TL;DR: add one line to httpd.conf (LDAPVerifyServerCert Off); add back in the LDAP authentication; restart the server, and you should be up and running. Details:
https://github.com/apache/whimsy/commit/89556b48642a7696e11501c1a180f9339e63b4f5 On Sun, Aug 21, 2016 at 1:20 PM, Craig Russell <[email protected]> wrote: > I reverted the change to whimsy.conf and can now get back to where I was > yesterday. Which isn't where you want to be. > So, if the server is running as clr, with my local credentials, why does svn > complain? > > Where is it that we tell sever to run as clr? Let me split that into three questions, and answer each in turn. 1) Q: I have a local checkout of an ASF SVN repository, what allows whimsy applications to read and write these files? A: Running httpd as your local user (per whoami) does this. This change was made to httpd.conf. 2) Q: What enables me to run *local* svn commands against these files? A: This is done via shelling out to the SVN command line. For this reason, it is important that SVN is in the PATH environment as defined in your whimsy.conf. 3) Q: What enables me to run commands (like commit) that interact with the Apache svn server? A: This requires prompting you for you Apache user id and password. On whimsy.apache.org, this is done via HTTP Basic Auth. While there could be other ways to prompt you for this information, at the moment every attempt is being made to make whimsy.local as close as possible to whimsy.apache.org. Does this help? > Craig - Sam Ruby >> On Aug 21, 2016, at 9:22 AM, Sam Ruby <[email protected]> wrote: >> >> On Sun, Aug 21, 2016 at 11:09 AM, Craig Russell >> <[email protected]> wrote: >>> Bad news. After making this change and restarting httpd, I got the login >>> prompt and entered my local credentials. >>> >>> Now sec bench won’t start at all. I closed the page and it still won’t >>> start. >> >> We seem to be saying the same thing. Apache HTTPD plus LDAP >> Authentication on Mac OS/X causes an immediate Internal Server Error >> without ever invoking the application. I wonder if we know anybody >> who has experience with this combination? >> >> The same code works fine on Ubuntu. And the problem is before any >> whimsy code is executed. >> >> Either we will need to find a way to get this to work on Mac OS/X, or >> will need to find a workaround. >> >>> So, the prompt for credentials for whimsy.local is for my apache >>> credentials? >>> >>> And what do I have to do to make it forget what I typed in earlier? >> >> If you remove (or comment out) "Require ldap-group >> cn=asf-secretary,ou=groups,ou=services,dc=apache,dc=org" and restart >> apache you will be back where you were. >> >>> Thanks, >>> >>> Craig >> >> - Sam Ruby >> >>>> On Aug 21, 2016, at 7:08 AM, Sam Ruby <[email protected]> wrote: >>>> >>>> Good news is that this would be solved by adding authentication to >>>> this URL. Bad news is that it seems that authentication is the >>>> problem stopping other services (like the board agenda) from being >>>> invoked: >>>> >>>> https://github.com/apache/whimsy/commit/c76c8db0d1f606d583e88f0a89cf5ac35892611e >>>> >>>> - Sam Ruby >>>> >>>> On Sat, Aug 20, 2016 at 11:49 PM, Craig Russell >>>> <[email protected]> wrote: >>>>> >>>>>> On Aug 20, 2016, at 7:40 PM, Sam Ruby <[email protected]> wrote: >>>>>> >>>>>> On Sat, Aug 20, 2016 at 8:39 PM, Craig Russell >>>>>> <[email protected]> wrote: >>>>>>> Getting there. >>>>>>> >>>>>>> 1. When I load the workbench, >>>>>>> >>>>>>> svn update /Users/clr/apache/foundation/officers >>>>>>> svn: E155021: This client is too old to work with the working copy at >>>>>>> '/Users/clr/apache/foundation' (format 31). >>>>>>> You need to get a newer Subversion client. For more details, see >>>>>>> http://subversion.apache.org/faq.html#working-copy-format-change >>>>>>> svn update /Users/clr/apache/documents >>>>>>> svn: E155021: This client is too old to work with the working copy at >>>>>>> '/Users/clr/apache/documents' (format 31). >>>>>>> You need to get a newer Subversion client. For more details, see >>>>>>> http://subversion.apache.org/faq.html#working-copy-format-change >>>>>>> >>>>>>> So clearly the svn that the workbench is using is older than the one I >>>>>>> have been using. >>>>>>> >>>>>>> bash-3.2$ svn --version >>>>>>> svn, version 1.9.3 (r1718519) >>>>>>> compiled Jan 26 2016, 10:22:17 on x86_64-apple-darwin15.3.0 >>>>>>> … >>>>>>> >>>>>>> bash-3.2$ which svn >>>>>>> /opt/local/bin/svn >>>>>>> >>>>>>> bash-3.2$ svn update /Users/clr/apache/documents/received >>>>>>> Updating '/Users/clr/apache/documents/received': >>>>>>> At revision 70911. >>>>>> >>>>>> If you visit http://whimsy.local/test.cgi you will see what what the >>>>>> value of the PATH environment variable is for CGI scripts. Compare it >>>>>> to >>>>>> >>>>>> $ echo $PATH >>>>>> >>>>>> Feel free to make a change to the 'SetEnv PATH' line in >>>>>> /etc/apache2/other/whimsy.conf and restart apache. >>>>> >>>>> I changed the SetEnv PATH line to include where the latest svn is located. >>>>> >>>>> svn update /Users/clr/apache/foundation/officers >>>>> Updating '/Users/clr/apache/foundation/officers': >>>>> svn: E170013: Unable to connect to a repository at URL >>>>> 'https://svn.apache.org/repos/private/foundation' >>>>> svn: E215004: No more credentials or we tried too many times. >>>>> Authentication failed >>>>> svn update /Users/clr/apache/documents >>>>> Updating '/Users/clr/apache/documents': >>>>> svn: E170013: Unable to connect to a repository at URL >>>>> 'https://svn.apache.org/repos/private/documents' >>>>> svn: E215004: No more credentials or we tried too many times. >>>>> Authentication failed >>>>> svn update /Users/clr/apache/foundation/Meetings/20160322 >>>>> Updating '/Users/clr/apache/foundation/Meetings/20160322': >>>>> svn: E170013: Unable to connect to a repository at URL >>>>> 'https://svn.apache.org/repos/private/foundation/Meetings' >>>>> svn: E215004: No more credentials or we tried too many times. >>>>> Authentication failed >>>>> svn update /Users/clr/apache/infrastructure/trunk/subreq >>>>> Updating '/Users/clr/apache/infrastructure/trunk/subreq': >>>>> svn: E170013: Unable to connect to a repository at URL >>>>> 'https://svn.apache.org/repos/infra/infrastructure/trunk/subreq' >>>>> svn: E215004: No more credentials or we tried too many times. >>>>> Authentication failed >>>>> >>>>>> >>>>>>> 2. I entered info for an icla. It created a @ [email protected] entry >>>>>>> >>>>>>> When I commit, >>>>>>> >>>>>>> http://whimsy.local/secretary/workbench/file.cgi >>>>>>> Failed to load resource: the server responded with a status of 500 >>>>>>> (Internal Server Error) >>>>>> >>>>>> Hopefully there is more information in either >>>>>> /var/log/apache2/error_log or /var/log/apache2/whimsy_error.log? >>>>>> >>>>>> - Sam Ruby >>>>>> >>>>>> >>>>>>>> On Aug 20, 2016, at 4:48 PM, Sam Ruby <[email protected]> wrote: >>>>>>>> >>>>>>>> On Sat, Aug 20, 2016 at 6:44 PM, Craig Russell >>>>>>>> <[email protected]> wrote: >>>>>>>>> >>>>>>>>>> On Aug 20, 