Selasa, 23 Desember 2014

redirect http to https on nginx and https to https another domain

ada kalanya kita ingin meredirect URL http kita ke domain lain, berkit option sederhana tapi membantu di nginx

Redirect HTTPS to HTTP on nginx

example :
server {
listen 443;
server_name nama_domain_yang_ingin_di_redirect ;
rewrite ^ http://urltujuan permanent;
}

REDIRECT FROM HTTP to HTTPS on nginx

example :

server {
listen 443;
server_name domain_yang_ingin_di_redirect;
return 301 $scheme://urltujuan;

}

have trying..

Senin, 22 Oktober 2012

tips and trik install OpenDS


As the intended user that will run OpenDS:
1. Download OpenDS -- http://www.opends.org 
2. unzip the zip file -- it will create an OpenDS-VERSION subdirectory
will all the files (you can rename / move this if you want, but I
recommend doing this prior to doing the rest of the steps).  I will
call the path to the OpenDS files $OPENDS (i.e. $OPENDS/bin,
$OPENDS/setup, etc are all valid paths)
3. export PATH=$PATH:$OPENDS/bin (the scripts assume this for when
they call $OPENDS/bin/dsconfig and such)
4. If a java version other than /bin/java needs to be used (/bin/java
-version will display the version), export
OPENDS_JAVA_HOME=/path/to/directory/with/correct/java/bin (i.e. export
OPENDS_JAVA_HOME=/usr/jdk/jdk1.6.0_14)
5. cd $OPENDS; ./setup
    There is both a text based as well as GUI based installer (based
on if $DISPLAY is set and reachable)

the other think we ust set : hostname and ldap data must be same..

Rabu, 02 Mei 2012

jika interface xen tidak bisa terkoneksi ke jaringan..

berbagi pengalaman saja,
hampir seminggu di buat pusing karena image xen yang di backup kemudian d restore d tempat lain tidak bisa jalan intetface nya.. trik nya :
1. install image baru untuk virtual server, pastikan namanya bedakan dengan yang akan di buat. misalkan nama yang lama : budi.com.img maka yang baru d buat budi2.com.img
2. setelah selasai install xennya, contoh buat xen nya : 
virt-install --name=budi2.com --ram 512 --disk path=/etc/xen/budi2.com.img,size30 --nographics --location=http://kambing.ui.ac.id/centos/5.8/os/i386/
 ikuti saja petunjuknya sama dengan waktu kita install centos biasa..
setelah selesai install virtual  tinggal kita edit di configurasi xen, tentu nya dan arahkan image nya ke image lama, configurasi nya tentu ada di budi2.com
3. terakhir kita create xennya, xm create budi2.com [enter]


have trying..

Kamis, 19 April 2012

SSO with CAS, OpenDS integration with Zimbra and Joomla part 3


Supaya CAS bisa mendukung ldap ada beberapa hal yang harus di lakukan :
1. edit pom xml di di rectory CAS server nya, tambahkan baris :
<dependency>
            <groupId>org.jasig.cas</groupId>
            <artifactId>cas-server-support-ldap</artifactId>
            <version>${project.version}</version>
            <scope>runtime</scope>
</dependency>
2. copy kan file cas-server-support-ldap-3.4.10.jar serta spring-ldap * ke dalam directory lib di CAS server nya.
3 edit deployerConfigContext.xml,
contoh deployerConfigContext.xml , saya copy pastekan karena di inet hanya clue nya saja ..
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:sec="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
        <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
  <property name="pooled" value="false"/>

  <property name="url" value="ldap://IP LDAP:PORT" />

  <property name="userDn" value="cn=[Nama MANAGER]"/>
  <property name="password" value="[PASSWDNYA]"/>

  <property name="baseEnvironmentProperties">
    <map>
      <entry key="java.naming.security.authentication" value="simple" />
    </map>
  </property>
</bean>

        <bean id="authenticationManager"
                class="org.jasig.cas.authentication.AuthenticationManagerImpl">
                <property name="credentialsToPrincipalResolvers">
                        <list>
                                <bean
                                        class="org.jasig.cas.authentication.principal.UsernamePasswordCredentialsToPrincipalResolver" />
                                <bean
                                        class="org.jasig.cas.authentication.principal.HttpBasedServiceCredentialsToPrincipalResolver" />
                        </list>
                </property>

                <property name="authenticationHandlers">
                        <list>
                                <bean class="org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler"
                                        p:httpClient-ref="httpClient" />
                                  <bean class="org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler"
      p:filter="uid=%u"
      p:searchBase="ou=People,dc=DOMAINnya,dc=com"
      p:contextSource-ref="contextSource" />
  </list>
 </property>

        </bean>

    <sec:user-service id="userDetailsService">
        <sec:user name="@@THIS SHOULD BE REPLACED@@" password="notused" authorities="ROLE_ADMIN" />
    </sec:user-service>

        <bean id="attributeRepository"
                class="org.jasig.services.persondir.support.StubPersonAttributeDao">
                <property name="backingMap">
                        <map>
                                <entry key="uid" value="uid" />
                                <entry key="eduPersonAffiliation" value="eduPersonAffiliation" />
                                <entry key="groupMembership" value="groupMembership" />
                        </map>
                </property>
        </bean>

        <!--
        Sample, in-memory data store for the ServiceRegistry. A real implementation
        would probably want to replace this with the JPA-backed ServiceRegistry DAO
        The name of this bean should remain "serviceRegistryDao".
         -->
        <bean
                id="serviceRegistryDao"
        class="org.jasig.cas.services.InMemoryServiceRegistryDaoImpl">
        </bean>

    <bean id="auditTrailManager" class="com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager" />
</beans>


4. kita restart tomcatnya :
/etc/init.d/tomcat6 restart
next.. kita coba install openDS nya..



Kamis, 12 April 2012

change themes logo in zimbra.

just simple step :
  1. cd /opt/zimbra/jetty/webapps/zimbra/skins
  2. mv carbon CARBON
  3. ln -s bare carbon
  4. zmprov flushCache skin carbon
have trying..

Selasa, 10 April 2012

Connect to an OPENDS/LDAP using Joomla 2.5

After some fiddling around I managed to connect to an AD from Joomla, so I would like to share with you the configuration.

Apart from being a requirement in many projects, here are the benefits of using an OPENDS/LDAP for Joomla authentication:

  • Centralised user database which can be used from many different systems
  • Users have only one username/password for all systems utilizing OPENDS/LDAP
  • Users can still be administered inside Joomla, since they are imported into Joomla db the first time they connect to Joomla using LDAP
  • Keeps users happy! (no more extra signups)
  • Best practice, IT integration
In order to achieve this you just have to follow these steps: 

1. Go to the Joomla's administration plugin manager and enable the Authentication - LDAP plugin:

2. Configure the plugins with your OPENDS/LDAP data. This is the tricky part, which could make you spend manhours and frustrate you a lot if you are not sure about the parameters.




The parameters shown above are for OPENDS and should be ok for the majority of the systems and should allow you to connect using your email credentials




Rabu, 28 Maret 2012

Got SERVFAIL reply from ..

if you got log error when we configure your DNS server :

Got SERVFAIL reply from ...

please check your configuration with command named-checkzone, ex :

named-checkzone jalmi-alit.com db.jalmi-alit.com

have trying..