We needed a helpdesk and a knowledgebase system and we prefer that it be opensource. We have found OneOrZero HelpDesk and KnowledgeBase to be a good candidate. We decided to take a look at it and see for ourselves. Installation was tad easy. All you need is an Apache server, PHP, and MySQL and voila! We have been running it using MySQL for sometime but we didn’t as of yet let users use the system.

We have been mulling over the idea of integrating OneOrZero HelpDesk and KnowledgeBase authentication with our existing LDAP server which also authenticates our Windows domain users via our Samba PDC. OneOrZero is pretty much convenient for us since it already has LDAP authentication capability. Or so we thought.

Setting up LDAP for OneOrZero HelpDesk, required us to modify its settings. You can do this using its own control panel, by logging in as an administrator, or you can go brute it out by going to where the OneOrZero configuration files are located. In my case it is in

/srv/www/onezero/configuration/website_settings.php

Please note that the location may not be the same in your case, depending on where you extracted your files, and where your Apache DocumentRoot is located. Make the necessary adjustments.

After locating the file, make a copy first of the existing file (you dont want to lose working settings do you? then edit website_settings.php by opening your favorite text editor - which in my case is VI.

vi website_settings.php

Navigate your way down towards near the end of the file, and review the LDAP-related parameters. Please note, I’ll be using my own LDAP parameters as examples and yours might be different depending on your LDAP server flavor (AD, OpenLDAP, Netware/OES/others).

# Enable LDAP authentication. This is DB by default.
auth_method = "LDAP"

# IP address of your LDAP server
ldap_host = "192.168.10.10"

# If you are using AD, specify the domain name. I'm using OpenLDAP so, I ignored this.
ldap_domain = ""

# Specify the user that will be used to bind to your LDAP server. Not needed if anonymous bind is allowed
ldap_binddn = "cn=ldapbinder,dc=mydomain,dc=com"

# Specify the password for the binding user
ldap_bindpwd = "secret"

# Set the location in your LDAP schema where the search will start from. In my case, I have an OU called "Users"
ldap_rootdn = "ou=Users,dc=mydomain,dc=com"

# Provide here the search attributes. Note though that this might be different on your particular flavor of LDAP.
# Use an LDAP browser utility to double check.
ldap_searchattr = "uid"
ldap_fname = "givenname"
ldap_lname = "sn"
ldap_uname = "uid"
ldap_email_add = "mail"
ldap_office = "l"
ldap_phone = "telephonenumber"
ldap_context = "dn"


Save your file after editing.

We then tried logging in using our LDAP accounts, however it seems that OneOrZero cannot find our accounts, or rather LDAP cannot find the accounts passed by OneOrZero to it. So, I then looked at the LDAP log and checked what the problem is. Sure enough, I found the culprit.

Jan 14 11:18:15 x2100 slapd[4044]: conn=5857 op=1 SRCH base="ou=Users,dc=mydomain,dc=com" scope=2 deref=0 filter=”(uid=minime)”

No wonder LDAP cannot locate the user. Even though it is searching on the right section of the LDAP tree, it doesn’t know which one to pick up. Remember, we use our LDAP server as authentication for our Windows users via Samba as well. Heck, we even authenticate our SSH users via LDAP also.

Another challenge!

How do I hack the filter in OneOrZero so that it works for my LDAP server ? (GOD I LOVE THIS WORK!)

Simple, I have to locate the filter string deep in the vowels of OneOrZero’s source code and insert my own filter or manipulate it so that the output filter will meet what my LDAP server really needs.

OK OK! Enough suspense, how did I do it? Simple.

Navigate yourself to where you extracted OneOrZero - in my case /srv/www/onezero/common , and edit the file common.php . When you open the file, navigate yourself towards line 164 . There you will find the $filter variable which receives the value from the LDAP search attribute that was set in website_settings.php .

When you locate the $filter variable, comment the existing one, and replace it so that it looks like this:

// $filter = "($ldap_searchattr=$name)"; //This is the default filter string

$filter = "(&(objectClass=posixAccount)($ldap_searchattr=$name))" // This is my new filter string to fit my LDAP server.

Save the file and do a test login. That’s it!

If you still have trouble setting it up (which I doubt), feel free to look at the Administration guide at http://www.oneorzero.com/wiki/index.php?title=OneOrZero_Settings

Enjoy!

Technorati : oneorzero, helpdesk, linux, ldap, authentication
Site Search Tags: oneorzero, helpdesk, linux, ldap, authentication

I was doing my daily round of sifting through opensource newsbits when I came across Adeona. According to its creators, it can be described as:

Adeona is the first Open Source system for tracking the location of your lost or stolen laptop that does not rely on a proprietary, central service. This means that you can install Adeona on your laptop and go — there’s no need to rely on a single third party. What’s more, Adeona addresses a critical privacy goal different from existing commercial offerings. It is privacy-preserving. This means that no one besides the owner (or an agent of the owner’s choosing) can use Adeona to track a laptop. Unlike other systems, users of Adeona can rest assured that no one can abuse the system in order to track where they use their laptop.

Adeona is designed to use the Open Source OpenDHT distributed storage service to store location updates sent by a small software client installed on an owner’s laptop. The client continually monitors the current location of the laptop, gathering information (such as IP addresses and local network topology) that can be used to identify its current location. The client then uses strong cryptographic mechanisms to not only encrypt the location data, but also ensure that the ciphertexts stored within OpenDHT are anonymous and unlinkable. At the same time, it is easy for an owner to retrieve location information.

Adeona has builds for Linux, Mac OS X, and Windows ready for download and follow the installation steps should anyone wanna try it out.

Though I currently do not own a laptop or a UMPC (planning to), but this sure is a nice must-have for anybody that does have one or several. I gotta see this for myself.

Technorati Adeona, laptop, tracking, theft, opensource,
Site Search Tags: Adeona, laptop, tracking, theft, opensource,

PFSense is a great tool to have that provides a firewall, traffic shaping capabilities, load balancing and failover, and other features plus fully extensible by way of third party opensource “plugins” and packages that you can install via its web console.

Recently though, some of our devs need to connect via FTP to a remote server. And apparently they’ve encountered some weird problem with FTP:

user@ubuntu:~$ ftp some-server.com
Connected to some-server.com.
220 ProFTPD 1.3.1 Server (some-server.com) [143.44.52.54]
Name (some-server.com:user): ftpuser
331 Password required for ftpuser
Password:
230 User ftpuser logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
500 Illegal PORT command
ftp: bind: Address already in use
ftp>

A little investigation revealed that in order for FTP to work, we need to have the FTP Helper proxy application working on the LAN interface of our PFSense box, then add a firewall rule, more like a “transparent FTP proxy”. If you get my drift.

Let’s do it

1. In PFSense, click on Interfaces, LAN

2. Make sure that “Disable the userland FTP-Proxy application” is unchecked.

3. Save your setting, and then click “Apply this setting”.

4. We will now add a rule to permit our LAN traffic to access our FTP-Proxy application ports 8000-8030 on 127.0.0.1 . To do so, click on the “+” button at the bottom or at the top, of the list of rules to add your new rule. Make sure that the new rule will be on top of all the other rules.

5. Save your new settings, and apply.

Test your FTP connection.

Enjoy!

Technorati pfsense, firewall, rule, ftp, access, outbound
Site Search Tags: pfsense, firewall, rule, ftp, access, outbound

After much wait, the Philippine Open Source Summit has been finally announced and will be held at the Cebu International Convention Center on June 23 and 24, 2008. This is truly significant and very timely for me because this is going to be the largest convention that I will be able to witness, and I’m already working in Cebu using opensource tools on the job.

What’s to look forward to?
Doh! This is “TEH” biggest opensource event to happen in the Philippines. Plus Apache Software Foundation is going to be there with VP Ken Coar speaking about opensource communities. There’s also opensource blogger Matt Asay to talk about opensource business models, and Danese Cooper of OSI talking about opensource deployments.

And yes, exhibitions abound and some breakout sessions on SugarCRM, Adempiere, Pentaho, Drupal, RoR, Eclipse, Maven, Tomcat/Jetty, and MySQL. It’s also going to be the initiation of the Open Source Association and the Philippine Open Source Center. I’m also pretty sure that Dr. Alvin Marcelo and Dr. Francis Sarmiento, both with IOSN will be there and I’d love to meet them.

It’s going to be the best venue to meet and get to know more about the people behind opensource in the Philippines. I’d say I’m not excited. I’m thrilled!

Technorati opensource, summit, convention, events, philippines
Site Search Tags: opensource, summit, convention, events, philippines

OpenSource has been in existence for quite a long time. It has been known by so many names with various differences in how licenses take effect on certain products. Some of the widely-known opensource licenses to date are GNU’s own GPL and LGPL licenses, BSD’s own license, the Apache licenses, Mozilla Public License, the PHP license, among many others. These licenses are under the stewardship of the OpenSource Initiative (OSI) who accepts applications by individuals or groups and reviews or approves candidate licenses. Discussing the differences between each opensource license is a different matter however, one may visit the OSI site for more information.

“The software I’m using works fine. I paid for it and I don’t see the need to tinker with it’s programming. Why bother?”
Sure, if you’re happy with the proprietary product that you are using then I’m glad for you. However, there may be questions that you would want to be answered. Some of these questions might be listed in the following list:

1. Do you know how your software works internally?
2. Can the software you bought be customized according to your need?
3. Does it fit your need at all?
4. If it can be customized, how much did it cost for you (or the developer) to modify the software?
5. Are there security issues that you have encountered while using that software?
6. How often does the developer/vendor issue software fixes and patches to resolve certain usability and security issues?
7. How much did the software cost?
8. Are you satisfied with the support provided by the vendor?
9. Do you feel like you’ve been swindled when you purchased/commissioned the software?

If you answered NO to questions 1,2,3,8 and yes to questions 5 and 9, it’s time for you to consider choosing an opensource solution.

“Is going opensource painful?”
The answer is “it depends“. It depends on the type of project or solution that you want to implement, if what you need can be remedied by an opensource solution, and how willing or how committed you are to totally using opensource solutions. Chances are, around 65% of your requirements may have an opensource solution readily available. Over the years, the opensource movement is very active and have been filling some niches already. Currently it is slowly creeping into areas like healthcare, utilities, and management. With the plethora of opensource projects available, you may be able to implement from 65% to possibly 95 or 100% of your requirements fulfilled using opensource.

“If OpenSource is really that great, why hadn’t my friend Joe choose this path?”
Again, it depends. The projects that your friend Joe were working on at that time might not have an available opensource solution yet, or that his projects were very very sensitive enough that opensource is not yet advisable. We’d have to always bear in mind that opensource is not a magic pill that you can take and all your problems will go away. It requires a lot of the human factor in order for it to work. And that is what I truly appreciate with it. It brought back the feeling of responsibility, of being aware of what you are doing, of being totally conscious of what you are deploying and how the system totally behaves. It requires constant vigilance, of bug hunting and fixing. Yet, despite the daunting work, you will be backed by a dedicated community who are willing to spare some time to help you out. The countless mailing lists, forums, and support groups dedicated to specific projects are available 24x7 to help you out. It’s totally different from the 1-800 number that you’re asked to dial whenever you encounter problems, then answered by incompetent call center agents who actually did not try out the solutions that they are asking you to perform. How’s that for a reason?

Was I able to mention that you have full access to documentation and source code? Now you know.

“Ok, ok, I’m with you there. But I don’t know where to start.”
As in any endeavor, you’d have to know what you need in order for you to be able to know how to proceed. It would be better to list down your requirements. For example, you are an administrator and you manage a small network for a local business. You have to first ask yourself the following questions:

1. How many users do I have?
2. What operating systems am I currently using?
3. What network services do I need?
4. What services do the users need?
5. What type of hardware am I currently using?
6. What software applications are my users currently using?
7. What do I want to implement within 3 years?
8. What are my current skill sets?

After identifying and listing your answers, you can then start to plot out the solutions that you already know to fulfill your need. And I’m sure those require software to be purchased. Then you can start searching for the opensource equivalents.

The easiest place to start will be from Google. However, you may also skip over to Sourceforge for the latest opensource projects. You’d have to wade through countless opensource projects with stages ranging from Alpha, Beta, Release Candidates (RC), and Stable or Production grade. I suggest you stay away from Alphas or even Betas as these are still no where near complete and go for the Stable/Productions. RC’s are almost done, but not quite for they still have some fixing to be done.

“Since you’re so keen on brainwashing me, have you actually used OpenSource software?”
The answer is a big YES. I’ve been using and advocating OpenSource for years. My desktop runs Ubuntu Linux currently on 8.04 “Hardy Heron”. The servers I manage run on SuSE Linux Enterprise Server. Our firewall runs on PFSense, which is a BSD distribution based on Monowall and FreeBSD. I have implemented an opensource inventory and asset management solution using OCS Inventory NG and GLPI Asset Management. The company’s domain runs on Samba as primary domain controller authenticating to OpenLDAP since we still had to support existing Windows XP boxen, and some Linux desktops running a mix of Mandriva, Ubuntu, and Fedora.

Had we used proprietary solutions as opposed to what we had now? It would have costed the company millions for the same functionality that we got from opensource which costed us nothing but time and a little guts and dedication.

Technorati opensource, advocacy
Site Search Tags: opensource, advocacy

Whew, it certainly is a very busy week for me. Just this week, my trip to Manila and Baguio is confirmed. However, I’m not going for a vacation.

Despite the destination being a known vacation spot and all that, I’m not going to Baguio to relax. This coming January 29th I’m going to conduct a training for Philex Mining on how to deploy and use Novell ZENworks Desktop Management. For the whole week, I’ve been busy preparing training and discussion materials and doing simulations. There’s nothing better than making sure that your material works everytime you do the training. Sadly, as much as I wanted to, this training is not open source-related. However, there’s a big chance I can swing them over to give Linux and open source a try. The one thing I appreciate with ZENworks despite it being a proprietary product is that it does install on top of Linux, either SLES or Red Hat.

It really is a full week for me. For one, we just finished checking the mail server of a big client. They’ve had issues with POP3 authentication. Turns out its a DNS problem. All their machines point to external DNS servers owned by an ISP. Everytime their Outlooks authenticate to their POP3 server, their workstations shoot the hostname requests to the ISP DNS. If the requests push through and are received by the POP3 server, it then shoots the reply back to the ISP DNS. No wonder their POP3 accesses are having timeouts. We’ve recommended having an internal DNS server and they’ve already put it into their own development plan which will be put into action by February. We’ve checked traffic from the internet to their mail server and so far incoming mails are received and we can send mail through IMAP without any problems.

That very same ISP I was talking about, is having problems with their network and they are currently suffering from intermittent connections. It is also a mobile services carrier. Just last week, they’ve had big problems with mobile phone signals wherein calls and SMS not going through.

For my trip, I’ll be stopping by Manila for a day to take the Certified Linux Professional practicum exam. I’m hoping to be able to pass. The sad thing is that with my very hectic schedule, I did not find any time to do any review nor got the time to study throughly. It’s anybody’s guess whether I’ll pass this or not. I’ll give myself a 25% chance of passing. My regular daily schedule by the way is consumed by doing client visits, reviewing products from Novell and Alcatel-Lucent, doing product presentations, planning and doing SLES deployments and Alcatel-Lucent OmniPCX Office IP-PBX deployments, planning for technical demos, and if a little time could be spared, keeping watch of the company mail server and proxy server. Yeah, its quite a handful. But I get by somehow.

Before I go on the trip, I’ll be giving a talk about Linux at the Quantum and Information Technology Convention organized by Xavier Computer Enthusiasts League (XCEL) and the Ateneo Information Management Society (AIMS) of Xavier University. That’s going to be tomorrow January 25th (26th in the US).

Along with members of various Linux and opensource enthusiasts, I’ll be meeting with Ms. Yolynne Medina, Channel Consultant and Networking Staff for the International OpenSource Network (IOSN) on January 26th to talk about the current status of the local groups and their plans and directions. I’d be happy to help out in this arena.

On the 27th, after arrival in Manila if time permits, I’ll be meeting Greg Moreno and hopefully also Bobby Santiago of the Philippine Ruby Users Group. I just hope there’s going to be a Ruby meeting so I can also attend .

This week alone is quite tiring with all the things I need to do to resolve some pending works and preparing for the trip. Hopefully the training will go seamlessly so I can relax and enjoy the trip. I also hope that I’ll have a little more extra time later, should some Ubuntu Philippines guys would like to meet up (hint, hint).

Enjoy!

Technorati Tags: Baguio, Manila, trip, Linux, OpenSource, Ruby, SLES, Ubuntu,
Philippine+Ruby+Users+Group, Novell, Alcatel-Lucent, IOSN, QITC,
Site Search Tags: Baguio, Manila, trip, Linux, Ubuntu, SLES,OpenSource, Ruby, Philippine+Ruby+Users+Group, Novell, Alcatel-Lucent, IOSN, QITC,

This just came in yesterday, the Samba team has been granted full access to the documentation of Microsoft’s Network File Protocols. This is a direct result of the European Commission’s decision regarding Microsoft acting as monopoly. Microsoft was ordered to open up some of its proprietary protocols and pay the sum of $613 million in fines.

The landmark decision by the European Commission also grants competitors and opensource developers to release the produced code as purely opensource and will be licensed under GPL2 or GPL3. This allows Samba and other similar projects to be able to fully build opensource products that will be fully compatible with Microsoft’s protocols. The timing is right for this latest development specially with the Samba Team getting their momentum going in providing Active Directory-compatible features with its latest Samba 4 project currently in its alpha stages.

Another project that will benefit to this latest development will be Centeris Likewise.

Additional Reference:
Samba Team Receives Microsoft Protocol Documentation
The PFIF Agreement
Freeing Up the Windows Workgroup Protocols

Technorati: samba, microsoft, protocols, opensource, linux,
Site Search Tags: samba, microsoft, protocols, opensource, linux,

You have used wget before. You have a remote hosted site, shell service, or file hosting. You can do ssh to your remote box. You decided to download a DVD image of your favorite distro to your remote box over ssh and decided to use wget. However, you are afraid that when you logout from your remote session, wget might terminate also. One nifty utility provides the bridge that you can cross from session termination, to perpetual session (at least until the intended result is achieved like when the download finishes).

Introducing “nohup”
“nohup” is this little jewel that came with virtually any Linux distribution and originally adopted from Unix’s own “nohup” version. The Linux incarnation of “nohup” was written by Jim Meyerling, licensed under the GPL and released by the FSF as part of the coreutils suite of tools.

“nohup” will run a command that you specify (not only wget) to be immune to hangups, logout, or even termination of session. As long as the server is alive and not rebooted, nohup will continue to execute the given command (or script).

Let my download finish!
On to the meat of this tip. wget is a great download tool however, it is not persistent and will terminate when you logout. Should you be downloading with wget via a remote terminal, this will pose a problem. “nohup” will make wget persistent and continue your download until such time that wget terminates, and nohup will then exit.

Using “nohup”

nohup <command string>

To run a “nohup” ’session’ with wget to have a persistent download, do:

nohup wget http://path.to.your.download.file

“nohup” will then append the standard output of “wget” into a file called nohup.out. Do remember also that “nohup” will not put the executed command into the background. To do so, modify the command above by appending “&” at the end of the command:

nohup wget http://path.to.your.download.file &

You can now log out of your remote box confident that your download will be finished by the time you log back in.

Happy downloading!

Technorati : Linux, opensource, nohup, wget, command, download, persistent
Site Search Tags: Linux, opensource, nohup, wget, command, download, persistent