Time Nick Message 06:15 drojf morning #koha 06:24 cait morning drojf 06:24 drojf hi cait 06:24 cait LibraryClaire: could you take a look at the pref description and pref name on bug 8010? native speaker required :) 06:24 huginn` 04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=8010 major, P1 - high, ---, baptiste.wojtkowski, Pushed to Master , Search history can be added to the wrong patron 06:29 drojf @wunder txl 06:29 huginn` drojf: Error: No such location could be found. 06:29 drojf @wunder berlin, germany 06:29 huginn` drojf: Error: No such location could be found. 06:29 drojf :( 06:30 fridolin hie there 06:30 drojf hi fridolin 06:33 fridolin drojf: hello, how are u ? 06:33 * fridolin morning coffee 06:33 drojf fridolin: fine, and you? 06:33 fridolin never strong enought 06:33 drojf coffee for me too please! 06:33 fridolin sugar ? 06:33 wahanui it has been said that sugar is yummy :) 06:33 alex_a bonjour 06:34 drojf no sugar please 06:34 drojf just black goodness 06:43 reiveune hello 07:39 sophie_m hello #koha 07:44 sameee hi sophie_m 07:45 * sameee waves 07:51 sameee wunder wellington 07:57 cait morning #koha 07:57 cait @wunder Konstanz 07:57 huginn` cait: Error: No such location could be found. 07:57 cait it appears to be broken atm 08:03 * magnuse waves 08:14 sameee rip wunder 08:14 sameee :'( 09:27 mveron Hi #koha 09:27 mveron @wunder Basel 09:27 huginn` mveron: Error: No such location could be found. 09:28 mveron @wunder Allschwil 09:28 huginn` mveron: Error: No such location could be found. 09:28 eythian hi 09:28 wahanui hola, eythian 09:29 * mveron waves 09:35 * LibraryClaire waves 09:37 * eythian makes waves 09:38 * magnuse plays in the waves 09:40 * mveron swims 09:42 * cait shakes her head 09:42 * LibraryClaire sends in eels 09:42 cait mean 09:43 * cait sends in the kraken 09:43 * LibraryClaire leaves 09:48 * magnuse hopes the eels are smoked 09:49 cait lol 10:46 yyy i am trying to add one journal in serials and acquisitions but when i try to add it in acquisitions it says "cannot be ordered" what could be the problem 10:46 yyy where is this to sort out 10:46 yyy ISSN Title Notes Vendor Library Call number Expiration date 0366-7022 Chemistry Letters Allied Publishers Subscription Agency 31/12/2017 Cannot be ordered 11:17 mtj yyy: are you running a recent version of Koha? 11:18 yyy yes 11:18 yyy i found the mistake 11:18 yyy how to correct all wrongly entered vendors 11:18 yyy i had one vendor added with s and one not added with s and it was wrongly selected 11:19 yyy though i deleted from acquisitions still same vendor is there in serials 11:19 yyy so it picked up in serials that vendor 11:19 yyy and it was not there in acquisitions 11:22 mtj hmm, could be a bug? 11:24 yyy acquisitions and serial control need to be improved. i was struggling to add ejournal in serials and acquisitions 11:24 mtj yyy: you could describe your problem in more detail at -> http://bugs.koha-community.org 11:24 mtj agreed 11:52 oleonard Hi all 11:52 eythian hi oleopard 12:10 francharb Good morning #koha 12:20 marcelr hi #koha 12:23 eythian hi marcelr 12:23 marcelr goedemiddag 12:23 eythian https://www.citylab.com/design/2017/04/amsterdam-digital-archive-maps-photos/521508/ <-- marcelr, this is particularly interesting, especially the videos 12:24 marcelr 404 ? 12:24 wahanui i think 404 is not found 12:25 eythian works for me when I click on the link 12:25 marcelr funny 12:25 marcelr i will try another browser 12:26 marcelr yeah see it now 12:32 * kidclamp waves 12:32 jcamins oleonard: is that your Dúnedain name? 12:32 marcelr hi kidclamp 12:32 marcelr and jcamins 12:32 wahanui jcamins is too young to be the President of the United States. Which is a pity, because he had the votes at the 3.12 election. 12:33 marcelr :) 12:33 oleonard I don't know jcamins I was just doing what the cool kids were doing. 12:33 marcelr still too young? 12:38 jcamins marcelr: yep. 12:39 marcelr np 12:39 oleonard Yeah everyone knows the legal age for being president is 70. 12:39 marcelr at least 12:40 oleonard But it's like U.S. copyright, they keep raising it so that Mickey Mouse can be president. 12:40 marcelr thought he was :) 12:40 oleonard Yeah I wish. Donald Duck as Secretary of Defense would be an improvement. 14:23 barton tcohen, I found an issue with HoldsLog: bug 18382 -- the log for the action 'suspend' is dumping an entire DateTime object into ActionLogs. 