Apache2 ldap auth on Ubuntu Dapper and Feisty January 15, 2008
Posted by idimmu in linux.As part of our internal office systems upgrade we have a shiny new LDAP server which we like to use as much as possible. One of the things we use it for is Apache user auth, mainly we control SVN with it so people can only commit to the projects they're allowed to but we also use it so secure our system's services from the developers that like to play wannabe sysadmin!
Unfortunately we are running several different flavors of Ubuntu in the office with slightly different Apache2 versions and thus LDAP requirements!
Ubuntu Dapper Drake (Apache 2.0)
AuthType basic
AuthName "BackupPC admin"
AuthLDAPUrl ldap://ldap-server:389/ou=people,dc=domain,dc=com?uid?sub
AuthLDAPGroupAttributeIsDN off
AuthLDAPEnabled on
Require group cn=systems,ou=groups,dc=domain,dc=com
AuthLDAPGroupAttribute memberUid
Ubuntu Feisty Fawn (Apache 2.22)
AuthType Basic
AuthName "SVN Repository"
AuthLDAPUrl ldap://ldap-server:389/ou=people,dc=domain,dc=com?uid?sub
AuthzLDAPAuthoritative On
AuthBasicProvider ldap
AuthLDAPGroupAttribute memberUid
AuthLDAPGroupAttributeIsDN off
Require ldap-group cn=developers,ou=groups,dc=domain,dc=com
Obviously you have to make sure you have the right LDAP modules enabled for each version of Apache2 but that's all that is required to force Apache2 to authenticate against an LDAP group!
Ubuntu and webcams January 14, 2008
Posted by idimmu in linux.I've had some debugging to do for work for a part of our site that uses webcams but I've been a bit hazey about starting it because the last time I plugged a webcam in to a Linux box, 100 years ago, it was a bit messy. I decided to risk it as I'm too lazy to go home and get my laptop, and .. it .. just .. worked ..
Once again Ubuntu impresses me!
[243052.596000] usb 2-7: new full speed USB device using ohci_hcd and address 3
[243052.804000] usb 2-7: configuration #1 chosen from 1 choice
[243052.972000] Linux video capture interface: v2.00
[243052.988000] quickcam: QuickCam USB camera found (driver version QuickCam USB 0.6.6 $Date: 2006/11/04 08:38:14 $)
[243052.988000] quickcam: Kernel:2.6.22-14-generic bus:2 class:FF subclass:FF vendor:046D product:0870
[243053.016000] quickcam: Sensor HDCS-1020 detected
[243053.024000] quickcam: Registered device: /dev/video0
[243053.024000] usbcore: registered new interface driver quickcam
I feel these office lights are harsh on my skin though :(
Using sed to replace all strings in a file January 14, 2008
Posted by idimmu in linux.As part of our test environment rebuild one of the first things we tackled was moving the databases to the new virtual environment, this means changing the database address in a lot of config files, fortunately sed makes this job really easy!
sed -i s/olddatabase/newdatabase/g *.xml
We're also using CNAMEs now for the addresses to make this change a lot easier next time the database moves hardware :)
Atom feeds with PHP 5 Dom and XSL January 13, 2008
Posted by idimmu in php.All blogs require silly amounts of feed generators, right? And this is a silly blog so requires a silly generator. The entire site is written using PHP5, and my automagic 'datahandler' activepage concept creates an XML document using DOM that then uses XSL as a templating engine, so I figured it wouldn't be too hard to knock up a stylesheet to turn the default datahandler for the blog in to a nice atom feed! Just make sure you set the content-type to application/atom+xml when generate the page!
