Time Nick Message
06:15 drojf morning #koha
06:24 cait morning drojf
06:24 drojf hi cait
06:24 cait LibraryClaire: could you take a look at the pref description and pref name on bug 8010? native speaker required :)
06:24 huginn` �04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8010 major, P1 - high, ---, baptiste.wojtkowski, Pushed to Master , Search history can be added to the wrong patron�
06:29 drojf @wunder txl
06:29 huginn` drojf: Error: No such location could be found.
06:29 drojf @wunder berlin, germany
06:29 huginn` drojf: Error: No such location could be found.
06:29 drojf :(
06:30 fridolin hie there
06:30 drojf hi fridolin
06:33 fridolin drojf: hello, how are u ?
06:33 * fridolin morning coffee
06:33 drojf fridolin: fine, and you?
06:33 fridolin never strong enought
06:33 drojf coffee for me too please!
06:33 fridolin sugar ?
06:33 wahanui it has been said that sugar is yummy :)
06:33 alex_a bonjour
06:34 drojf no sugar please
06:34 drojf just black goodness
06:43 reiveune hello
07:39 sophie_m hello #koha
07:44 sameee hi sophie_m
07:45 * sameee waves
07:51 sameee wunder wellington
07:57 cait morning #koha
07:57 cait @wunder Konstanz
07:57 huginn` cait: Error: No such location could be found.
07:57 cait it appears to be broken atm
08:03 * magnuse waves
08:14 sameee rip wunder
08:14 sameee :'(
09:27 mveron Hi #koha
09:27 mveron @wunder Basel
09:27 huginn` mveron: Error: No such location could be found.
09:28 mveron @wunder Allschwil
09:28 huginn` mveron: Error: No such location could be found.
09:28 eythian hi
09:28 wahanui hola, eythian
09:29 * mveron waves
09:35 * LibraryClaire waves
09:37 * eythian makes waves
09:38 * magnuse plays in the waves
09:40 * mveron swims
09:42 * cait shakes her head
09:42 * LibraryClaire sends in eels
09:42 cait mean
09:43 * cait sends in the kraken
09:43 * LibraryClaire leaves
09:48 * magnuse hopes the eels are smoked
09:49 cait lol
10:46 yyy i am trying to add one journal in serials and acquisitions but when i try to add it in acquisitions it says "cannot be ordered" what could be the problem
10:46 yyy where is this to sort out
10:46 yyy ISSN Title Notes Vendor Library Call number Expiration date 0366-7022 Chemistry Letters Allied Publishers Subscription Agency 31/12/2017 Cannot be ordered
11:17 mtj yyy: are you running a recent version of Koha?
11:18 yyy yes
11:18 yyy i found the mistake
11:18 yyy how to correct all wrongly entered vendors
11:18 yyy i had one vendor added with s and one not added with s and it was wrongly selected
11:19 yyy though i deleted from acquisitions still same vendor is there in serials
11:19 yyy so it picked up in serials that vendor
11:19 yyy and it was not there in acquisitions
11:22 mtj hmm, could be a bug?
11:24 yyy acquisitions and serial control need to be improved. i was struggling to add ejournal in serials and acquisitions
11:24 mtj yyy: you could describe your problem in more detail at -> http://bugs.koha-community.org
11:24 mtj agreed
11:52 oleonard Hi all
11:52 eythian hi oleopard
12:10 francharb Good morning #koha
12:20 marcelr hi #koha
12:23 eythian hi marcelr
12:23 marcelr goedemiddag
12:23 eythian https://www.citylab.com/design/2017/04/amsterdam-digital-archive-maps-photos/521508/ <-- marcelr, this is particularly interesting, especially the videos
12:24 marcelr 404 ?
12:24 wahanui i think 404 is not found
12:25 eythian works for me when I click on the link
12:25 marcelr funny
12:25 marcelr i will try another browser
12:26 marcelr yeah see it now
12:32 * kidclamp waves
12:32 jcamins oleonard: is that your Dúnedain name?
12:32 marcelr hi kidclamp
12:32 marcelr and jcamins
12:32 wahanui jcamins is too young to be the President of the United States. Which is a pity, because he had the votes at the 3.12 election.
12:33 marcelr :)
12:33 oleonard I don't know jcamins I was just doing what the cool kids were doing.
12:33 marcelr still too young?
12:38 jcamins marcelr: yep.
12:39 marcelr np
12:39 oleonard Yeah everyone knows the legal age for being president is 70.
