31]
Tarbox1That's the error. [13:31]
MichaelDaumline 372 in DBI.pm [13:31]
Tarbox1What kind of listener are you using in jmeter? table or tree? [13:31]
MichaelDaumyet still the system doesn't fall appart in terms of deadlocking foswiki [13:32]
Tarbox1Because the deadlock error comes across as status green, it's only when you look at it in table view that you see the error message.
er
[13:32]
MichaelDaumGraph Results, Aggregate Report and View Result Tree [13:32]
Tarbox1tree view [13:32]
MichaelDaumhave you got HTTP Requests that do not have a green tick infront? [13:33]
Tarbox1No. [13:33]
MichaelDaumall green right? [13:34]
Tarbox1yes.
But some are error messages despite that.
[13:34]
MichaelDaumwhere else do you see the logs other than in error.log [13:34]
Tarbox1mysql/error.log
has the innodb errors
Look in tree view for pages with a really small byte size.
659
is the one I'm looking at right now.
[13:34]
MichaelDaumMichaelDaum stopping the thing ... sec [13:35]
Tarbox1No I'm confused again. Byte sizes are in table view. In tree view you may see the error as a page request without the little tick symbol. It depends on if you have it set to retrieve all embedded resources. [13:36]
MichaelDaumright and that listener wasnt open before the test ... again
18 requests get me the error
[13:38]
Tarbox1It's erratic.
I've gone 1500 and nothing, which really helps to disguise what is and isn't necessary to reproduce it.
[13:41]
........ (idle for 35mn)
jastany idea how I can change the default language for foswiki when run from CLI?
my first guess is to change the LANGUAGE pref, but I don't know whether that'll override the language auto-detected from browser
[14:17]
StevenHouchenI am wondering if anyone ould possible help me with trying to get the ldapcontrib extension to work for ldap login [14:19]
jastStevenHouchen: what's your current status? [14:21]
StevenHouchenI have the plugin installed and finally, I believe, all dependencies installed now. I can get to a login page, after changing UserMappingManager to LdapUserMaping and PasswordManager to LdapPasswdUser
Unfrotanetly I am not a linux guy, I am using the virutal image for vmware server
[14:23]
MichaelDaumTarbox1, I think I've got it fixed. [14:25]
Tarbox1What was it? [14:25]
MichaelDaumit entered the transaction even though begin_work failed
there was basically no rollback in case of an error
[14:26]
Tarbox1ah [14:27]
MichaelDaumthe error propagated up from the db layer to the frontend as there was no try - catch block in case a transaction fails. [14:27]
Tarbox1Are there other places that would do the same thing? [14:28]
MichaelDaumevery begin_work ... commit block needs a try-catch block and in case of an error rollback
a basic dbi programming flaw
I now get a proper rollback of the transaction but not a breakdown of foswiki ... which is sort of better
[14:28]
Tarbox1Why only sort of? [14:30]
MichaelDauma failing transaction means: hey there's somebody else trying to do the same
one of them has to back off
[14:30]
Tarbox1I don't see a problem with that. As long as someone is caching something progress is being made. The one that backs off can just give up and deliver the page without caching it. Essentially wait for next time. [14:31]
jastStevenHouchen: you'll probably have to change the LoginManager to LdapTemplateLogin (if you're using TemplateLogin currently). the remaining configuration is highly dependent on the specifics of your LDAP schema... [14:31]
MichaelDaumTarbox1, right thats it.
and we generated the problem even more by rejecting to deliver a cached page using this aweful "return undef;" in getPage()
two requests try to cache the same page at the same time and end up at the same point in the same transaction ...
if only one was a tiny bit slower whould it get the ready-made page right from the cache
... or cache the same thing twice.
... or just don't cache the same work done otherwise already.
[14:31]
.... (idle for 19mn)
StevenHouchenjast: I must have missed that, thanks, now when I change that I get Access Denied Attention Access check on System.WebHome failed. Action "viewauth": viewauth requires authentication. [14:54]
MichaelDaumTarbox1, I've got a patch for you at http://foswiki.org/pub/Tasks/Item12965/PageCache.patch
I switched the bug item to confirmed/urgent
[14:56]
Tarbox1Thank you. [14:57]
MichaelDaumwith an enable TRACE only the transaction errors will log to stderr. all others have been shut down.
note that you need to enable the return undef trick again. I didn't include it into that patch.
