tips and trik install OpenDS

As the intended user that will run OpenDS:
1. Download OpenDS -- http://www.opends.org 
2. unzip the zip file -- it will create an OpenDS-VERSION subdirectory
will all the files (you can rename / move this if you want, but I
recommend doing this prior to doing the rest of the steps).  I will
call the path to the OpenDS files $OPENDS (i.e. $OPENDS/bin,
$OPENDS/setup, etc are all valid paths)
3. export PATH=$PATH:$OPENDS/bin (the scripts assume this for when
they call $OPENDS/bin/dsconfig and such)
4. If a java version other than /bin/java needs to be used (/bin/java
-version will display the version), export
OPENDS_JAVA_HOME=/path/to/directory/with/correct/java/bin (i.e. export
OPENDS_JAVA_HOME=/usr/jdk/jdk1.6.0_14)
5. cd $OPENDS; ./setup
    There is both a text based as well as GUI based installer (based
on if $DISPLAY is set and reachable)

the other think we ust set : hostname and ldap data must be same..

jika interface xen tidak bisa terkoneksi ke jaringan..

berbagi pengalaman saja,
hampir seminggu di buat pusing karena image xen yang di backup kemudian d restore d tempat lain tidak bisa jalan intetface nya.. trik nya :
1. install image baru untuk virtual server, pastikan namanya bedakan dengan yang akan di buat. misalkan nama yang lama : budi.com.img maka yang baru d buat budi2.com.img
2. setelah selasai install xennya, contoh buat xen nya : 
virt-install --name=budi2.com --ram 512 --disk path=/etc/xen/budi2.com.img,size30 --nographics --location=http://kambing.ui.ac.id/centos/5.8/os/i386/

 ikuti saja petunjuknya sama dengan waktu kita install centos biasa..

setelah selesai install virtual  tinggal kita edit di configurasi xen, tentu nya dan arahkan image nya ke image lama, configurasi nya tentu ada di budi2.com
3. terakhir kita create xennya, xm create budi2.com [enter]


have trying..

SSO with CAS, OpenDS integration with Zimbra and Joomla part 3

Supaya CAS bisa mendukung ldap ada beberapa hal yang harus di lakukan :

1. edit pom xml di di rectory CAS server nya, tambahkan baris :

<dependency>

            <groupId>org.jasig.cas</groupId>

            <artifactId>cas-server-support-ldap</artifactId>

            <version>${project.version}</version>

            <scope>runtime</scope>

</dependency>

2. copy kan file cas-server-support-ldap-3.4.10.jar serta spring-ldap * ke dalam directory lib di CAS server nya.

3 edit deployerConfigContext.xml,

contoh deployerConfigContext.xml , saya copy pastekan karena di inet hanya clue nya saja ..

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

       xmlns:p="http://www.springframework.org/schema/p"

       xmlns:sec="http://www.springframework.org/schema/security"

       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd

       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

        <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">

  <property name="pooled" value="false"/>

  <property name="url" value="ldap://IP LDAP:PORT" />

  <property name="userDn" value="cn=[Nama MANAGER]"/>

  <property name="password" value="[PASSWDNYA]"/>

  <property name="baseEnvironmentProperties">

    <map>

      <entry key="java.naming.security.authentication" value="simple" />

    </map>

  </property>

</bean>

        <bean id="authenticationManager"

                class="org.jasig.cas.authentication.AuthenticationManagerImpl">

                <property name="credentialsToPrincipalResolvers">

                        <list>

                                <bean

                                        class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />

                                <bean

                                        class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />

                        </list>

                </property>

                <property name="authenticationHandlers">

                        <list>

                                <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"

                                        p:httpClient-ref="httpClient" />

                                  <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"

      p:filter="uid=%u"

      p:searchBase="ou=People,dc=DOMAINnya,dc=com"

      p:contextSource-ref="contextSource" />

  </list>

 </property>

        </bean>

    <sec:user-service id="userDetailsService">

        <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" />

    </sec:user-service>

        <bean id="attributeRepository"

                class="org.jasig.services.persondir.support.StubPersonAttributeDao">

                <property name="backingMap">

                        <map>

                                <entry key="uid" value="uid" />

                                <entry key="eduPersonAffiliation" value="eduPersonAffiliation" />

                                <entry key="groupMembership" value="groupMembership" />

                        </map>

                </property>

        </bean>

        <!--

        Sample, in-memory data store for the ServiceRegistry. A real implementation

        would probably want to replace this with the JPA-backed ServiceRegistry DAO

        The name of this bean should remain "serviceRegistryDao".

