From louise-amelie.schmitt@embl.de Fri Jun 17 08:15:14 2011
From: =?utf-8?q?Louise-Am=C3=A9lie?= Schmitt <louise-amelie.schmitt@embl.de>
To: galaxy-dev@lists.galaxyproject.org
Subject: [galaxy-dev] LDAP and API issue?
Date: Fri, 17 Jun 2011 14:14:52 +0200
Message-ID: <4DFB453C.4050008@embl.de>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============2664979373636070487=="

--===============2664979373636070487==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

Hi everyone

I'm currently trying to use the API, but I think that our LDAP logging 
doesn't really help.

When I call the script specifying the port in the url, here's what I get:

<urlopen error [Errno 111] Connection refused>

Then when I don't specify it Here's what I get:

HTTP Error 401: Authorization Required
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Authorization Required</title>
</head><body>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<hr>
<address>Apache/2.2.3 (CentOS) Server at localhost Port 80</address>
</body></html>

Did I miss anything? Is there a way to avoid that?

Thanks
LA


--===============2664979373636070487==--


From louise-amelie.schmitt@embl.de Fri Jun 17 10:41:56 2011
From: =?utf-8?q?Louise-Am=C3=A9lie?= Schmitt <louise-amelie.schmitt@embl.de>
To: galaxy-dev@lists.galaxyproject.org
Subject: Re: [galaxy-dev] LDAP and API issue?
Date: Fri, 17 Jun 2011 16:41:52 +0200
Message-ID: <4DFB67B0.8010704@embl.de>
In-Reply-To: <4DFB453C.4050008@embl.de>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6384432566318117757=="

--===============6384432566318117757==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Ok, again sorry for being an idiot.

I just had to modify the Apache .conf file related to Galaxy.

For the time being I allowed everyone on the API (since it's not 
accessible via the Internet it's allright) so the "all" will eventually 
be changed but here is what I added in the file:

<Location /galaxy-dev>
         AuthName "Galaxy (development)"
         AuthType Basic
         AuthBasicProvider ldap
         AuthLDAPURL "ldap://ocs.embl.org/cn=Users,dc=embl,dc=org?uid"
         AuthzLDAPAuthoritative off
         Require valid-user
</Location>
<Location /galaxy-dev/api>
         AuthName "Galaxy (API)"
         AuthType Basic
         AuthBasicProvider ldap
         AuthLDAPURL "ldap://ocs.embl.org/cn=Users,dc=embl,dc=org?uid"
         AuthzLDAPAuthoritative off
         Satisfy any
         Allow from all
</Location>

L-A



Le 17/06/2011 14:14, Louise-Amélie Schmitt a écrit :
> Hi everyone
>
> I'm currently trying to use the API, but I think that our LDAP logging 
> doesn't really help.
>
> When I call the script specifying the port in the url, here's what I get:
>
> <urlopen error [Errno 111] Connection refused>
>
> Then when I don't specify it Here's what I get:
>
> HTTP Error 401: Authorization Required
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>401 Authorization Required</title>
> </head><body>
> <h1>Authorization Required</h1>
> <p>This server could not verify that you
> are authorized to access the document
> requested.  Either you supplied the wrong
> credentials (e.g., bad password), or your
> browser doesn't understand how to supply
> the credentials required.</p>
> <hr>
> <address>Apache/2.2.3 (CentOS) Server at localhost Port 80</address>
> </body></html>
>
> Did I miss anything? Is there a way to avoid that?
>
> Thanks
> LA
>
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
>
>  http://lists.bx.psu.edu/


--===============6384432566318117757==--


From nate@bx.psu.edu Fri Jun 17 10:50:31 2011
From: Nate Coraor <nate@bx.psu.edu>
To: galaxy-dev@lists.galaxyproject.org
Subject: Re: [galaxy-dev] LDAP and API issue?
Date: Fri, 17 Jun 2011 10:50:29 -0400
Message-ID: <20110617145029.GY2353@bx.psu.edu>
In-Reply-To: <4DFB67B0.8010704@embl.de>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============2853873827765015326=="

--===============2853873827765015326==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Louise-Amélie Schmitt wrote:
> Ok, again sorry for being an idiot.
> 
> I just had to modify the Apache .conf file related to Galaxy.
> 
> For the time being I allowed everyone on the API (since it's not
> accessible via the Internet it's allright) so the "all" will
> eventually be changed but here is what I added in the file:
> 
> <Location /galaxy-dev>
>         AuthName "Galaxy (development)"
>         AuthType Basic
>         AuthBasicProvider ldap
>         AuthLDAPURL "ldap://ocs.embl.org/cn=Users,dc=embl,dc=org?uid"
>         AuthzLDAPAuthoritative off
>         Require valid-user
> </Location>
> <Location /galaxy-dev/api>
>         AuthName "Galaxy (API)"
>         AuthType Basic
>         AuthBasicProvider ldap
>         AuthLDAPURL "ldap://ocs.embl.org/cn=Users,dc=embl,dc=org?uid"
>         AuthzLDAPAuthoritative off
>         Satisfy any
>         Allow from all
> </Location>

Hi L-A,

I was about to reply, but you figured it out just in time.  This is not
inherently unsafe since everything behind the /api route requires an API
key.

