Discussion with wthterry

Yes, this user have been added automatically by the RUF. I've assigned a member role to this user in GRUF. The 'simple usernames' and other 3 options in RUF were both switched on.

See this line?

REMOTE_USER 'shtittw'

Does this user exist in GRUF? Which roles is it assigned to? Is 'simple usernames' switched on in RUF properties?

Hello Hannes,

I've take your advise to check with the traceback error message on ZMI but I really can't get through what does it mean. I guess it means the username and password are not correctly passed to the authentication module. Below I've posted the traceback message, would you please help to take a look? Thx!!

=====================================================================
Exception traceback

Time 2005/10/28 09:13:24.153 GMT+8
User Name (User Id) Anonymous User (None)
Request URL http://192.168.0.49/zope/hitportal/it/asdfsdaf
Exception Type Unauthorized
Exception Value You are not authorized to access this resource.

Username and password are not correct.

Traceback (innermost last):

Module ZPublisher.Publish, line 92, in publish
Module ZPublisher.BaseRequest, line 439, in traverse
Module ZPublisher.HTTPResponse, line 671, in unauthorized
Unauthorized: You are not authorized to access this resource.

Username and password are not correct.

Display traceback as text

REQUEST
form

cookies
dtpref_cols '95%'
dtpref_rows '20'
wstyle 'Small%20Text'
_ZopeId '26446734A2D6A1qmcsw'

lazy items
SESSION >

other
TraversalRequestNameStack []
URL 'http://192.168.0.49/zope/hitportal/it/asdfsdaf'
SERVER_URL 'http://192.168.0.49'
PUBLISHED
URL1 'http://192.168.0.49/zope/hitportal/it'
URL0 http://192.168.0.49/zope/hitportal/it/asdfsdaf
URL1 http://192.168.0.49/zope/hitportal/it
URL2 http://192.168.0.49/zope/hitportal
URL3 http://192.168.0.49/zope
URL4 http://192.168.0.49
BASE0 http://192.168.0.49
BASE1 http://192.168.0.49/zope
BASE2 http://192.168.0.49/zope/hitportal
BASE3 http://192.168.0.49/zope/hitportal/it
BASE4 http://192.168.0.49/zope/hitportal/it/asdfsdaf

environ
AUTH_TYPE 'NTLM'
HTTP_REFERER 'http://192.168.0.49/zope/hitportal/it/'
SERVER_SOFTWARE 'Apache/1.3.33 (Unix) PHP/4.4.0 mod_fastcgi/2.4.2'
SCRIPT_NAME '/zope'
SERVER_SIGNATURE '

Apache/1.3.33 Server at portal.hankyu.com.hk Port 80

\n'
REQUEST_METHOD 'GET'
PATH_INFO '/hitportal/it/asdfsdaf'
SERVER_PROTOCOL 'HTTP/1.1'
QUERY_STRING ''
PATH '/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin'
REMOTE_USER 'shtittw'
HTTP_CONNECTION 'Keep-Alive'
HTTP_COOKIE 'wstyle=Small%20Text; dtpref_rows="20"; dtpref_cols="95%"; _ZopeId="26446734A2D6A1qmcsw"'
SERVER_NAME 'portal.hankyu.com.hk'
REMOTE_ADDR '192.168.0.141'
PATH_TRANSLATED '/usr/local/apache/htdocs/hitportal/it/asdfsdaf'
SERVER_PORT '80'
SERVER_ADDR '192.168.0.49'
DOCUMENT_ROOT '/usr/local/apache/htdocs'
SCRIPT_FILENAME '/usr/local/apache/htdocs/zope'
SERVER_ADMIN 'support@hankyu.com.hk'
HTTP_USER_AGENT 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)'
HTTP_HOST '192.168.0.49'
REQUEST_URI '/zope/hitportal/it/asdfsdaf'
HTTP_ACCEPT 'image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*'
GATEWAY_INTERFACE 'CGI/1.1'
REMOTE_PORT '1760'
HTTP_ACCEPT_LANGUAGE 'zh-hk'
HTTP_ACCEPT_ENCODING 'gzip, deflate'
UNIQUE_ID 'Q2F7NH8AAAEAAApeA9Q'

==================================================================

Sorry, I have no idea what the problem could be.