14:23 huginn` 04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18382 enhancement, P5 - low, ---, koha-bugs, NEW , action_logs entry for module HOLDS, action SUSPEND is spammy 14:26 tcohen barton: (y) 14:26 barton tcohen: (noooooooooooooooooooooooooo!) ;-) 14:27 tcohen ? 14:27 tcohen too many logs? he 14:27 barton oh, I assumed that (y) was for yes... 14:28 barton tcohen: a single log entry contains hundreds of lines that look like this: bless( {'spans' => [['-inf','59418043200','-inf','59418014822',-28378,0,'LMT'],['59418043200','60502413600','59418014400','60502384800',-28800,0,'PST'],['60502413600','60520554000','60502388400','60520528800',-25200,1,'PDT'],['60520554000','60533863200','60520525200','60533834400',-28800,0,'PST'], 14:30 tcohen barton: it looks like that's tz info, right? 14:30 barton tcohen: yeah. 14:32 barton ... there's the full locale in there, including tz. 14:33 barton I wonder if there's a way to recursively 'unbless' the object when you're dumping it. 14:33 * oleonard waves to tcohen and barton while contributing nothing to the conversation 14:34 barton hi oleonard! 14:34 wahanui hi olé onard 14:35 cait Joubu++ 14:40 mveron Great mail about helping Koha, Joubu! 14:40 mveron Joubu++ 14:42 mveron A dign-off a day keeps Koha on it's way 14:42 mveron sign-off :-) 14:42 * mveron should put his glasses... 14:45 barton Joubu++ 14:48 * mveron will be back later 16:08 cait Joubu++ great email 16:33 mveron Hi agein #koha 16:33 mveron again :-) 16:33 * mveron should put his glasses... 16:34 mveron I help a small library to troubleshoot a Zebra problem. Zebra stops every two or three days. 16:34 mveron Can anyone give me a pointer on where to start? 16:37 mveron OK, they will try later... 16:38 mveron @wunder Basel 16:38 huginn` mveron: Error: No such location could be found. 17:31 Joubu Hola! 20:11 espen___ hello there 20:11 espen___ thanks for all your help a couple of weeks back 20:12 espen___ I'm now moving on to OPAC authentication and need some more help 20:13 espen___ of the troubleshooting kind 20:14 espen___ I can tap into shibboleth infrastructure but have hit something which I don't think is specifically a shibboleth issue and looking for suggestions 20:16 Joubu espen___: there is a known issue under plack, see bug 17776 20:16 huginn` 04Bug http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=17776 normal, P5 - low, ---, gmcharlt, Needs Signoff , Shibboleth Authentication is broken in plack 20:16 espen___ thanks 20:17 espen___ I might look at that in more detail, but at the moment my issue is rather more basic: 20:18 espen___ I've enabled shibboleth, which has activated the section in Shibboleth Login section of "Login to your account", with the following text: 20:18 espen___ If you have a Shibboleth account, please click here to login. 20:19 espen___ Unfortunately the actual URL of the 'click here to login' link is: https://shibboleth.sso/Login?target=https:///cgi-bin/koha/opac-main.pl 20:20 espen___ so, two problems: hostname is AWOL 20:20 espen___ and it should be Shibboleth.sso (case sensitive) 20:21 espen___ ie. I'm expecting: http://koha.dar.cam.ac.uk/Shibboleth.sso/Login?target=https:///cgi-bin/koha/opac-main.pl 20:21 espen___ (until I've got SSL sorted out) 20:21 cait check opacbaseurl 20:22 cait system preference 20:22 wahanui hmmm... system preference is not the way to do it. 20:22 cait or more search for *baseurl - there is one for staff too 20:22 cait and you will have to set up more things from command line i think 20:22 cait there is a page with some instructions on the wiki 20:22 espen___ ok...that's not set. 20:22 cait yep, def set that 20:23 cait it will also give you links to the opac from detail pages in staff :) 20:23 cait it's used for a few things 20:23 espen___ didn't touch that since OPAC was otherwise working :-) 20:24 espen___ curiously that has fixed both problems in one go! 20:24 espen___ (ie. shibboleth.sso now becomes Shibboleth.sso) 20:25 espen___ I'm not going to argue, but that was a surprise :-) 20:25 cait ;) 20:26 espen___ unfortunately it assumes https still despite specifying http in the opacbaseurl 20:26 espen___ which I can obviously fix by going to https....but.... 20:27 cait shibboleth only works with https 20:27 espen___ errr...no 20:28 espen___ it does it's shibboleth'ing over SSL, but can sit in front of a standard HTTP server if you want 20:28 espen___ (been there; done that!) 20:28 cait maybe 20:29 cait i just remember i had to set it up for testing shibboleth when it was first introduced 20:29 cait it might be specific to our implementation 20:29 cait too late for the experts to be around 20:29 espen___ the trend it definitely towards SSL where you can though 20:29 cait you sohuld with koha anyway 20:29 cait patron data and all 20:30 cait we support let's encrypt if that is helpful 20:30 espen___ which I'll probably do, even if it means YACR (Yet Another Certificate to Renew!) 