Rabu, 28 Maret 2012

Got SERVFAIL reply from ..

if you got log error when we configure your DNS server :

Got SERVFAIL reply from ...

please check your configuration with command named-checkzone, ex :

named-checkzone jalmi-alit.com db.jalmi-alit.com

have trying..

Senin, 26 Maret 2012

read only file system


if you got some think error like read only file system cause you have failed setting fstab you can set command :
mount -o remount /
have trying..

perfomance indicator in drbd


The second line of /proc/drbd information for each resource contains the following counters and gauges:
ns (network send). Volume of net data sent to the partner via the network connection; in Kibyte.
nr (network receive). Volume of net data received by the partner via the network connection; in Kibyte.
dw (disk write). Net data written on local hard disk; in Kibyte.
dr (disk read). Net data read from local hard disk; in Kibyte.
al (activity log). Number of updates of the activity log area of the meta data.
bm (bit map). Number of updates of the bitmap area of the meta data.
lo (local count). Number of open requests to the local I/O sub-system issued by DRBD.
pe (pending). Number of requests sent to the partner, but that have not yet been answered by the latter.
ua (unacknowledged). Number of requests received by the partner via the network connection, but that have not yet been answered.
ap (application pending). Number of block I/O requests forwarded to DRBD, but not yet answered by DRBD.
ep (epochs). Number of epoch objects. Usually 1. Might increase under I/O load when using either the barrier or the none write ordering method.
wo (write order). Currently used write ordering method: b(barrier), f(flush), d(drain) or n(none).
oos (out of sync). Amount of storage currently out of sync; in Kibibytes.

Sabtu, 24 Maret 2012

SSO with CAS, OpenDS integration with Zimbra and Joomla part 2


Setelah selasai install tomcat 6 langkah berikutnya kita install CAS, bisa anda download di http://www.jasig.org/cas/download, saya menggunakan versi 3.4.10
kemudian simpan di /usr/share/tomcat6/webapps,  setelah itu di extract, setelah selesai di extract copykan file /usr/share/tomcat6/webapps/cas-server-3.4.10/modules/cas-server-webapp-3.4.10.war ke /usr/share/tomcat6/webapps, maka otomatis akan mucul folder /usr/share/tomcat6/webapps//cas-server-webapp-3.4.10,
maka silahkan di buka tomcatnya di https://(your domain/ip address):8443/cas-server-webapp-3.4.10.
ok setelah selai install CAS nya tinggal konfigurasi CAS biar mendukung LDAP..
Supaya CAS bisa mendukung ldap ada beberapa hal yang harus di lakukan :
1. edit pom xml di di rectory CAS server nya, tambahkan baris :
<dependency>
            <groupId>org.jasig.cas</groupId>
            <artifactId>cas-server-support-ldap</artifactId>
            <version>${project.version}</version>
            <scope>runtime</scope>
        </dependency>
2. copy kan file cas-server-support-ldap-3.4.10.jar serta spring-ldap * ke dalam directory lib di CAS server nya.
3 edit deployerConfigContext.xml,
contoh deployerConfigContext.xml , saya copy pastekan karena di inet hanya clue nya saja 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:sec="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
        <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
  <property name="pooled" value="false"/>

  <property name="url" value="ldap://IP LDAP:PORT" />

  <property name="userDn" value="cn=[Nama MANAGER]"/>
  <property name="password" value="[PASSWDNYA]"/>

  <property name="baseEnvironmentProperties">
    <map>
      <entry key="java.naming.security.authentication" value="simple" />
    </map>
  </property>
</bean>

        <bean id="authenticationManager"
                class="org.jasig.cas.authentication.AuthenticationManagerImpl">
                <property name="credentialsToPrincipalResolvers">
                        <list>
                                <bean
                                        class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
                                <bean
                                        class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
                        </list>
                </property>

                <property name="authenticationHandlers">
                        <list>
                                <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
                                        p:httpClient-ref="httpClient" />
                                  <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
      p:filter="uid=%u"
      p:searchBase="ou=People,dc=DOMAINnya,dc=com"
      p:contextSource-ref="contextSource" />