Again, from one of my previous posts to you:

Clicking Cancel in the login dialog that pops up takes you to a SiteError page. The backtrace on that page tells you what exactly Plone was trying to do when the error occured.

Hello Hannes,

The lines in the patch was found in the GroupUserFolder.py. I think this already shows the patch applied correctly. However, I still can't get access to the link in the View tab.

Regards,
Terry

>The above screen haven't show the "hunk rejected" message, does it mean the patch applied correctly? Please advise.

You can tell by simply looking at the file and the patch. Do the lines that the patch inserts appear in GrupUserFolder.py?

Also, from one of my previous posts to you:

Clicking Cancel in the login dialog that pops up takes you to a SiteError page. The backtrace on that page tells you what exactly Plone was trying to do when the error occured.

I have applied the patch again, however the problem still persist. Please find below are the patch output.

[root@portal opt]# cd /usr/lib/zope/lib/python/Products/GroupUserFolder/
[root@portal GroupUserFolder]# patch -b < /opt/GroupUserFolder.py-3.3.patch
patching file GroupUserFolder.py
[root@portal GroupUserFolder]# zopectl restart
. daemon process restarted, pid=13716

The above screen haven't show the "hunk rejected" message, does it mean the patch applied correctly? Please advise. Thx!!

Hmm, looks like my patch didn't get applied correctly. Can you try to download and install GRUF from scratch and then apply the patch again? If the patch doesn't apply (you'll see "hunk refjected" messages) could you post the patch output?

Hello Hannes,

Sorry for misleading, after step by step testing, the problem should because of the GRUF instead of the mod_ntlm. I've try to just use the remote users folder, it works. But when I add the remote users folder as the user source of the GRUF, the problem exsits. Therefore now I just use the remote users folder as the main user folder.

This doesn't tell us very much because it's not the first request. The first request should be the one for the URL you mentioned (http://.../document1 and http://.../document1/view_document). I hope you don't mind that I shortended your comment for that reason. Furthermore, what about the other things I mentioned? I can't help you if I get half the information.

Authen Failed apache log (use the link in view tab)

192.168.0.141 - - [13/Oct/2005:16:05:31= +0800] "GET /zope/hitportal/ploneIEFixes.css HTTP/1.1" 401 486

Authen success apache log (use the link in content tag)

192.168.0.141 - shtittw [13/Oct/2005:16:05:31 +0800] "GET /zope/hitportal/ploneIEFixes.css HTTP/1.1" 200 842

Hello Hannes,

it seems the failed log shows the ntlm authen cannot pass the domain username to apache for authen. In the authen success log, it can shows the username shtittw without problem.

I think it's unlikely that it's a NTLM problem. I tried to reproduce this error but I couldn't. For me, http://.../document1 behaves exactly the same as http://.../document1/document_view. I didn't find any source explicitly saying that document1 is equivalent to document1/document_view but why shouldn't it be equivalent? If I were in your shoes I would assign all possible roles to the user that you're doing this as. I would also check the Apache logs. Clicking Cancel in the login dialog that pops up takes you to a SiteError page. The backtrace on that page tells you what exactly Plone was trying to do when the error occured.

Hello Hannes,

Thanks for your quick action, I've got the patches and it works fine. I'm now using the GroupUserFolder.py-3.3.patch.bz2, Michael Cai's unofficial MOD_NTLM Apache module and the RemoteUserFolder.py provided by you. It works well all over the site except when I view the content within the view tab page. When I click the link within the view tab page, the login screen prompts again. However when I try the link in the content page which pointing to the same document, I got it without any problem. I found there are little difference on these two links, the link in the view page is http://myportal/zope/portal/folder1/document1 while the link in the content page is http://myportal/zope/portal/folder1/document1/document_view
. Do you have any idea on how to solve this problem? Is this a ntlm authentication problem or the permission settings problem?

Sorry the link was indeed broken. I had bzip2-ed all attachments and forgot to update the links.

Hello, I failed to get the patch file from the link: http://www.hannesschmidt.de/files/GroupUserFolder.py.patch
Is the link broken?