20:30 espen___ I shouldn't complain; we get them for free! 20:30 cait it might do that somewhat automatically - i haven't taken a closer look 20:30 cait if you use what is in Koha 20:31 cait but i think it has to be set up with creating the instance 20:31 cait atm 20:31 espen___ I do note an inconsistency between OPACBaseURL and staffClientBaseURL though 20:31 cait yeah 20:31 cait protocol 20:31 cait i am not sure, i think we added https:// to staff anyway 20:31 espen___ yup 20:31 cait i noticed recently too 20:32 espen___ in this case it gets ignored for OPACBaseURL anyway! 20:32 cait true, but might not be the case overall 20:33 cait shibboleth specifically changes it to https i think, but other spots do not 20:33 espen___ so it may, but it's a wrong assumption. 20:33 cait you'd have to argue with someone else about that 20:33 cait i am not an expert 20:33 espen___ not that it matters to me in this case, but just so you are aware 20:34 espen___ on another note, 20:34 espen___ shibboleth may be overkill for this, so if I don't get the rest of it working (nothing to do with koha), what is the support for something more simple? 20:35 rangi lol 20:35 cait you can have local passwords 20:35 espen___ what if I just wanted to use apache .htaccess control? 20:35 cait you can use CAS 20:35 rangi we shouldnt support non https at all imho 20:35 rangi for anything 20:35 * cait agrees 20:35 rangi so its unlikely we will make things less secure :) 20:35 cait openid, pki auth 20:36 cait ldap 20:36 cait but not .htaccess 20:36 espen___ why not? 20:36 espen___ should be fundamentally the same as shib I would think? 20:37 cait maybe i got the wrong idea of it, but htat sounds quite different 20:37 espen___ trust the web server to have authenticated the user, match remote user to koha user? 20:37 rangi if you have local users 20:37 rangi why not just use local passwords 20:37 rangi why the added complication of 2 places to define users 20:37 espen___ sure. all the users are 'local' I'm just not interested in storing their passwords 20:38 cait and having them on a file on the server where noone can change their password or use password forget would be better? 20:38 espen___ the users all have their passwords in an external webauth system 20:38 cait koha saves passwords encrypted and salted 20:38 espen___ this is an SSO scenario 20:39 rangi wouldnt be SSO with htaccess 20:39 rangi single password maybe 20:39 cait only single log in i guess 20:39 rangi but not single sign on 20:39 rangi you'd still have to login twice 20:39 espen___ SWSO? 20:39 cait yeah that's what i meant 20:39 cait ? 20:39 espen___ Singel Web Sign On if you like 20:39 rangi if you want actually SSO, you want to use shibboleth, or SAM 20:39 rangi : 20:39 rangi L 20:39 rangi still not even that 20:39 wahanui not even that is cold :) 20:39 cait or CAS 20:40 rangi you'd have to sign on to both sites still 20:40 espen___ not really 20:40 espen___ the second site knows you're already signed in 20:40 espen___ likewise for third etc 20:40 rangi how 20:41 rangi i mean you can do that securely, via mod_mellon and SAML, or via CAS, or shibboleth 20:42 espen___ not that it really matters to this discussion, the point is: I can do this through apache modules and .htaccess settings, all I need to is koha to understand that's what's happening (ie. koha doesn't need to know anything about this at all!) 20:42 espen___ that was poorly worded 20:42 rangi but you want to do it under http? so that if people sniff credentials for one site, they get access to all of them? 20:42 rangi that seems irresponsible 20:43 espen___ the credentials only get exchanged over SSL (it's via a third-party service) 20:44 espen___ basically: apache redirects to 'webauth' over SSL from a .htaccess directive 20:44 cait seems like a not so common scenario 20:44 espen___ I'm pretty sure it is 20:44 espen___ .htaccess controlling an authentication mechanism? 