12:39 marcelr at least
12:40 oleonard But it's like U.S. copyright, they keep raising it so that Mickey Mouse can be president.
12:40 marcelr thought he was :)
12:40 oleonard Yeah I wish. Donald Duck as Secretary of Defense would be an improvement.
14:23 barton tcohen, I found an issue with HoldsLog: bug 18382 -- the log for the action 'suspend' is dumping an entire DateTime object into ActionLogs.
14:23 huginn` �04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18382 enhancement, P5 - low, ---, koha-bugs, NEW , action_logs entry for module HOLDS, action SUSPEND is spammy�
14:26 tcohen barton: (y)
14:26 barton tcohen: (noooooooooooooooooooooooooo!) ;-)
14:27 tcohen ?
14:27 tcohen too many logs? he
14:27 barton oh, I assumed that (y) was for yes...
14:28 barton tcohen: a single log entry contains hundreds of lines that look like this: bless( {'spans' => [['-inf','59418043200','-inf','59418014822',-28378,0,'LMT'],['59418043200','60502413600','59418014400','60502384800',-28800,0,'PST'],['60502413600','60520554000','60502388400','60520528800',-25200,1,'PDT'],['60520554000','60533863200','60520525200','60533834400',-28800,0,'PST'],
14:30 tcohen barton: it looks like that's tz info, right?
14:30 barton tcohen: yeah.
14:32 barton ... there's the full locale in there, including tz.
14:33 barton I wonder if there's a way to recursively 'unbless' the object when you're dumping it.
14:33 * oleonard waves to tcohen and barton while contributing nothing to the conversation
14:34 barton hi oleonard!
14:34 wahanui hi olé onard
14:35 cait Joubu++
14:40 mveron Great mail about helping Koha, Joubu!
14:40 mveron Joubu++
14:42 mveron A dign-off a day keeps Koha on it's way
14:42 mveron sign-off :-)
14:42 * mveron should put his glasses...
14:45 barton Joubu++
14:48 * mveron will be back later
16:08 cait Joubu++ great email
16:33 mveron Hi agein #koha
16:33 mveron again :-)
16:33 * mveron should put his glasses...
16:34 mveron I help a small library to troubleshoot a Zebra problem. Zebra stops every two or three days.
16:34 mveron Can anyone give me a pointer on where to start?
16:37 mveron OK, they will try later...
16:38 mveron @wunder Basel
16:38 huginn` mveron: Error: No such location could be found.
17:31 Joubu Hola!
20:11 espen___ hello there
20:11 espen___ thanks for all your help a couple of weeks back
20:12 espen___ I'm now moving on to OPAC authentication and need some more help
20:13 espen___ of the troubleshooting kind
20:14 espen___ I can tap into shibboleth infrastructure but have hit something which I don't think is specifically a shibboleth issue and looking for suggestions
20:16 Joubu espen___: there is a known issue under plack, see bug 17776
20:16 huginn` �04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17776 normal, P5 - low, ---, gmcharlt, Needs Signoff , Shibboleth Authentication is broken in plack�
20:16 espen___ thanks
20:17 espen___ I might look at that in more detail, but at the moment my issue is rather more basic:
20:18 espen___ I've enabled shibboleth, which has activated the section in Shibboleth Login section of "Login to your account", with the following text:
20:18 espen___ If you have a Shibboleth account, please click here to login.
20:19 espen___ Unfortunately the actual URL of the 'click here to login' link is: https://shibboleth.sso/Login?target=https:///cgi-bin/koha/opac-main.pl
20:20 espen___ so, two problems: hostname is AWOL
20:20 espen___ and it should be Shibboleth.sso (case sensitive)
20:21 espen___ ie. I'm expecting: http://koha.dar.cam.ac.uk/Shibboleth.sso/Login?target=https:///cgi-bin/koha/opac-main.pl
20:21 espen___ (until I've got SSL sorted out)
20:21 cait check opacbaseurl
20:22 cait system preference
20:22 wahanui hmmm... system preference is not the way to do it.
20:22 cait or more search for *baseurl - there is one for staff too
20:22 cait and you will have to set up more things from command line i think
20:22 cait there is a page with some instructions on the wiki
20:22 espen___ ok...that's not set.
20:22 cait yep, def set that
20:23 cait it will also give you links to the opac from detail pages in staff :)
20:23 cait it's used for a few things
20:23 espen___ didn't touch that since OPAC was otherwise working :-)
20:24 espen___ curiously that has fixed both problems in one go!
