#4 SL to LS conversion will not permit admin login

closed
Chris Travers
None
5
2007-04-08
2007-03-23
wjhobbs
No

Installed SQL-Ledger in /opt. Imported SL backup file (from a production installation) and verified that the system was usable.

The phrase "copy the files from the tarball over the existing SQL-Ledger directory" was not as clear as I might have liked. But I copied each LedgerSMB file/directory to the SL directory. I then executed the SL2LS.pl script.

When I went to my SQL-Ledger site, the LedgerSMB login screen appeared. Success was short-lived, however. I entered the user id and password that I had used to access SQL-Ledger and got an error message "Error! Access Denied!"

Thinking that I needed to set up the user again in LS, I went to the admin login. It immediately asked for an initial password. I entered a password twice and clicked 'change password' and got an error message "Error! users/members: Permission denied".

I am now locked out of my LS system.

John

Discussion

  • Chris Travers
    Chris Travers
    2007-03-23

    Logged In: YES
    user_id=80610
    Originator: NO

    Couple questions:
    1) Which version of LSMB are you running? 1.1 or 1.2.0 rc?
    2) Which operating system are you using?

     
  • Chris Travers
    Chris Travers
    2007-03-23

    Logged In: YES
    user_id=80610
    Originator: NO

    Most likely your problem is a file permission problem.

    Try the following: Find out what user your Apache process uses and type the following at the command line (as root of course):

    chown -R [apacheuser] users templates spool

    If that doesn't resole your issue please let me know.

     
  • Chris Travers
    Chris Travers
    2007-03-23

    • assigned_to: nobody --> einhverfr
    • status: open --> pending
     
  • wjhobbs
    wjhobbs
    2007-03-24

    • status: pending --> open
     
  • wjhobbs
    wjhobbs
    2007-03-24

    Logged In: YES
    user_id=1751470
    Originator: YES

    The directories indicated (users templates css spool) all have ownership set to www:www

    The version of LSMB displayed on the login screen is 1.1.9. However, I had downloaded and installed 1.1.10.

    I am running a version of Centos (RHEL 4).

    This may be a relevant complication. I had installed LSMB (/usr/local) as a test and had it working. I then removed the httpd.conf fragment for LSMB and then installed SL in a different directory (/opt) and got it working. Then tried to drop in LSMB on top of it as described earlier. This is when the problem occurred.

    I have a suspicion that it may have to do with the PG user accounts.

    This is a test system, so I do have the option of tearing it all out and trying again. But if we can resolve it easily, I would like to try. Also, please bear in mind that I am not an experienced administrator -- I know just enough to to be dangerous.

    John

     
  • Chris Travers
    Chris Travers
    2007-03-24

    Logged In: YES
    user_id=80610
    Originator: NO

    Hi;

    This error message may be caused by one other thing that I can think of.

    Check the permissions and ownership specifically of the users/members file.

    This file contains sensitive information so it should be owned by the web service process and not easily accessed by most others (suggest permissions of 660).

    I don't think this is a postgresql user account issue but if it is, you can check in your PostgreSQL logs for authentication errors.

    Best Wishes,
    Chris Travers

     
  • wjhobbs
    wjhobbs
    2007-03-24

    Logged In: YES
    user_id=1751470
    Originator: YES

    Excellent! Thank you.

    The ownership on the 'members' file was root/root. I changed the ownership and adjusted the permissions as you suggested.

    When I tried a normal login I got access denied. However, when I went to the admin login and I gave it an initial password it let me in. The user definition that was in SL had been lost. After I added that user I was able to perform a standard login and all of the data appears to be intact.

    There are a couple of other (image?) files in the users directory that have root ownership. Should they also be changed to www:www?

    Thanks for your help, Chris.

    John

     
  • Chris Travers
    Chris Travers
    2007-03-24

    • status: open --> pending
     
  • Chris Travers
    Chris Travers
    2007-03-24

    Logged In: YES
    user_id=80610
    Originator: NO

    Image files can be left as they are. The only files that need to be set that way are the ones the server has to be able to write.

    Anyway, glad we got this fixed.

     
    • status: pending --> closed
     
  • Logged In: YES
    user_id=1312539
    Originator: NO

    This Tracker item was closed automatically by the system. It was
    previously set to a Pending status, and the original submitter
    did not respond within 14 days (the time period specified by
    the administrator of this Tracker).