         -->

        <bean

                id="serviceRegistryDao"

        class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">

        </bean>

    <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />

</beans>

4. kita restart tomcatnya :

/etc/init.d/tomcat6 restart

next.. kita coba install openDS nya..

change themes logo in zimbra.

just simple step :

1. cd /opt/zimbra/jetty/webapps/zimbra/skins
2. mv carbon CARBON
3. ln -s bare carbon
4. zmprov flushCache skin carbon

have trying..

Connect to an OPENDS/LDAP using Joomla 2.5

After some fiddling around I managed to connect to an AD from Joomla, so I would like to share with you the configuration.

Apart from being a requirement in many projects, here are the benefits of using an OPENDS/LDAP for Joomla authentication:

• Centralised user database which can be used from many different systems
• Users have only one username/password for all systems utilizing OPENDS/LDAP
• Users can still be administered inside Joomla, since they are imported into Joomla db the first time they connect to Joomla using LDAP
• Keeps users happy! (no more extra signups)
• Best practice, IT integration

In order to achieve this you just have to follow these steps: 

1. Go to the Joomla's administration plugin manager and enable the Authentication - LDAP plugin:

2. Configure the plugins with your OPENDS/LDAP data. This is the tricky part, which could make you spend manhours and frustrate you a lot if you are not sure about the parameters.

The parameters shown above are for OPENDS and should be ok for the majority of the systems and should allow you to connect using your email credentials

Got SERVFAIL reply from ..

if you got log error when we configure your DNS server :

Got SERVFAIL reply from ...

please check your configuration with command named-checkzone, ex :

named-checkzone jalmi-alit.com db.jalmi-alit.com

have trying..

read only file system

if you got some think error like read only file system cause you have failed setting fstab you can set command :
mount -o remount /

have trying..

perfomance indicator in drbd

The second line of /proc/drbd information for each resource contains the following counters and gauges:

ns (network send). Volume of net data sent to the partner via the network connection; in Kibyte.

nr (network receive). Volume of net data received by the partner via the network connection; in Kibyte.

dw (disk write). Net data written on local hard disk; in Kibyte.

dr (disk read). Net data read from local hard disk; in Kibyte.

al (activity log). Number of updates of the activity log area of the meta data.

bm (bit map). Number of updates of the bitmap area of the meta data.

lo (local count). Number of open requests to the local I/O sub-system issued by DRBD.

pe (pending). Number of requests sent to the partner, but that have not yet been answered by the latter.

ua (unacknowledged). Number of requests received by the partner via the network connection, but that have not yet been answered.

ap (application pending). Number of block I/O requests forwarded to DRBD, but not yet answered by DRBD.

ep (epochs). Number of epoch objects. Usually 1. Might increase under I/O load when using either the barrier or the none write ordering method.

wo (write order). Currently used write ordering method: b(barrier), f(flush), d(drain) or n(none).

oos (out of sync). Amount of storage currently out of sync; in Kibibytes.

SSO with CAS, OpenDS integration with Zimbra and Joomla part 2

Setelah selasai install tomcat 6 langkah berikutnya kita install CAS, bisa anda download di http://www.jasig.org/cas/download, saya menggunakan versi 3.4.10

kemudian simpan di /usr/share/tomcat6/webapps,  setelah itu di extract, setelah selesai di extract copykan file /usr/share/tomcat6/webapps/cas-server-3.4.10/modules/cas-server-webapp-3.4.10.war ke /usr/share/tomcat6/webapps, maka otomatis akan mucul folder /usr/share/tomcat6/webapps//cas-server-webapp-3.4.10,

maka silahkan di buka tomcatnya di https://(your domain/ip address):8443/cas-server-webapp-3.4.10.

ok setelah selai install CAS nya tinggal konfigurasi CAS biar mendukung LDAP..

