Re: [Dspace-tech] Solr and IP authentication
Hi Stefanie, try copying IPAuthentication.java, IPMatcher.java and IPMatcherException.java [1] from DSpace 5 to your source, then rebuild and redeploy. It should be the same thing you already have with patches, but try this just to make sure. If it still doesn't work, please provide an example netmask (from your configuration) and IP (you tried to login with). There are now unit tests for CIDR, so they are expected to catch any mistakes (you may copy them, too [2]). On Mon, Mar 2, 2015 at 4:33 PM, Bram Luyten b...@atmire.com wrote: I don't think the SOLR logger lookup error you are seeing is related to your IP authentication problem. This lookup tries to identify the country/region of your IP, in order to include geo information into the usage events. This message is about reverse DNS lookup, not a GeoIP lookup. But the message is harmless, nevertheless. It makes sense that this fails if the IP you are hiding is an internal IP, for these kinds of IPs, it's impossible to lookup the location in the Geomind database that is used for this purpose. SolrLogger actually should already respect X-Forwarded-For if useProxies is enabled: [1] https://github.com/DSpace/DSpace/tree/dspace-5.0/dspace-api/src/main/java/org/dspace/authenticate [2] https://github.com/DSpace/DSpace/blob/dspace-5.0/dspace-api/src/test/java/org/dspace/authenticate/IPMatcherTest.java#L187-241 [3] https://github.com/DSpace/DSpace/blob/dspace-5_x/dspace-api/src/main/java/org/dspace/statistics/SolrLogger.java#L300-311 Regards, ~~helix84 Compulsory reading: DSpace Mailing List Etiquette https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
Re: [Dspace-tech] Solr and IP authentication
Hi Stefanie, I don't think the SOLR logger lookup error you are seeing is related to your IP authentication problem. This lookup tries to identify the country/region of your IP, in order to include geo information into the usage events. It makes sense that this fails if the IP you are hiding is an internal IP, for these kinds of IPs, it's impossible to lookup the location in the Geomind database that is used for this purpose. There must be a different problem why your IP authentication isn't working. with kindest regards, Bram Luyten -- [image: logo] *Bram Luyten* *2888 Loker Avenue East, Suite 315, Carlsbad, CA. 92010* *Esperantolaan 4, Heverlee 3001, Belgium* www.atmire.com http://atmire.com/website/?q=servicesutm_source=emailfooterutm_medium=emailutm_campaign=braml On 25 February 2015 at 09:49, Stefanie Behnke dsp...@eurographics-office-goslar.de wrote: Dear all, I am using Dspace 3.1 with XMLUI. I have inserted the patch, described at https://github.com/DSpace/DSpace/pull/632/files but got the ERROR message in dspace.log: ERROR org.dspace.statistics.SolrLogger @ Failed DNS Lookup for IP: hidden And although the IP address (here: hidden) is listed in the authentication-ip.cfg file, there is no further check, with the result that the IP address is not authenticated. Any help is appreciated. Best regards Stefanie *Von:* Stefanie Behnke [mailto:dsp...@eurographics-office-goslar.de] *Gesendet:* Montag, 9. Februar 2015 17:39 *An:* 'Riese Wolfgang'; dspace-tech@lists.sourceforge.net *Betreff:* Re: [Dspace-tech] IP Authentification Problems Dear Wolfgang, I did already uses this patch, you mentioned dspace-api/src/main/java/org/dspace/authenticate/IPMatcher.java rebuilt Maven, ant and started Tomcat. This does not work for me. Best regards Stefanie *Von:* Riese Wolfgang [mailto:w.ri...@zbw.eu w.ri...@zbw.eu] *Gesendet:* Montag, 9. Februar 2015 17:24 *An:* 'Stefanie Behnke'; dspace-tech@lists.sourceforge.net *Betreff:* AW: [Dspace-tech] IP Authentification Problems Hi, for me on Dspace 3.2 XMLUI, Patch DS-1235 does the trick. https://jira.duraspace.org/browse/DS-1235 Hope it helps, Wolfgang -- WOLFGANG RIESE IIPT HH, Raum 414 T: +49-40-42834-240 http://www.zbw.eu ZBW - Deutsche Zentralbibliothek für Wirtschaftswissenschaften Leibniz-Informationszentrum Wirtschaft - Standort Hamburg - Neuer Jungfernstieg 21 20354 Hamburg *Von:* Stefanie Behnke [mailto:dsp...@eurographics-office-goslar.de dsp...