</list>
 </property>

        </bean>

    <sec:user-service id="userDetailsService">
        <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" />
    </sec:user-service>

        <bean id="attributeRepository"
                class="org.jasig.services.persondir.support.StubPersonAttributeDao">
                <property name="backingMap">
                        <map>
                                <entry key="uid" value="uid" />
                                <entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
                                <entry key="groupMembership" value="groupMembership" />
                        </map>
                </property>
        </bean>

        <!--
        Sample, in-memory data store for the ServiceRegistry. A real implementation
        would probably want to replace this with the JPA-backed ServiceRegistry DAO
        The name of this bean should remain "serviceRegistryDao".
         -->
        <bean
                id="serviceRegistryDao"
        class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
        </bean>

    <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
</beans>
4. kita restart tomcatnya :
/etc/init.d/tomcat6 restart
bersambung...


imapsync without know passwd user


1. create link from your account email to the other account,example other account : ujang my account : yudi, ln -s /home/vmail/domains/yourdomain.com/ujang /home/vmail/domains/yourdomain.com/yudi/.ujang
to create all account with  script you can search in tips and trik or mbah google.
2. its a little script to sync all user with 1 passwd without know passwd client
#!/bin/bash
# imapsyncrun.sh. Script to migrate imap mailboxes under the account migrate1DATE=`date +%m%d%y_%H:%M`LOGFILE=”imapsync.log”echo “IMAPSync starting..  $DATE” >> $LOGFILE
# Begin ‘for’ loop, calling the list of user names already collectedfor ACCTNAME in `cat /root/account`do
ACCOUNT=`echo $ACCTNAME | awk -F@ ‘{print $1}’`;
# Reset the zimbra password temporarily:
#zmprov setPassword $ACCTNAME test123
# Then migrate:/usr/bin/imapsync –buffersize 8192000 –nosyncacls –subscribe –syncinternaldates –host1 [IP address1] \–user1 youraccount@yourdomain.com –password1 [password1] –host2 [IP address2] –user2 $ACCTNAME –password2 [password2] \–folderrec INBOX.$ACCOUNT –regextrans2 ‘s/(.*)/INBOX/’ –noauthmd5echo Done with $ACCTNAME on $DATE >> $LOGFILEdone
# Change the password back to the encrypted one on file.reset_passwords.shecho “” >> $LOGFILEecho “IMAPSync Finished..  $DATE” >> $LOGFILEecho “————————————” >> $LOGFILE
have trying..

Jumat, 23 Maret 2012

SSO with CAS, OpenDS integration with Zimbra and Joomla part 1


Di sini saya tidak membahas teori tentang Single Sign On ( SSO ), anda bisa cari teori SSO di google  di sini saya akan coba buatkan langkah langkah untuk integrasi SSO dengan menggunakan CAS, http://www.jasig.org/cas dengan backend data nya menggunkan LDAP dalam hal ini saya menggunakan OpenDS ( http://www.opends.org/ )  di integrasikan dengan Zimbra (http://www.zimbra.com/) dan Joomla (http://www.joomla.org/).
langkah pertama  kita install tomcat 6, saya dalam hal ini menggunkan OS centos 5x:
install tomcat 6  :
cd /etc/yum.repos.d
wget ‘http://www.jpackage.org/jpackage50.repo’ 
yum update 
yum install tomcat6 tomcat6-webapps tomcat6-admin-webapps 
service tomcat6 start
kalau ada error waktu install mungkin anda butuh install di bawah ini :
rpm -Uvh ‘http://plone.lucidsolutions.co.nz/linux/centos/images/jpackage-utils-compat-el5-0.0.1-1.noarch.rpm’
karena CAS menyarankan untuk https di tomcat maka langkah selanjutnya adalah confiurasi ssl untuk tomcat..
untuk setting SSL di tomcat silahkan cari di google banyak caranya salah satunya : http://www.mulesoft.com/tomcat-ssl