[14:58]
jastStevenHouchen: something is mixed up there. that should normally only happen with a non-TemplateLogin, and then only if either {AuthScripts} or your web server config is wrong [15:00]
StevenHouchenjast: the webserver configs came preconfigured in the vmware image I have no idea, is there a way to try and figure it out?
Once I switched that out I do see a warning Warning: You've specified an alternative login manager. It is critical that this list of scripts be consistent with the scripts protected by the Web Server. Verify that this setting is consistent with the Apache FilesMatch or LocationMatch or other configuration used by Foswiki::LoginManager::LdapApacheLogin.
[15:01]
Tarbox1That's normal.
It's informative rather than critical.
well listening to it is critical but there's no way to make it go away.
Ah
You need to set up apacheserver to use basic authentication
And then you would probably prefer to set up apache to tap your ldap for the back end of the basic authentication.
[15:04]
StevenHouchenIf this was Windows IIs I could do that :-) But Im sure I could find my way around it.
So use apache to access ldap instead of the ldapcontrib?
[15:06]
Tarbox1in combination with [15:06]
jastthere are two ways
one is to let LdapContrib do everything -- that's LdapTemplateLogin
[15:06]
Tarbox1Apache does authentication, then hands it off to foswiki which does authorization.
ah well
[15:06]
jastthe other requires both apache and LdapContrib to be configured for your LDAP server [15:06]
Tarbox1OKay yes I'm only speaking based on my setup [15:06]
jastwhat did you have for LoginManager before changing anything? [15:07]
StevenHouchenLoginmanager was set to Foswiki::LoginManager::TemplateLogin [15:07]
jaststrange... changing to LdapTemplateLogin should work then [15:10]
MichaelDaumjast, what is LdapTemplateLogin? [15:11]
Tarbox1The warning message you're getting refers to LdapApacheLogin though. [15:11]
StevenHouchenI changed it to LdapApacheLogin just to see and the warning message is still there [15:12]
jastoh, isn't that an official thing? [15:12]
Tarbox1If it's LdapApacheLogin you have to configure apache to do authentication of some kind.
If there's an LdapTemplateLogin someone has then you would not need that.
[15:13]
MichaelDaumjast, nope [15:13]
jastright, looks like LdapTemplateLogin is a pointless legacy thing we have
my bad
[15:13]
Tarbox1Or [15:13]
jastjust leave it at TemplateLogin, then, I guess [15:13]
StevenHouchenI no longwer seem to have an LdapTemplateLogin listed [15:13]
Tarbox1I dunno I'll shut up now. [15:13]
StevenHouchenWhen I change it back to TemplateLogin I login with my domain username and password and says we could not reconize you
How hard is it to do this through apache?
[15:15]
Tarbox1not too hard.
You need to enable ... um ...
[15:15]
StevenHouchenOr is there some logs are test points I can be directed to to try and find out where it is failing?> [15:15]
Tarbox1mumble ldap mumble
http://httpd.apache.org/docs/2.0/mod/mod_auth_ldap.html
[15:16]
StevenHouchenno how about how hard is it for a non Linux user :-) [15:16]
Tarbox1well once the mod is enabled look for <Directory "/var/www/foswiki.com"> or similar in your apache config
Then set up something like this:
<Directory "/var/www/foswiki.telenetwork.com">
Order Allow,Deny
Allow from all
Deny from env=blockAccess
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthType Basic
AuthName "Site: Enter your TNI Username/Password"
AuthLDAPBindDN "CN=FOSWiki Service,OU=Service_Accounts,DC=yourdc,DC=com"
AuthLDAPBindPassword something
AuthLDAPUrl "ldap://yourdc.com:389/OU=Techs,DC=yourdc,DC=com?sAMAccountName?sub?(objectClass=*)" NONE
Require valid-user
</Directory>
Ignore the TNI, that's my company name I forgot to scrub.