Supaya CAS bisa mendukung ldap ada beberapa hal yang harus di lakukan :

1. edit pom xml di di rectory CAS server nya, tambahkan baris :

<dependency>
            <groupId>org.jasig.cas</groupId>
            <artifactId>cas-server-support-ldap</artifactId>
            <version>${project.version}</version>
            <scope>runtime</scope>
        </dependency>

2. copy kan file cas-server-support-ldap-3.4.10.jar serta spring-ldap * ke dalam directory lib di CAS server nya.

3 edit deployerConfigContext.xml,

contoh deployerConfigContext.xml , saya copy pastekan karena di inet hanya clue nya saja 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:sec="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
        <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
  <property name="pooled" value="false"/>

  <property name="url" value="ldap://IP LDAP:PORT" />

  <property name="userDn" value="cn=[Nama MANAGER]"/>
  <property name="password" value="[PASSWDNYA]"/>

  <property name="baseEnvironmentProperties">
    <map>
      <entry key="java.naming.security.authentication" value="simple" />
    </map>
  </property>
</bean>

        <bean id="authenticationManager"
                class="org.jasig.cas.authentication.AuthenticationManagerImpl">
                <property name="credentialsToPrincipalResolvers">
                        <list>
                                <bean
                                        class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
                                <bean
                                        class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
                        </list>
                </property>

                <property name="authenticationHandlers">
                        <list>
                                <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
                                        p:httpClient-ref="httpClient" />
                                  <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
      p:filter="uid=%u"
      p:searchBase="ou=People,dc=DOMAINnya,dc=com"
      p:contextSource-ref="contextSource" />

</list>
 </property>

        </bean>

    <sec:user-service id="userDetailsService">
        <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" />
    </sec:user-service>

        <bean id="attributeRepository"
                class="org.jasig.services.persondir.support.StubPersonAttributeDao">
                <property name="backingMap">
                        <map>
                                <entry key="uid" value="uid" />
                                <entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
                                <entry key="groupMembership" value="groupMembership" />
                        </map>
                </property>
        </bean>

        <!--
        Sample, in-memory data store for the ServiceRegistry. A real implementation
        would probably want to replace this with the JPA-backed ServiceRegistry DAO
        The name of this bean should remain "serviceRegistryDao".
         -->
        <bean
                id="serviceRegistryDao"
        class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
        </bean>

    <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
</beans>
4. kita restart tomcatnya :
/etc/init.d/tomcat6 restart
bersambung...

imapsync without know passwd user

1. create link from your account email to the other account,example other account : ujang my account : yudi, ln -s /home/vmail/domains/yourdomain.com/ujang /home/vmail/domains/yourdomain.com/yudi/.ujang

to create all account with  script you can search in tips and trik or mbah google.

2. its a little script to sync all user with 1 passwd without know passwd client

#!/bin/bash

# imapsyncrun.sh. Script to migrate imap mailboxes under the account migrate1DATE=`date +%m%d%y_%H:%M`LOGFILE=”imapsync.log”echo “IMAPSync starting..  $DATE” >> $LOGFILE

# Begin ‘for’ loop, calling the list of user names already collectedfor ACCTNAME in `cat /root/account`do

ACCOUNT=`echo $ACCTNAME | awk -F@ ‘{print $1}’`;

# Reset the zimbra password temporarily:

#zmprov setPassword $ACCTNAME test123

# Then migrate:/usr/bin/imapsync –buffersize 8192000 –nosyncacls –subscribe –syncinternaldates –host1 [IP address1] \–user1 youraccount@yourdomain.com –password1 [password1] –host2 [IP address2] –user2 $ACCTNAME –password2 [password2] \–folderrec INBOX.$ACCOUNT –regextrans2 ‘s/(.*)/INBOX/’ –noauthmd5echo Done with $ACCTNAME on $DATE >> $LOGFILEdone

# Change the password back to the encrypted one on file.reset_passwords.shecho “” >> $LOGFILEecho “IMAPSync Finished..  $DATE” >> $LOGFILEecho “————————————” >> $LOGFILE

http://wiki.zimbra.com/wiki/Migrating_from_courier-imap_without_passwords_using_Imapsync

http://vavai.com/2011/01/05/tips-imapsync-backup-sinkronisasi-email-tanpa-perlu-tahu-password-tiap-user/

have trying..