2016, at 3:31 PM, Sam Ruby <[email protected]> wrote: >>>>>>>>>> >>>>>>>>>> You've clearly got CGI working at this point, next would be >>>>>>>>>> individual >>>>>>>>>> configuration of individual CGI applications. I'll post instructions >>>>>>>>>> shortly on how to configure the secretary workbench application. You >>>>>>>>>> basically figured out the first step, though the recommendation will >>>>>>>>>> be to copy the file and edit the copy. This will reduce the >>>>>>>>>> possibility of checking in your configuration changes. >>>>>>>> >>>>>>>> I've posted instructions: >>>>>>>> >>>>>>>> https://github.com/apache/whimsy/blob/master/config/secretary-workbench.md >>>>>>>> >>>>>>>>> Yes. It would be nice to have the local_paths.yml checked into git in >>>>>>>>> an unused place as a starting point and then have instructions on how >>>>>>>>> to copy it to the live location. >>>>>>>> >>>>>>>> I'd like to keep it so that updating whimsy-vm3 can be done without a >>>>>>>> shell account -- this means that the configuration used by the live >>>>>>>> server is checked into git and overrides appear elsewhere in the file >>>>>>>> system. >>>>>>>> >>>>>>>>> Similarly, whimsy.conf should be copied to httpd/other first and >>>>>>>>> edited there. I think I can make that change myself. >>>>>>>> >>>>>>>> I believe that this is how the current instructions are worded, but if >>>>>>>> there is a bug, by all means feel free to fix it! >>>>>>>> >>>>>>>>> Craig >>>>>>>>>> >>>>>>>>>> - Sam Ruby >>>>>>>> >>>>>>>> - Sam Ruby >>>>>>>> >>>>>>>>>> On Sat, Aug 20, 2016 at 5:40 PM, Craig Russell >>>>>>>>>> <[email protected]> wrote: >>>>>>>>>>> I changed the local_paths.yml to refer to my checked-out svn repo >>>>>>>>>>> and it now completes loading the local_paths.yml file. >>>>>>>>>>> >>>>>>>>>>> Now, I select my test.txt file which is in the documents/received >>>>>>>>>>> (live svn repo) and get the right menus on the left but permission >>>>>>>>>>> denied in the right panel. >>>>>>>>>>> >>>>>>>>>>> Forbidden >>>>>>>>>>> >>>>>>>>>>> You don't have permission to access /members/received/test.txt on >>>>>>>>>>> this server. >>>>>>>>>>> >>>>>>>>>>> Still some mis-configuration going on. My yml file: >>>>>>>>>>> >>>>>>>>>>> meeting: /Users/clr/apache/foundation/Meetings/20160322 >>>>>>>>>>> foundation: /Users/clr/apache/foundation >>>>>>>>>>> officers: /Users/clr/apache/foundation/officers >>>>>>>>>>> documents: /Users/clr/apache/documents >>>>>>>>>>> received: /Users/clr/apache/documents/received >>>>>>>>>>> mail: /Users/clr/apache/secmail.rb >>>>>>>>>>> subreq: /Users/clr/apache/subreq >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Craig >>>>>>>>>>> >>>>>>>>>>>> On Aug 20, 2016, at 2:25 PM, Craig Russell >>>>>>>>>>>> <[email protected]> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On Aug 20, 2016, at 2:12 PM, Sam Ruby <[email protected]> >>>>>>>>>>>>> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>> On Sat, Aug 20, 2016 at 4:53 PM, Craig Russell >>>>>>>>>>>>> <[email protected]> wrote: >>>>>>>>>>>>>> I’m at the last step in MACOSX.md and it looks good. >>>>>>>>>>>>>> >>>>>>>>>>>>>> I can load the whimsy.local page and it has lots of links to the >>>>>>>>>>>>>> whimsy resources. >>>>>>>>>>>>> >>>>>>>>>>>>> Cool. >>>>>>>>>>>>> >>>>>>>>>>>>>> But when I access the secretary/workbench, the screen splits >>>>>>>>>>>>>> like it should but the left pane shows the ruby code from >>>>>>>>>>>>>> worklist.cgi instead of running the ruby code: >>>>>>>>>>>>>> >>>>>>>>>>>>>> #!