[15:17]
StevenHouchenok seems easy enough, once I figure out how to get the module installed [15:20]
Tarbox1let me help you it's real easy once you know the secret [15:20]
StevenHouchenok that would be awesome [15:20]
Tarbox1From the command line a2enmod auth_ldap should do the trick.
Had to look it up. >_>
[15:20]
StevenHouchenERROR: Module auth_ldap does not exist! [15:21]
Tarbox1mod_auth_ldap? [15:22]
StevenHouchensame error [15:22]
Tarbox1TT_TT [15:22]
StevenHouchenERROR: Module mod_auth_ldap does not exist!
this isnt playing nice
this command seems to have worked a2enmod ldap authnz_ldap\
however I get Could not create /etc/apache2/mods-enabled/ldap.conf: Permission denied
[15:22]
Tarbox1sudo a2endmod?
a2enmod
[15:26]
StevenHouchenok but when I added sude Enabling module ldap. Considering dependency ldap for authnz_ldap: Module ldap already enabled Enabling module authnz_ldap. To activate the new configuration, you need to run: service apache2 restart [15:26]
Tarbox1w00t
you're set
just need to update your apache config
[15:26]
StevenHouchenok where is that located and can I do a nano to edit it? [15:27]
Tarbox1Mine is in /etc/apache2/sites-available
and yes nano is fine.
[15:28]
StevenHouchenin that directory I have ls -l
In that directory I have 000-foswiki, default, and default-ssl
I dont see a config file
[15:28]
Tarbox1those are config files.
they just don't have extensions.
[15:30]
StevenHouchenahhh ok which one will I need [15:30]
Tarbox1I suspect yours is 000-foswiki [15:30]
StevenHouchenand Im sirry i closed out my session could you send what you sent before the example please [15:30]
Tarbox1(10:19:53 AM) Tarbox: <Directory "/var/www/foswiki.telenetwork.com">
(10:19:53 AM) Tarbox: Order Allow,Deny
(10:19:53 AM) Tarbox: Allow from all
(10:19:53 AM) Tarbox: Deny from env=blockAccess
(10:19:53 AM) Tarbox: AuthBasicProvider ldap
(10:19:53 AM) Tarbox: AuthzLDAPAuthoritative on
(10:19:53 AM) Tarbox: AuthType Basic
(10:19:53 AM) Tarbox: AuthName "Site: Enter your Username/Password"
(10:19:53 AM) Tarbox: AuthLDAPBindDN "CN=FOSWiki Service,OU=Service_Accounts,DC=yourdc,DC=com"
(10:19:53 AM) Tarbox: AuthLDAPBindPassword something
(10:19:53 AM) Tarbox: AuthLDAPUrl "ldap://yourdc.com:389/OU=Techs,DC=yourdc,DC=com?sAMAccountName?sub?(objectClass=*)" NONE
(10:19:53 AM) Tarbox: Require valid-user
(10:19:53 AM) Tarbox: </Directory>
I think the hardest part is crafting the ldap:// url.
I'm not sure I can help you with that.
[15:31]
StevenHouchenI can figure that out I know our Ldap
however I seem to be missing quite a few lines, do I just add them?
[15:32]
Tarbox1yes [15:33]
jastnote, sAMAccountName is the right setting for MS Active Directory; it's almost certainly different for other directory services [15:34]
Tarbox1Yeah. Foswiki even has a faq on it somewhere. Maybe System/LdapContrib? [15:35]
jastnote 2, you'll have to figure out all the right settings for LdapContrib, too... and if you do, you probably won't need apache-based auth at all since you can just use TemplateLogin [15:35]
StevenHouchenyes, Ive had the LdapLoginFilter set to sAMAccountName
IM almost positive I have ldapcontrib setup right
how do I edit the config file? I did a sudo nano but I cant seem to edit it
[15:36]
Tarbox1o.0 that's a surprise to me.
It just works for me.
what are its permissions?
[15:37]
StevenHouchennevermind, its working, apparently I'm not :-)
ok so once I have added those lines, and hopefully correctly have the configured url then I change to appacheldaplogin and password?
[15:38]
Tarbox1yes [15:42]
StevenHouchenwhat do I do with the ldapcontrib ext leave it or remove it?> [15:43]
Tarbox1leave it.