20:45 rangi that'll work just fine yeah, thats nothing to do with koha 20:45 cait brb - doing dishes 20:46 espen___ only to the extent I need to tell koha: "don't worry about the authentication mechanism, just authorise this user based on the provided userid" 20:46 espen___ how do I do that? 20:46 rangi read the shibboleth code, and modify it 20:47 rangi because that is exactly what shibboleth does 20:48 espen___ yes; but that assumes shibboleth; I want to do it through 'any arbitrary auth mechanism supported by apache' 20:48 rangi thats why i said, modify it 20:48 espen___ it wouldn't be shib though 20:49 rangi you'll have ot take that code, make a new if, check for the existence of whatever header or parameter you are going to decide to trust 20:49 rangi then match that to a user 20:50 espen___ let's say, for the sake of argument I said "I want to authenticate users to through mod_auth_basic" (not a great idea, but sets the parameters). 20:50 rangi yep 20:50 rangi thats set in an env variable 20:51 rangi REMOTE_USER 20:51 wahanui rumour has it REMOTE_USER is a server environment variable.. often set by apache during basic auth 20:51 espen___ yup 20:51 espen___ that's the kind of thing I'm expecting 20:51 espen___ will koha understand this? 20:51 rangi yes 20:52 espen___ if so, what directories do I need to protect with .htaccess? 20:52 rangi all of them 20:52 espen___ for OPAC 20:52 espen___ (in the first instance) 20:54 rangi you'd have to do it per file, not per directory, because basic auth doesnt check with koha first if the user should be logged in, all the scripts to dthat and can be control by a system preference etc, they also check what permissions a user has, and if insufficent force them to login with a different user 20:55 rangi so if you want the whole opac, thats easy /cgi-bin/koha 20:55 rangi if you just want certain parts, because you arent using one of the more advanced sso methods, which check with koha, you'd have to do it on a script by script basis 20:56 rangi (and it will still get into some potential auth loops when its a user with insufficent privs (probably only on the staff client tbf)) 20:56 rangi thats why we don't recommend doing it that way anymore. Thats how it used to work in 2001 20:57 rangi the code is still there 20:57 rangi if ( !$shib and defined( $ENV{'REMOTE_USER'} ) and $ENV{'REMOTE_USER'} ne '' and $userid = $ENV{'REMOTE_USER'} ) { 20:57 rangi just no one uses it much anymore 20:58 espen___ ok, that looks reasonable 21:00 espen___ I don't know if this is an ubuntuism but can I assume /cgi-bin/koha in this case is /koha/opac/cgi-bin/ or am I in the wrong place? 21:01 rangi check your apache config for the virtualhosts, it'll be a scriptalias 21:03 espen___ "/usr/share/koha/opac/cgi-bin/opac/" 21:03 espen___ guess that's the default in the ubuntu install 21:04 rangi id probably do the access control in the virtualhost config 21:04 rangi because that wont get overwritten in upgrades, and would work with multiple instances 21:05 espen___ fair point 21:07 espen___ I have two possible approaches now so thank's for the help 21:10 cait aleisha++ 21:11 rangi of course if you are using plack, you're going to have to figure that bit out yourself the env variables wont be passed to plack 21:21 espen___ just to confirm this all works according to plan now 21:21 espen___ set the apache-based auth up in the virtual config and it 'just works' 21:22 espen___ much easier than shib! 21:22 espen___ and allows me to add ip based access for our terminals 21:23 rangi yeah but you cant run it under plack, so it's going to be slow(ish) 21:24 espen___ I'll come back to that if it becomes a problem! 21:24 rangi and you will hit authorisation problems on the staff side 21:24 rangi but it should work for the opac 21:26 espen___ staff side seems fine; I've not touched anything in that virtual host and staff still have purely local logins for that side (for now) 21:30 reiveune bye 21:34 espen___ thanks for helping out with this; it may seem a bit old-fashioned but actually is quite helpful that you've kept the code like this; as 'private' plug-ins for apache auth are not uncommon if not always obvious to the wider world.