/usr/bin/env ruby >>>>>>>>>>>>>> require 'wunderbar' >>>>>>>>>>>>>> require 'yaml' >>>>>>>>>>>>>> >>>>>>>>>>>>>> DOCTYPES = %w{icla grant ccla nda other} >>>>>>>>>>>>>> >>>>>>>>>>>>>> I think there must be something wrong with my passenger config. >>>>>>>>>>>>> >>>>>>>>>>>>> Passenger is not involved in running CGIs. What is most likely >>>>>>>>>>>>> the >>>>>>>>>>>>> issue is that the line including mod_cgi wasn't uncommented. >>>>>>>>>>>>> Other >>>>>>>>>>>>> possibilities are problems with the following lines: >>>>>>>>>>>>> >>>>>>>>>>>>> Options +ExecCGI +Indexes +FollowSymLinks +MultiViews >>>>>>>>>>>>> AddHandler cgi-script .cgi >>>>>>>>>>>> >>>>>>>>>>>> I’m not sure where these go. But now I have a different problem: >>>>>>>>>>>> >>>>>>>>>>>> #<Errno::EACCES: Permission denied @ dir_s_mkdir - /srv> >>>>>>>>>>>> /usr/local/Cellar/ruby/2.3.1/lib/ruby/2.3.0/fileutils.rb:253:in >>>>>>>>>>>> `mkdir' >>>>>>>>>>>> /usr/local/Cellar/ruby/2.3.1/lib/ruby/2.3.0/fileutils.rb:253:in >>>>>>>>>>>> `fu_mkdir' >>>>>>>>>>>> /usr/local/Cellar/ruby/2.3.1/lib/ruby/2.3.0/fileutils.rb:227:in >>>>>>>>>>>> `block (2 levels) in mkdir_p' >>>>>>>>>>>> /usr/local/Cellar/ruby/2.3.1/lib/ruby/2.3.0/fileutils.rb:225:in >>>>>>>>>>>> `reverse_each' >>>>>>>>>>>> /usr/local/Cellar/ruby/2.3.1/lib/ruby/2.3.0/fileutils.rb:225:in >>>>>>>>>>>> `block in mkdir_p' >>>>>>>>>>>> /usr/local/Cellar/ruby/2.3.1/lib/ruby/2.3.0/fileutils.rb:211:in >>>>>>>>>>>> `each' >>>>>>>>>>>> /usr/local/Cellar/ruby/2.3.1/lib/ruby/2.3.0/fileutils.rb:211:in >>>>>>>>>>>> `mkdir_p' >>>>>>>>>>>> /Users/clr/apache/git/whimsy/www/secretary/workbench/local_paths.rb:21:in >>>>>>>>>>>> `block in <top (required)>' >>>>>>>>>>>> /Users/clr/apache/git/whimsy/www/secretary/workbench/local_paths.rb:20:in >>>>>>>>>>>> `each' >>>>>>>>>>>> /Users/clr/apache/git/whimsy/www/secretary/workbench/local_paths.rb:20:in >>>>>>>>>>>> `<top (required)>' >>>>>>>>>>>> /usr/local/Cellar/ruby/2.3.1/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in >>>>>>>>>>>> `require' >>>>>>>>>>>> /usr/local/Cellar/ruby/2.3.1/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in >>>>>>>>>>>> `require' >>>>>>>>>>>> /Users/clr/apache/git/whimsy/www/secretary/workbench/worklist.cgi:33:in >>>>>>>>>>>> `block (2 levels) in <main>' >>>>>>>>>>>> /Users/clr/apache/git/whimsy/www/secretary/workbench/worklist.cgi:15:in >>>>>>>>>>>> `block in <main>' >>>>>>>>>>>>> >>>>>>>>>>>>>> Craig L Russell >>>>>>>>>>>>>> Architect >>>>>>>>>>>>>> [email protected] >>>>>>>>>>>>>> P.S. A good JDO? O, Gasp! >>>>>>>>>>>>> >>>>>>>>>>>>> - Sam Ruby >>>>>>>>>>>> >>>>>>>>>>>> Craig L Russell >>>>>>>>>>>> Architect >>>>>>>>>>>> [email protected] >>>>>>>>>>>> P.S. A good JDO? O, Gasp! >>>>>>>>>>> >>>>>>>>>>> Craig L Russell >>>>>>>>>>> Architect >>>>>>>>>>> [email protected] >>>>>>>>>>> P.S. A good JDO? O, Gasp! >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>> >>>>>>>>> Craig L Russell >>>>>>>>> Architect >>>>>>>>> [email protected] >>>>>>>>> P.S. A good JDO? O, Gasp! >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>> >>>>>>> Craig L Russell >>>>>>> Architect >>>>>>> [email protected] >>>>>>> P.S. A good JDO? O, Gasp! >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>> >>>>> Craig L Russell >>>>> Architect >>>>> [email protected] >>>>> P.S. A good JDO? O, Gasp! >>>>> >>>>> >>>>> >>>>> >>>>> >>> >>> Craig L Russell >>> Architect >>> [email protected] >>> P.S. A good JDO? O, Gasp! >>> >>> >>> >>> >>> > > Craig L Russell > Architect > [email protected] > P.S. A good JDO? O, Gasp! > > > > >