20:24 espen___ (ie. shibboleth.sso now becomes Shibboleth.sso)
20:25 espen___ I'm not going to argue, but that was a surprise :-)
20:25 cait ;)
20:26 espen___ unfortunately it assumes https still despite specifying http in the opacbaseurl
20:26 espen___ which I can obviously fix by going to https....but....
20:27 cait shibboleth only works with https
20:27 espen___ errr...no
20:28 espen___ it does it's shibboleth'ing over SSL, but can sit in front of a standard HTTP server if you want
20:28 espen___ (been there; done that!)
20:28 cait maybe
20:29 cait i just remember i had to set it up for testing shibboleth when it was first introduced
20:29 cait it might be specific to our implementation
20:29 cait too late for the experts to be around
20:29 espen___ the trend it definitely towards SSL where you can though
20:29 cait you sohuld with koha anyway
20:29 cait patron data and all
20:30 cait we support let's encrypt if that is helpful
20:30 espen___ which I'll probably do, even if it means YACR (Yet Another Certificate to Renew!)
20:30 espen___ I shouldn't complain; we get them for free!
20:30 cait it might do that somewhat automatically - i haven't taken a closer look
20:30 cait if you use what is in Koha
20:31 cait but i think it has to be set up with creating the instance
20:31 cait atm
20:31 espen___ I do note an inconsistency between OPACBaseURL and staffClientBaseURL though
20:31 cait yeah
20:31 cait protocol
20:31 cait i am not sure, i think we added https:// to staff anyway
20:31 espen___ yup
20:31 cait i noticed recently too
20:32 espen___ in this case it gets ignored for OPACBaseURL anyway!
20:32 cait true, but might not be the case overall
20:33 cait shibboleth specifically changes it to https i think, but other spots do not
20:33 espen___ so it may, but it's a wrong assumption.
20:33 cait you'd have to argue with someone else about that
20:33 cait i am not an expert
20:33 espen___ not that it matters to me in this case, but just so you are aware
20:34 espen___ on another note,
20:34 espen___ shibboleth may be overkill for this, so if I don't get the rest of it working (nothing to do with koha), what is the support for something more simple?
20:35 rangi lol
20:35 cait you can have local passwords
20:35 espen___ what if I just wanted to use apache .htaccess control?
20:35 cait you can use CAS
20:35 rangi we shouldnt support non https at all imho
20:35 rangi for anything
20:35 * cait agrees
20:35 rangi so its unlikely we will make things less secure :)
20:35 cait openid, pki auth
20:36 cait ldap
20:36 cait but not .htaccess
20:36 espen___ why not?
20:36 espen___ should be fundamentally the same as shib I would think?
20:37 cait maybe i got the wrong idea of it, but htat sounds quite different
20:37 espen___ trust the web server to have authenticated the user, match remote user to koha user?
20:37 rangi if you have local users
20:37 rangi why not just use local passwords
20:37 rangi why the added complication of 2 places to define users
20:37 espen___ sure. all the users are 'local' I'm just not interested in storing their passwords
20:38 cait and having them on a file on the server where noone can change their password or use password forget would be better?
20:38 espen___ the users all have their passwords in an external webauth system
20:38 cait koha saves passwords encrypted and salted
20:38 espen___ this is an SSO scenario
20:39 rangi wouldnt be SSO with htaccess
20:39 rangi single password maybe
20:39 cait only single log in i guess
20:39 rangi but not single sign on
20:39 rangi you'd still have to login twice
20:39 espen___ SWSO?
20:39 cait yeah that's what i meant
20:39 cait ?
20:39 espen___ Singel Web Sign On if you like
20:39 rangi if you want actually SSO, you want to use shibboleth, or SAM
20:39 rangi :
20:39 rangi L
20:39 rangi still not even that
20:39 wahanui not even that is cold :)
20:39 cait or CAS
20:40 rangi you'd have to sign on to both sites still
20:40 espen___ not really
20:40 espen___ the second site knows you're already signed in
20:40 espen___ likewise for third etc
20:40 rangi how
20:41 rangi i mean you can do that securely, via mod_mellon and SAML, or via CAS, or shibboleth
20:42 espen___ not that it really matters to this discussion, the point is: I can do this through apache modules and .htaccess settings, all I need to is koha to understand that's what's happening (ie. koha doesn't need to know anything about this at all!)
20:42 espen___ that was poorly worded
20:42 rangi but you want to do it under http? so that if people sniff credentials for one site, they get access to all of them?