@eurographics-office-goslar.de] *Gesendet:* Montag, 9. Februar 2015 15:54 *An:* dspace-tech@lists.sourceforge.net *Betreff:* [Dspace-tech] IP Authentification Problems Dear all, we are using Dspace 3.1 with the XMLUI (Mirage). I have set the IP configuration: In authentification.cfg: plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ org.dspace.authenticate.IPAuthentication, \ org.dspace.authenticate.LDAPAuthentication, \ org.dspace.authenticate.PasswordAuthentication I have visit https://github.com/DSpace/DSpace/pull/632/files and added the patch to my system. Also I added the patch from https://github.com/DSpace/DSpace/pull/255/files In our repository all items are visible to all users, but the bitsteams are only accessible with read right group “eg-member”. So I have configured authentication-ip.cfg (see attachment) Full IPs, partial IPs are working, but using network/netmask or network/CIDR then only one entry works. For example: …. 129.27, \ 139.174, \ …. Is working But …. 129.27.0.0/16, \ 139.174.0.0/16, \ …. does not work. As you can see I have a lot of IP ranges where I have to use network/netmask or network/CIDR, I tried both, with same result: If the CIDR is not 32 or the netmask not 255.255.255.255, it only works for one IP range. I hope you can help me, thanking you in advance Stefanie -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software
[Dspace-tech] Solr and IP authentication
Dear all, I am using Dspace 3.1 with XMLUI. I have inserted the patch, described at https://github.com/DSpace/DSpace/pull/632/files but got the ERROR message in dspace.log: ERROR org.dspace.statistics.SolrLogger @ Failed DNS Lookup for IP: hidden And although the IP address (here: hidden) is listed in the authentication-ip.cfg file, there is no further check, with the result that the IP address is not authenticated. Any help is appreciated. Best regards Stefanie Von: Stefanie Behnke [mailto:dsp...@eurographics-office-goslar.de] Gesendet: Montag, 9. Februar 2015 17:39 An: 'Riese Wolfgang'; dspace-tech@lists.sourceforge.net Betreff: Re: [Dspace-tech] IP Authentification Problems Dear Wolfgang, I did already uses this patch, you mentioned dspace-api/src/main/java/org/dspace/authenticate/IPMatcher.java rebuilt Maven, ant and started Tomcat. This does not work for me. Best regards Stefanie Von: Riese Wolfgang [mailto:w.ri...@zbw.eu] Gesendet: Montag, 9. Februar 2015 17:24 An: 'Stefanie Behnke'; mailto:dspace-tech@lists.sourceforge.net dspace-tech@lists.sourceforge.net Betreff: AW: [Dspace-tech] IP Authentification Problems Hi, for me on Dspace 3.2 XMLUI, Patch DS-1235 does the trick. https://jira.duraspace.org/browse/DS-1235 Hope it helps, Wolfgang -- WOLFGANG RIESE IIPT HH, Raum 414 T: +49-40-42834-240 http://www.zbw.eu ZBW - Deutsche Zentralbibliothek für Wirtschaftswissenschaften Leibniz-Informationszentrum Wirtschaft - Standort Hamburg - Neuer Jungfernstieg 21 20354 Hamburg Von: Stefanie Behnke [mailto:dsp...@eurographics-office-goslar.de] Gesendet: Montag, 9. Februar 2015 15:54 An: mailto:dspace-tech@lists.sourceforge.net dspace-tech@lists.sourceforge.net Betreff: [Dspace-tech] IP Authentification Problems Dear all, we are using Dspace 3.1 with the XMLUI (Mirage). I have set the IP configuration: In authentification.cfg: plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ org.dspace.authenticate.IPAuthentication, \ org.dspace.authenticate.LDAPAuthentication, \ org.dspace.authenticate.PasswordAuthentication I have visit https://github.com/DSpace/DSpace/pull/632/files https://github.com/DSpace/DSpace/pull/632/files and added the patch to my system. Also I added the patch from https://github.com/DSpace/DSpace/pull/255/files In our repository all items are visible to all users, but the bitsteams are only accessible with read right group eg-member. So I have configured authentication-ip.cfg (see attachment) Full IPs, partial IPs are working, but using network/netmask or network/CIDR then only one entry works. For example: . 129.27, \ 139.174, \ . Is working But . 129.27.0.0/16, \ 139.174.0.0/16, \ . does not work. As you can see I have a lot of IP ranges where I have to use network/netmask or network/CIDR, I tried both, with same result: If the CIDR is not 32 or the netmask not 255.255.255.255, it only works for one IP range. I hope you can help me, thanking you in advance Stefanie -- Dive into the World of Parallel Programming The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette