We needed a helpdesk and a knowledgebase system and we prefer that it be opensource. We have found OneOrZero HelpDesk and KnowledgeBase to be a good candidate. We decided to take a look at it and see for ourselves. Installation was tad easy. All you need is an Apache server, PHP, and MySQL and voila! We have been running it using MySQL for sometime but we didn’t as of yet let users use the system.

We have been mulling over the idea of integrating OneOrZero HelpDesk and KnowledgeBase authentication with our existing LDAP server which also authenticates our Windows domain users via our Samba PDC. OneOrZero is pretty much convenient for us since it already has LDAP authentication capability. Or so we thought.

Setting up LDAP for OneOrZero HelpDesk, required us to modify its settings. You can do this using its own control panel, by logging in as an administrator, or you can go brute it out by going to where the OneOrZero configuration files are located. In my case it is in

/srv/www/onezero/configuration/website_settings.php

Please note that the location may not be the same in your case, depending on where you extracted your files, and where your Apache DocumentRoot is located. Make the necessary adjustments.

After locating the file, make a copy first of the existing file (you dont want to lose working settings do you? then edit website_settings.php by opening your favorite text editor - which in my case is VI.

vi website_settings.php

Navigate your way down towards near the end of the file, and review the LDAP-related parameters. Please note, I’ll be using my own LDAP parameters as examples and yours might be different depending on your LDAP server flavor (AD, OpenLDAP, Netware/OES/others).

# Enable LDAP authentication. This is DB by default.
auth_method = "LDAP"

# IP address of your LDAP server
ldap_host = "192.168.10.10"

# If you are using AD, specify the domain name. I'm using OpenLDAP so, I ignored this.
ldap_domain = ""

# Specify the user that will be used to bind to your LDAP server. Not needed if anonymous bind is allowed
ldap_binddn = "cn=ldapbinder,dc=mydomain,dc=com"

# Specify the password for the binding user
ldap_bindpwd = "secret"

# Set the location in your LDAP schema where the search will start from. In my case, I have an OU called "Users"
ldap_rootdn = "ou=Users,dc=mydomain,dc=com"

# Provide here the search attributes. Note though that this might be different on your particular flavor of LDAP.
# Use an LDAP browser utility to double check.
ldap_searchattr = "uid"
ldap_fname = "givenname"
ldap_lname = "sn"
ldap_uname = "uid"
ldap_email_add = "mail"
ldap_office = "l"
ldap_phone = "telephonenumber"
ldap_context = "dn"


Save your file after editing.

We then tried logging in using our LDAP accounts, however it seems that OneOrZero cannot find our accounts, or rather LDAP cannot find the accounts passed by OneOrZero to it. So, I then looked at the LDAP log and checked what the problem is. Sure enough, I found the culprit.

Jan 14 11:18:15 x2100 slapd[4044]: conn=5857 op=1 SRCH base="ou=Users,dc=mydomain,dc=com" scope=2 deref=0 filter=”(uid=minime)”

No wonder LDAP cannot locate the user. Even though it is searching on the right section of the LDAP tree, it doesn’t know which one to pick up. Remember, we use our LDAP server as authentication for our Windows users via Samba as well. Heck, we even authenticate our SSH users via LDAP also.

Another challenge!

How do I hack the filter in OneOrZero so that it works for my LDAP server ? (GOD I LOVE THIS WORK!)

Simple, I have to locate the filter string deep in the vowels of OneOrZero’s source code and insert my own filter or manipulate it so that the output filter will meet what my LDAP server really needs.

OK OK! Enough suspense, how did I do it? Simple.

Navigate yourself to where you extracted OneOrZero - in my case /srv/www/onezero/common , and edit the file common.php . When you open the file, navigate yourself towards line 164 . There you will find the $filter variable which receives the value from the LDAP search attribute that was set in website_settings.php .

When you locate the $filter variable, comment the existing one, and replace it so that it looks like this:

// $filter = "($ldap_searchattr=$name)"; //This is the default filter string

$filter = "(&(objectClass=posixAccount)($ldap_searchattr=$name))" // This is my new filter string to fit my LDAP server.

Save the file and do a test login. That’s it!

If you still have trouble setting it up (which I doubt), feel free to look at the Administration guide at http://www.oneorzero.com/wiki/index.php?title=OneOrZero_Settings

Enjoy!

Technorati : oneorzero, helpdesk, linux, ldap, authentication
Site Search Tags: oneorzero, helpdesk, linux, ldap, authentication

I was doing my daily round of sifting through opensource newsbits when I came across Adeona. According to its creators, it can be described as:

Adeona is the first Open Source system for tracking the location of your lost or stolen laptop that does not rely on a proprietary, central service. This means that you can install Adeona on your laptop and go — there’s no need to rely on a single third party. What’s more, Adeona addresses a critical privacy goal different from existing commercial offerings. It is privacy-preserving. This means that no one besides the owner (or an agent of the owner’s choosing) can use Adeona to track a laptop. Unlike other systems, users of Adeona can rest assured that no one can abuse the system in order to track where they use their laptop.

Adeona is designed to use the Open Source OpenDHT distributed storage service to store location updates sent by a small software client installed on an owner’s laptop. The client continually monitors the current location of the laptop, gathering information (such as IP addresses and local network topology) that can be used to identify its current location. The client then uses strong cryptographic mechanisms to not only encrypt the location data, but also ensure that the ciphertexts stored within OpenDHT are anonymous and unlinkable. At the same time, it is easy for an owner to retrieve location information.