<?xml version="1.0" encoding="iso-8859-1"?>
<xsl:stylesheet version = "1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output indent="yes" method="xml" encoding="iso-8859-1" omit-xml-declaration="yes" doctype-system="http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd" doctype-public="-//W3C//DTD XHTML 1.1//EN" />
<xsl:template match="page">
<feed xmlns="http://www.w3.org/2005/Atom">
<link rel="alternate" type="text/html" href="http://www.idimmu.net/" />
<link rel="self" href="http://www.idimmu.net/blog/atom.php" />
<title>idimmu . net</title>
<link href="http://www.idimmu.net/"/>
<updated><xsl:value-of select="datahandler_blog/blog_list/blog/date/year"/>-<xsl:value-of select="datahandler_blog/blog_list/blog/date/month"/>-<xsl:value-of select="datahandler_blog/blog_list/blog/date/day"/>T<xsl:value-of select="datahandler_blog/blog_list/blog/date/hour"/>:<xsl:value-of select="datahandler_blog/blog_list/blog/date/minute"/>:<xsl:value-of select="datahandler_blog/blog_list/blog/date/second"/>Z</updated>
<author>
<name>idimmu</name>
</author>
<id>http://www.idimmu.net/</id>
<xsl:apply-templates select="datahandler_blog"/>
</feed>
</xsl:template>
<xsl:template match="datahandler_blog">
<xsl:apply-templates select="blog_list"/>
</xsl:template>
<xsl:template match="blog">
<entry>
<title><xsl:value-of select="title"/></title>
<link href="http://www.idimmu.net/{clonefakeurl}"/>
<id>http://www.idimmu.net/<xsl:value-of select="clonefakeurl"/></id>
<updated><xsl:value-of select="date/year"/>-<xsl:value-of select="date/month"/>-<xsl:value-of select="date/day"/>T<xsl:value-of select="date/hour"/>:<xsl:value-of select="date/minute"/>:<xsl:value-of select="date/second"/>Z</updated>
<content type="xhtml">
<div xmlns="http://www.w3.org/1999/xhtml">
<xsl:value-of select="bb_content" disable-output-escaping="yes"/>
</div>
</content>
</entry>
</xsl:template>
<xsl:template match="blog_list">
<xsl:apply-templates select="blog"/>
</xsl:template>
</xsl:stylesheet>
PHP Java Bridge in Ubuntu Gutsy with Lucene January 12, 2008
Posted by idimmu in linux, php.The php/java bridge it a pretty awesome little protocol that basically lets us use java classes inside our own PHP applications! This lets you harness the awesome power of all the Java libraries that exist, including the popular Lucene search engine library.
I referenced two excellent blog entries here and here whilst implementing Lucene search for this blog, but I am writing up the experience anyway to compare issues and difficulties and enhance my understanding of the process.
To start with Java, Lucene and the bridge dependancies must be installed (remember to enable multiverse in your apt sources)
apt-get install sun-java6-jre sun-java6-jdk liblucene-java libitext-java
update-java-alternatives -s java-6-sun
Grab the php-java-bridge deb package from sourceforge and install it. The fact it is v4 does not reflect that it is only for PHP version 4! There are RPMs for version 5 which you could turn in to a deb package using alien but at the moment I am feeling lazy so I will see how version 4 works out first.
wget http://downloads.sourceforge.net/php-java-bridge/php-java-bridge_4.3.0-1_i386.deb
dpkg -i php-java-bridge_4.3.0-1_i386.deb
Apache should restart now, if not restart it yourself.
To check that it is working look at the output of phpinfo(), there should be a new shiny java section! Listing the running processes also is interesting!
root 20205 0.0 0.7 664520 15520 ? Sl 17:18 0:00 java -Djava.library.path=/usr/lib/php5/20060613+lfs
-Djava.class.path=/usr/lib/php5/20060613+lfs/JavaBridge.jar -Djava.awt.headless=true
-Dphp.java.bridge.base=/usr/lib/php5/20060613+lfs php.java.bridge.Standalone LOCAL:@java-bridge-4ee9 1
as does netstat
unix 2 [ ACC ] STREAM LISTENING 1913999 @java-bridge-4ee9
I think it gets started when apache starts, as java.so is loaded in to the PHP, I'm still investigating that.
As far as starting the Lucene development goes, this was a pretty good tutorial on how it all works and this site has some good Java example code that I used to work out how the PHP should work.
Below is my PHP Lucene test code, it just creates one document with a description then searches the index description for 'idi test' and outputs the match. It's pretty rad!
<?php
java_require('/usr/share/java/lucene.jar');
$analyzer = new Java('org.apache.lucene.analysis.StopAnalyzer');
$writer = new Java('org.apache.lucene.index.IndexWriter', '/path/to/store/lucene/data/in', $analyzer, true);
$doc = new Java('org.apache.lucene.document.Document');
$field = new Java('org.apache.lucene.document.Field','description','idi data test',true, true, true);
$doc->add($field);
$writer->addDocument($doc);
$writer->close();
$indexer = new Java('org.apache.lucene.search.IndexSearcher','/path/to/store/lucene/data/in');
$parser = new Java('org.apache.lucene.queryParser.QueryParser','description',$analyzer);
$query = $parser->parse('rus test');
$hits = $indexer->search($query);
for ($i = 0; $i < $hits->length(); $i++) {
$found = $hits->doc($i);
print $i.".".$found->get('description');
}
?>
Now that it's working I just have to incorperate it in to the site :)