It's a hand off.
From apache to ldapcontrib.
[15:43]
StevenHouchenfor password do I still use ldapusermapping? [15:43]
Tarbox1yes
actually let me verify one moment.
[15:43]
StevenHouchenthen password manager is apachehtpasswduser?
ok thanks!
[15:44]
jastLdapApacheLogin for LoginManager. LdapPasswdUser for password manager. LdapUserMapping as user mapper. [15:44]
Tarbox1LoginManager: LdapApacheLogin, UserMappingManager: LdapUserMapping, PasswordManager: LdapPasswdUser [15:44]
StevenHouchenwhen I try and login, now i get Access Denied Attention Access check on Main.WebHome failed. Action "viewauth": viewauth requires authentication. [15:45]
Tarbox1Did the webpage prompt you to log in?
basic authentication
[15:46]
StevenHouchenyes it did when i put in my creds and selected okj thats what happened [15:46]
Tarbox1I suspect either apache or foswiki is not connecting to the ldap properly
But now we're starting to get over my head, since this is a "works for me" scenario.
[15:47]
StevenHouchenlol hmm ok
well thanks for trying, I think Im going to give up on ldap I have been working on this for days
[15:48]
Tarbox1I'd check the error logs, see if it's something obvious.
Maybe even go as far as enablign debug in ldapcontrib.
[15:49]
StevenHouchenok now that is over my head [15:50]
Tarbox1if you go to configure > Extensions > LDAP
There's an {Ldap}{Debug} box you can check.
[15:51]
StevenHouchenahh ok cool [15:51]
Tarbox1save changes and now your /var/log/apache2 error logs should be nice and spammy [15:51]
StevenHouchenok so once I do that try and look through those and make since of them? [15:52]
Tarbox1Yup. :( [15:52]
StevenHouchenwell I will do that hear shortly then maybe something will stand out [15:53]
Tarbox1"failed to connect to" is something you could search for in the log.
"called search" can be inspected. etc.
[15:53]
StevenHouchenwell thanks for the info, ill be doing that in the next half hour gotta do some other work first [15:54]
Tarbox1good luck. [15:55]
......... (idle for 40mn)
StevenHouchenwould that debug only be for ldapcontrib or will that work for the apache login as well? [16:35]
Tarbox1ldapcontrib only.
I'm not sure how to squeeze more debug out of apache
[16:35]
StevenHouchendo I view those logs the same way with nano? [16:38]
Tarbox1yes [16:38]
StevenHouchenthere are i have two shown with todays date, error.log and other_vhosts_access.log [16:41]
Tarbox1check error.log [16:41]
StevenHouchenok thanks
well the logs make no since to me so I guess im stuck :-(
[16:42]
Tarbox1I'm sorry, I wish I could help you more. [16:46]
StevenHouchenI appreciate you trying
does this look right compared to your config, maybe I overlooked something
<Directory "/var/www/foswiki"> Order Allow,Deny Allow from all Deny from env=blockAccess AuthBasicProvider ldap AuthzLDAPAuthoritative on AuthType Basic AuthName "Site: Enter your Username/Password" AuthLDAPBindDN "CN=foswiki,OU=UtilityAccounts,OU=Soderstrom Dermatology,DC=skin,DC=local" AuthLDAPBindPassword ******** AuthLDAPUrl "ldap://skin.local:389/OU=Soderstrom Dermatology,DC=skin,DC
<Directory "/var/www/foswiki">
Order Allow,Deny
Allow from all
Deny from env=blockAccess
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthType Basic
AuthName "Site: Enter your Username/Password"
AuthLDAPBindDN "CN=foswiki,OU=UtilityAccounts,OU=Soderstrom Dermatology,DC=skin,DC=local"
AuthLDAPBindPassword ********
AuthLDAPUrl "ldap://skin.local:389/OU=Soderstrom Dermatology,DC=skin,DC=local?sAMAccountName?sub?(objectClass=*)" NONE
Require valid-user
</Directory>
[16:47]
Tarbox1Sadly, I can't see a reason that wouldn't work. [16:50]
***CDot has left [16:57]
...................................... (idle for 3h6mn)
GuilainChello everybody !
i've a question for foswiki guru, how can I test if a field in a form is empty ?
something like %IF{'$formfield(myfield) isempty' then...
according to the manual, is not available. any tips ?