– bersambung–

Kamis, 22 Maret 2012

Backup dan Restore Zimbra


hanya share saja dari pengalaman yang sudah di lakukan, alhamdulilah berjalan dengan baik. pernah di lakukan adalah backup dari zimbra : zcs-6.0.0_GA_1802 sedangkan server barunya versi :  zcs-6.0.8_GA_2661
BACKUP
yang di backup :
ldap dan Data inbox user
1. LDAP, adalah singkatan dari Lightweight Directory Access Protocol.
Zimbra’s LDAP berisi:
- konfigurasi global,
-otentikasi pengguna,
- Server
- Domain
- Kelas Layanan informasi  atau COS.
Selain itu, informasi yang berkaitan dengan: Eksternal LDAP Otentikasi dan Eksternal GAL
Sebagian besar data ini dapat dilihat dan dikonfigurasi melalui konsol Admin atau dengan perintah zmprov dari shell. sedangkan LDAP sendiri  tidak mengandung pesan email.
untuk mebackup ldap user dengan perintahnya :
# su – zimbra -c “/opt/zimbra/libexec/zmslapcat /home/backup/

dalam hal ini file ldap.bak di simpan di /home/backup
2. file Inbox, berisi isi email dan serta folder yang di create
berisi Inbox email user, kita coba backup isi Inbox dengan script yang mas vavai buat :
#!/bin/bash
### START CONFIGURATION ###
DIR=”/home/backup/zimbra”;
OUTPUT=”/home/backup/zimbra”;
UPLOAD=”/home/upload/”;
USERS=`su – zimbra -c ‘zmprov -l gaa ‘`;
DATE=`date +%Y%m%d`;
### END OF CONFIGURATION ###
su – zimbra -c “zmprov -l gaa > /tmp/daftar-account-zimbra”;
#
#USERS=`su – zimbra -c ‘zmprov -l gaa ‘`;
#DATE=`date +%Y%m%d`;
if [ ! -d $DIR ]; then mkdir $DIR; chown zimbra:zimbra $DIR; fi
for ACCOUNT in $USERS; do
NAME=`echo $ACCOUNT | awk -F@ ‘{print}’`;
echo ” Backup $NAME mailbox …”
su – zimbra -c “zmmailbox -z -m $ACCOUNT getRestURL ‘//?fmt=tgz’ > $DIR/$NAME.tgz”;
done

hasil ldap.bak dan inbox di upload ke server backup, untuk memudahkan proses backup bisa set otomatis login yang di set di crontab, bisa di baca di :  http://linux.jalawave.net/?p=12

RESTORE
1.  yang di restore adalah data ldap

langkah langkahnya :
- kita matikan dulu service zimbranya:
# su zimbra

#zmcontrol stop

#/opt/zimbra/openldap/sbin/slapadd -q -b “” -F /opt/zimbra/data/ldap/config -cv -l [path ldap.bak]

kalau tidak ada aral melintang seluruh domain beserta user dan previlege nya sudah berhasil di pindahkan.

2. data mailboxnya

#zmcontrol start


untuk file restore mailbox , sama waktu backup, scriptnya di ambil dari mas vavai,
#!/bin/bash
### START CONFIGURATION ###
DIR=”/home/backup/”;
### END OF CONFIGURATION ###
clear
echo “Retrieve zimbra user name…”
USERS=`su – zimbra -c ‘zmprov -l gaa’`;
for ACCOUNT in $USERS; do
NAME=`echo $ACCOUNT`;
echo “Restoring $NAME mailbox…”
su – zimbra -c “zmmailbox -z -m $NAME postRestURL ‘//?fmt=tgz&resolve=reset’ $DI
R/$NAME.tgz”;
done

echo “All mailbox has been restored sucessfully”
untuk path DIR nya di sesuai kan saja.
TIPS :
—  untuk DNS server untuk restore di sarankan buat sendiri, jangan memakai dns yang existing , sehingga ketika proses restore di lakukan maka di pastikan  restore tersebut berjalan di  ’ mail server backup ‘ bukan di ‘ mail server existing.’ karena script “ postRestURL ‘// ” menunjukan  alamat mx records domain yang akan kita restore…

have trying..