--nate

> 
> L-A
> 
> 
> 
> Le 17/06/2011 14:14, Louise-Amélie Schmitt a écrit :
> >Hi everyone
> >
> >I'm currently trying to use the API, but I think that our LDAP
> >logging doesn't really help.
> >
> >When I call the script specifying the port in the url, here's what I get:
> >
> ><urlopen error [Errno 111] Connection refused>
> >
> >Then when I don't specify it Here's what I get:
> >
> >HTTP Error 401: Authorization Required
> ><!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> ><html><head>
> ><title>401 Authorization Required</title>
> ></head><body>
> ><h1>Authorization Required</h1>
> ><p>This server could not verify that you
> >are authorized to access the document
> >requested.  Either you supplied the wrong
> >credentials (e.g., bad password), or your
> >browser doesn't understand how to supply
> >the credentials required.</p>
> ><hr>
> ><address>Apache/2.2.3 (CentOS) Server at localhost Port 80</address>
> ></body></html>
> >
> >Did I miss anything? Is there a way to avoid that?
> >
> >Thanks
> >LA
> >
> >___________________________________________________________
> >Please keep all replies on the list by using "reply all"
> >in your mail client.  To manage your subscriptions to this
> >and other Galaxy lists, please use the interface at:
> >
> > http://lists.bx.psu.edu/
> 
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
> 
>  http://lists.bx.psu.edu/
> 

--===============2853873827765015326==--


From louise-amelie.schmitt@embl.de Fri Jun 17 11:03:53 2011
From: =?utf-8?q?Louise-Am=C3=A9lie?= Schmitt <louise-amelie.schmitt@embl.de>
To: galaxy-dev@lists.galaxyproject.org
Subject: Re: [galaxy-dev] LDAP and API issue?
Date: Fri, 17 Jun 2011 17:03:47 +0200
Message-ID: <4DFB6CD3.3030404@embl.de>
In-Reply-To: <20110617145029.GY2353@bx.psu.edu>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4074941213798079626=="

--===============4074941213798079626==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit

Le 17/06/2011 16:50, Nate Coraor a écrit :
> Louise-Amélie Schmitt wrote:
>> Ok, again sorry for being an idiot.
>>
>> I just had to modify the Apache .conf file related to Galaxy.
>>
>> For the time being I allowed everyone on the API (since it's not
>> accessible via the Internet it's allright) so the "all" will
>> eventually be changed but here is what I added in the file:
>>
>> <Location /galaxy-dev>
>>          AuthName "Galaxy (development)"
>>          AuthType Basic
>>          AuthBasicProvider ldap
>>          AuthLDAPURL "ldap://ocs.embl.org/cn=Users,dc=embl,dc=org?uid"
>>          AuthzLDAPAuthoritative off
>>          Require valid-user
>> </Location>
>> <Location /galaxy-dev/api>
>>          AuthName "Galaxy (API)"
>>          AuthType Basic
>>          AuthBasicProvider ldap
>>          AuthLDAPURL "ldap://ocs.embl.org/cn=Users,dc=embl,dc=org?uid"
>>          AuthzLDAPAuthoritative off
>>          Satisfy any
>>          Allow from all
>> </Location>
> Hi L-A,
>
> I was about to reply, but you figured it out just in time.  This is not
> inherently unsafe since everything behind the /api route requires an API
> key.
>
> --nate
>
Ok, I'll leave it like that then, thanks!

L-A
>> L-A
>>
>>
>>
>> Le 17/06/2011 14:14, Louise-Amélie Schmitt a écrit :
>>> Hi everyone
>>>
>>> I'm currently trying to use the API, but I think that our LDAP
>>> logging doesn't really help.
>>>
>>> When I call the script specifying the port in the url, here's what I get:
>>>
>>> <urlopen error [Errno 111] Connection refused>
>>>
>>> Then when I don't specify it Here's what I get:
>>>
>>> HTTP Error 401: Authorization Required
>>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
>>> <html><head>
>>> <title>401 Authorization Required</title>
>>> </head><body>
>>> <h1>Authorization Required</h1>
>>> <p>This server could not verify that you
>>> are authorized to access the document
>>> requested.  Either you supplied the wrong
>>> credentials (e.g., bad password), or your
>>> browser doesn't understand how to supply
>>> the credentials required.</p>
>>> <hr>
>>> <address>Apache/2.2.3 (CentOS) Server at localhost Port 80</address>
>>> </body></html>
>>>
>>> Did I miss anything? Is there a way to avoid that?
>>>
>>> Thanks
>>> LA
>>>
>>> ___________________________________________________________
>>> Please keep all replies on the list by using "reply all"
>>> in your mail client.  To manage your subscriptions to this
>>> and other Galaxy lists, please use the interface at:
>>>
>>> http://lists.bx.psu.edu/
>> ___________________________________________________________
>> Please keep all replies on the list by using "reply all"
>> in your mail client.  To manage your subscriptions to this
>> and other Galaxy lists, please use the interface at:
>>
>>   http://lists.bx.psu.edu/
>>


--===============4074941213798079626==--