[20:03]
Tarbox1Depends on what you mean by empty. You can test if it is defined or you can test if it is '' [20:05]
StevenHouchenAnyone know what this error might mean LdapContrib - WARNING: error refreshing the user cache: 89: Bad filter, referer: [20:07]
Tarbox1That error is passed straight from the ldap response. [20:08]
StevenHouchenI seemed to have multiple errors now I just seem to be down to this one so in otherwords something in my ldap config isnt right? [20:09]
Tarbox1http://web500gw.sourceforge.net/errors.html LDAP_PARAM_ERROR. Sounds like the request you're making is malformed? [20:10]
StevenHouchenwhoa I like that page thanks!
ugh I'll go through my ldapcontrib settings again
I'm using SamAccountName z my filter
[20:11]
Tarbox1Might need to be sAMAccountName ? [20:12]
StevenHouchenI miss typed sAMAccountName
so yeah thats what I am using
[20:13]
Tarbox1I've got objectClass=user as my LoginFilter and sAMAccountName as my LoginAttribute. [20:14]
StevenHouchenhmm let me try that then
i CANT LOG IN BUT THAT ERROR WENT AWAY AND i SEE IN THE LOGS WHERE ITS PULLING IN ldap NAMES NOW
[20:14]
Tarbox1Congratulations! [20:16]
StevenHouchentrib - adding wikiName='Nextech26Training', loginName='nextech26', dn='CN=nextech26$
YEAH BUT STILL CANT LOG IN lol
oop sosrry for caps
nevermind it did work thank you so much
[20:16]
Tarbox1Happy to help. [20:17]
***Rich_Morin has quit IRC (Quit: Rich_Morin) [20:21]
.......... (idle for 45mn)
GuilainChum good point Tarbox1, by empty i mean ''
0 characters, 0 numeric, no date, etc
thanks Tarbox1, il will make some test
[21:06]
Tarbox1That *is* built in. %IF{"isempty VARIABLE" then="stuff"}%
https://foswiki.org/System/IfStatements
[21:08]
GuilainCbut i want to test if is empty in a formatted search something like that (is for dashboarding)
format = | $percntIF{"isempty $formfield() then="stuff" }$percnt | $topic |
sorry for the syntaxe
and then, %IF doesn't work with this kind of variable ? i'm wrong ?
[21:09]
Tarbox1That looks promising. I'm a little new to Foswiki but that should get interpolated the way you want. [21:14]
GuilainCaccording to this topic, isempty test for session variable
and is finally variable defined by * Set MYVARIABLE or other settings
but, in doubt i will test tomorow
and you give me an simple et nice idea test '' or ' ' (if i put a kindly, discrete space , by default...)
thanks for this idea
[21:15]
........... (idle for 54mn)
***Tarbox1 has quit IRC (Read error: Connection reset by peer) [22:11]
............... (idle for 1h11mn)
foswiki_irc0Hi, I'm having trouble with the email test function. Anyone have a moment to discuss? [23:22]
harlanask away - somebody might be able to help [23:26]
foswiki_irc0Great, thanks...
I set up a test install on my PC, and emailing worked. However with the server install, I'm getting the following error when I use the email test facility on the configure page:
>>>> SMTP auth: Attempting authentication for XXXX >>>> FAILURE Sending e-mail to XXXX - Use of uninitialized value in split at C:/Perl64/site/lib/Authen/SASL/Perl.pm line 63.
(I've replaced the email address with XXXX here for privacy)
[23:27]
harlanI'm guessing that has to do with the setup of the email code, how it is set up to submit email to your MTA [23:30]
foswiki_irc0OK, so what do you think I should do next?
Actually, good news! I just replaced {SMTP}{MAILHOST} with 127.0.0.1 and it works (the mail server is on the same machine now as foswiki).
[23:32]
.... (idle for 17mn)
***pylearner has quit IRC (Remote host closed the connection) [23:52]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)