We are using Shib for authentication, that seems to be okay as entry in
/var/log/httpd24/servood.hpc.ncsu.edu_access_ssl.log indicates successful login…
10.136.192.62 - - [24/Feb/2023:12:18:59 -0500] “POST /Shibboleth.sso/SAML2/POST HTTP/1.1” 302 230 “https://shib.ncsu.edu/” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36”
10.136.192.62 - edsills@ncsu.edu [24/Feb/2023:12:18:59 -0500] “GET /pun/sys/dashboard HTTP/1.1” 404 46 “https://shib.ncsu.edu/” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36”
Do you see anything that may indicate an issue in the error log? /var/log/httpd24/servood.hpc.ncsu.edu_error_ssl.log.
I can’t tell from your example if you’re reading that from stdin or not, it could just be formatting, but it looks like you’re giving edsills@ncsu.edu to standard in.
If that’s the case, he script gets invoked with the REMOTE_USER as the first argument $1.
I also can’t tell if there’s extra whitespace there. Be careful here with whitespace and/or newlines in the output.
All that said - if it’s regular expression to just drop the @ncsu.edu for all of your users, you should just use user_map_match instead. The example here is similar to this use case (the use case being that <username>@<domain> always maps to <username> and there’s only ever 1 domain).
Unfortunately our situation is more complicated than just dropping ncsu.edu (that worked fine ) We have users from UNCW and UNCG and need to map their university identity to their HPC identity.
There are no errors in
servood.hpc.ncsu.edu_error_ssl.log
I guess to add to that, I’d be sure you don’t require extra setup/libraries. Running this in a terminal is one thing, but this is executed by apache in a very small environment. I.e., you may not have direct access to perl and/or other libraries if you have perl installed in a nonstandard location (or at all on the webnode).
There’s something simple we’re missing here, like the file isn’t executable or something obvious.
One last thing I’d like to verify is that you bounced httpd-httpd24 (or httpd as the case may be).
I want to be sure that the configuration is being updated. When you grep the /opt/rh/httpd24/root/etc/httpd/conf.d/ood-portal.conf (or /etc/httpd/conf.d/ood-portal.conf or /etc/apache2/sites-enabled/ood-portal.conf as the case may be) we’re actually using the file that you’ve supplied.
OK - check the error_log in the log directory (/var/log/httpd24-httpd/error_log).
When I took your script to replicate I found this error -
/var/log/httpd/error_log:Can't locate Sys/Syslog.pm in @INC (you may need to install the Sys::Syslog module) (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /etc/ood/config/misc/ood_auth_map.pl line 5.
Only error are like this after each httpd restart…
[Fri Feb 24 14:47:24.625151 2023] [http2:warn] [pid 12522] AH10034: The mpm module (prefork.c) is not supported by mod_http2. The mpm determines how things are processed in your server. HTTP/2 has more demands in this regard and the currently selected mpm will just not do. This is an advisory warning. Your server will continue to work, but the HTTP/2 protocol will be inactive.
I also copied the bash shell example from the documentation - to just remove ncsu.edu. But it has same result. It seems the command is not being executed?