Adeona has builds for Linux, Mac OS X, and Windows ready for download and follow the installation steps should anyone wanna try it out.

Though I currently do not own a laptop or a UMPC (planning to), but this sure is a nice must-have for anybody that does have one or several. I gotta see this for myself.

Technorati Adeona, laptop, tracking, theft, opensource,
Site Search Tags: Adeona, laptop, tracking, theft, opensource,

JSON is a trivial package feature and the extension already comes built-in with PHP 5.2.x so this is not so much a problem for users of the latest PHP build. However, if you are using SLES10 SP1 and below, and haven’t updated PHP and still uses 5.1.x then you’ll be in for a surprise. JSON isn’t available in the default install, let alone a package that you can get from YAST, unless you have updated your Installation Sources.

The quickest and simplest way is not to depend on vanilla sources but rather to use PEAR since it is already in SLES10.

1. Open YAST.

2. In Software Management, search for php-devel and install it. php-devel provides phpize which PEAR will be using later on to install the JSON package.

3. Open Terminal, and run the command as root:

pear5 channel-update pear.php.net

4. In Terminal still, follow it up with:

pear5 install pecl/json

This will install the latest JSON package.

After installing JSON, locate your php.ini , and add the line in the Dynamic Extensions section.

extension=json.so

Save php.ini and restart Apache.

Congratulations! Enjoy.

Technorati php, json, apache, linux, sles10
Site Search Tags: php, json, apache, linux, sles10

Although Intrepid Ibex is not yet geared for release, I’ve decided to make my own wallpaper for it.

It’s not much but a work in progress. Everything’s done in XaraLX on Xubuntu Hardy. And yes, I have already submitted this to Artwork/Incoming/Intrepid under Dark Ibex Wallpaper.

Enjoy!

Technorati wallpaper, ubuntu, intrepid+ibex, artwork
Site Search Tags: wallpaper, ubuntu, intrepid+ibex, artwork

In anticipation of Software Freedom Day this coming September 20, I’ve decided to commemorate it by creating my own Software Freedom Day 2008 button. You can find the button at the right panel in this blog.

If you want to join us in celebrating Software Freedom Day, you can create your own graphic button or use my graphic in your website or blog. Do feel free to give credit where there is due.

You can pick up or link the graphic here.

Happy Software Freedome Day!

Technorati Software+Freedom+Day, advocacy, awareness, software, FOSS,
Site Search Tags: Software+Freedom+Day, advocacy, awareness, software, FOSS,

I would like to thank Peng Hardin for mentioning my wee little report on Chrome’s behaviour on Wine 1.1.3. My little post has this tiny speck of a link on Ubuntu Weblogs.

Thanks also to Roy Shea and Dan Kegel over at WineHQ. As expected, them and a couple of other guys at WineHQ have rolled out Wine 1.1.4 with fixes for Google Chrome and I’m glad I was able to contribute to Wine’s improvement in little ways that I can.

Good luck to all of us and let’s have that Wine please!

Technorati wine, winehq, google, chrome, bug, fix, gratitude
Site Search Tags: wine, winehq, google, chrome, bug, fix, gratitude

You’ve got your Samba server going and you’re now anxious to put your files to your Samba server then kablam! you cannot do so because your files are partially locked. Hmmm, weird? Not.

But yeah, it took me a while to notice the problem. All you need to do is to set the following parameter in Samba’s smb.conf file under [global] settings.

strict locking = no

That’s all there is to it!

Restart your Samba server and copy away!

Technorati samba, copy, network, share, file, locking, windows
Site Search Tags: samba, copy, network, share, file, locking, windows

With Google doing a public beta test of Google Chrome I’ve taken a few steps further to see what it can do. However, sadly for me, GC is currently on a Windows-only build so no dice for native Linux version. So I had to resort to “drastic” measures - try to see if it runs on Wine.

So I got the offline installer here and installed on top of Wine. The installation went ok, with Wine adding a desktop shortcut and menu entries. I tried to run GC and bam, a browser with rounder corners and blue header pops up. So far so good.

Then I noticed that the address bar is all black. Though I can type a URL, it doesn’t open the site I wan’t to visit. Tried it a couple of times, still no dice. Looking at the log I prepped, seems there are some components not working properly. So I ended up firing a report to WineHQ and see what can be done.

Nope, I currently don’t have the time to find the bug for GC on Wine. I’m making the Google Chrome team do that. At least with the WineHQ notified, I can expect to have a working GC on Wine.

Or not.

UPDATE:

Google Chrome now works on Wine 1.1.3. However, additional parameters must be added when you invoke wine on the command line. And sorry, HTTPS access is not yet available/foolproof.

Just fire up Wine in the terminal like so:

env WINEPREFIX=”/home/anakin/.wine” wine “C:\windows\profiles\anakin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe” –new-http –in-process-plugins

You have to also make sure that you have Riched20 and Riched30 installed using Winetricks (thanks Roy Shea at WineHQ!).

This method was further confirmed at UbuntuForums, and also confirmed by “nelson”. A good how-to is also available recently at HowToDude.

UPDATE 2:

Filed another bug report with WineHQ regarding HTTPS access on Google Chrome on Wine 1.1.3.

Related:

Wine AppDB page for Chrome (thanks to Dan Kegel) - added 9/6/2008
WineHQ Bug Report 15106
WineHQ Bug Report 15107
WineHQ Bug Report 15119

Technorati Google, Chrome, beta, browser, Wine, Linux
Site Search Tags: Google, Chrome, beta, browser, Wine, Linux