20:42 rangi that seems irresponsible
20:43 espen___ the credentials only get exchanged over SSL (it's via a third-party service)
20:44 espen___ basically: apache redirects to 'webauth' over SSL from a .htaccess directive
20:44 cait seems like a not so common scenario
20:44 espen___ I'm pretty sure it is
20:44 espen___ .htaccess controlling an authentication mechanism?
20:45 rangi that'll work just fine yeah, thats nothing to do with koha
20:45 cait brb - doing dishes
20:46 espen___ only to the extent I need to tell koha: "don't worry about the authentication mechanism, just authorise this user based on the provided userid"
20:46 espen___ how do I do that?
20:46 rangi read the shibboleth code, and modify it
20:47 rangi because that is exactly what shibboleth does
20:48 espen___ yes; but that assumes shibboleth; I want to do it through 'any arbitrary auth mechanism supported by apache'
20:48 rangi thats why i said, modify it
20:48 espen___ it wouldn't be shib though
20:49 rangi you'll have ot take that code, make a new if, check for the existence of whatever header or parameter you are going to decide to trust
20:49 rangi then match that to a user
20:50 espen___ let's say, for the sake of argument I said "I want to authenticate users to through mod_auth_basic" (not a great idea, but sets the parameters).
20:50 rangi yep
20:50 rangi thats set in an env variable
20:51 rangi REMOTE_USER
20:51 wahanui rumour has it REMOTE_USER is a server environment variable.. often set by apache during basic auth
20:51 espen___ yup
20:51 espen___ that's the kind of thing I'm expecting
20:51 espen___ will koha understand this?
20:51 rangi yes
20:52 espen___ if so, what directories do I need to protect with .htaccess?
20:52 rangi all of them
20:52 espen___ for OPAC
20:52 espen___ (in the first instance)
20:54 rangi you'd have to do it per file, not per directory, because basic auth doesnt check with koha first if the user should be logged in, all the scripts to dthat and can be control by a system preference etc, they also check what permissions a user has, and if insufficent force them to login with a different user
20:55 rangi so if you want the whole opac, thats easy /cgi-bin/koha
20:55 rangi if you just want certain parts, because you arent using one of the more advanced sso methods, which check with koha, you'd have to do it on a script by script basis
20:56 rangi (and it will still get into some potential auth loops when its a user with insufficent privs (probably only on the staff client tbf))
20:56 rangi thats why we don't recommend doing it that way anymore. Thats how it used to work in 2001
20:57 rangi the code is still there
20:57 rangi if ( !$shib and defined( $ENV{'REMOTE_USER'} ) and $ENV{'REMOTE_USER'} ne '' and $userid = $ENV{'REMOTE_USER'} ) {
20:57 rangi just no one uses it much anymore
20:58 espen___ ok, that looks reasonable
21:00 espen___ I don't know if this is an ubuntuism but can I assume /cgi-bin/koha in this case is /koha/opac/cgi-bin/ or am I in the wrong place?
21:01 rangi check your apache config for the virtualhosts, it'll be a scriptalias
21:03 espen___ "/usr/share/koha/opac/cgi-bin/opac/"
21:03 espen___ guess that's the default in the ubuntu install
21:04 rangi id probably do the access control in the virtualhost config
21:04 rangi because that wont get overwritten in upgrades, and would work with multiple instances
21:05 espen___ fair point
21:07 espen___ I have two possible approaches now so thank's for the help
21:10 cait aleisha++
21:11 rangi of course if you are using plack, you're going to have to figure that bit out yourself the env variables wont be passed to plack
21:21 espen___ just to confirm this all works according to plan now
21:21 espen___ set the apache-based auth up in the virtual config and it 'just works'
21:22 espen___ much easier than shib!
21:22 espen___ and allows me to add ip based access for our terminals
21:23 rangi yeah but you cant run it under plack, so it's going to be slow(ish)
21:24 espen___ I'll come back to that if it becomes a problem!
21:24 rangi and you will hit authorisation problems on the staff side
21:24 rangi but it should work for the opac
21:26 espen___ staff side seems fine; I've not touched anything in that virtual host and staff still have purely local logins for that side (for now)
21:30 reiveune bye
21:34 espen___ thanks for helping out with this; it may seem a bit old-fashioned but actually is quite helpful that you've kept the code like this; as 'private' plug-ins for apache auth are not uncommon if not always obvious to the wider world.