RHEL Winbind Authentication Against Active Directory

April 11, 2007 | Filed Under All Stories, Data and Technology 8 Comments

So you have a RHEL system and you want to authenticate it against your active directory. The good news is that Red Hat has made it easy for you to do this. The bad news is that they only get the most basic structure working for you. Here I will show you how to get WinBind authentication working using Authconfig, and how make it a little more seamless than this utility leaves it off.

It should be noted that while this works perfectly well, it is really not the best way to authenticate users against a UNIX host. Given the option, having your users in Open Ldap and PAM authenticating them against that would be a much better option. However, we don’t live in a perfect world, and sometimes we just have to make things work.

Let’s start by using authconfig to join your machine to the domain. This should all be done as the root user.

# authconfig

  • Select “Use Winbind” and Use “Winbind Authentication”. Remember to leave “Cache Information”, “Use MD5 Passwords” and “Use Shadow Passwords” selected.
  • Select “Next”
  • Under “Security Model” select “ads”
  • “Domains:” examplead (substatute with the name of your Active Directory)
  • “Domain Controllers:” adserver.domain.com (Again, substitute with the name of your Active Directory server)
  • “ADS Realm:” ADSERVER.DOMAIN.COM
  • “Template Shell:” /bin/bash
  • Select “Join Domain”
  • Select “OK”

Now your machine should be be on the domain. Test it to make sure you can see your AD users:

# wbinfo -u

You should see your users in the list.

The only problem is that to do anything with them, you have to express their user name in that annoying way Windows likes you to. Something like this:

“EXAMPLEAD\\username”

Not very usefull. To get around this, simply edit “/etc/samba/smb.conf” and change this line:

winbind use default domain = no

to this:

winbind use default domain = yes

You should now be able to express AD usernames without the domain nonsense before it. Try it:

# finger username
Login: username                            Name: Username
Directory: /home/EXAMPLEAD/username        Shell: /bin/bash
Never logged in.
No mail.
No Plan.

Finally check your “/etc/nsswhich.conf” file to make sure RHEL knows to use WinBind. Authconfig should have set this up for you, and it should have lines that look like this:

passwd:     files winbind
shadow:     files winbind
group:      files winbind

That should do it you should be able to create home directories for all your AD users and let them authenticate away. Have fun.

Tags: , , , , , , , , , , , , , , , , , ,

Related Articles:

Horde / IMP on RHEL 4 From RPM HOWTO

December 21, 2006 | Filed Under All Stories, Data and Technology 4 Comments

linux.jpgWhenever you go to install applications and services on registered RHEL servers, it’s always nice to use the RPMs because up2date will keep everything current for you. Managing upgrades gets a whole lot easier when you can bring your system up to current with one simple command. Because of this, I decided that I would try to use as many RPMs as I could when I set up our latest Horde / IMP installation.

Unfortunately, RedHat does not supply RPMs for the Horde applications, but luckily CentOS does. You should be able to download them from here. Get the latest version, which at the time of this writing was horde-3.1.3-1 and imp-h3-4.1.3-1.

Don’t install them yet though because Horde and IMP have always had a lot of dependancies which must be installed and enabled first. Installing the following RPMs should take care of them.

  • mysql-4.1.20-1.RHEL4.1.i386.rpm
  • mysqlclient10-3.23.58-4.RHEL4.1.i386.rpm
  • mysqlclient10-devel-3.23.58-4.RHEL4.1.i386.rpm
  • mysql-devel-4.1.20-1.RHEL4.1.i386.rpm
  • mysql-server-4.1.20-1.RHEL4.1.i386.rpm
  • perl-DBD-MySQL-2.9004-3.1.i386.rpm
  • php-4.3.9-3.15.i386.rpm
  • php-devel-4.3.9-3.15.i386.rpm
  • php-domxml-4.3.9-3.15.i386.rpm
  • php-imap-4.3.9-3.15.i386.rpm
  • php-ldap-4.3.9-3.15.i386.rpm
  • php-mysql-4.3.9-3.15.i386.rpm
  • php-pear-4.3.9-3.15.i386.rpm

Assuming you will want up2date to handle upgrades of these packages, it is very important that you either use “up2date” to install them, or download them from correct channel at the RedHat website. You could also simply get them from the CD distribution that you used to install the system itself.

Once PEAR is installed, you will have to upgrade it, and install the PEAR::Log module.

[root@server]# pear upgrade -a PEAR-1.3.6
[root@server]# pear upgrade PEAR

Ok, now let’s make sure the web server is configured to start when the system comes up:

[root@server /]# /sbin/chkconfig –list httpd

You should see this:

httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off

But if you see 5:off, simply run:

[root@server /]# /sbin/chkconfig httpd on

Now we enable and start up our new MySQL database server:

[root@server /]# /sbin/chkconfig mysqld on
[root@server /]# /sbin/service mysqld start

And we’re ready to install Horde and IMP. Install the following RPM’s, which will put everything in /usr/share/horde and creates a file called horde.conf in /etc/httpd/conf.d/

  • horde-3.1.3-1.c4.noarch.rpm
  • imp-h3-4.1.3-1.c4.noarch.rpm

This will install the HORDE and IMP packages in /usr/share, and /usr/share/horde respectively.

Finally, we start or restart apache:

[root@server /]# /sbin/service httpd start

Grab a browser and go to the following URL to proceed with the Horde and IMP configuration.

http://server.example.com/horde/

Tags: , , , , , , , , , , , , , , , , , , , , , ,

Related Articles:

Installing OpenGroupWare 1.1.5 on RHEL 3

December 15, 2006 | Filed Under All Stories, Data and Technology 2 Comments

OpenGroupware.jpgOpenGroupWare is an open source groupware package intended as an alternative to proprietary applications such as Exchange and PostPath. It is fairly robust in its feature set, and even integrates well with MS Outlook.

Its strongest points, in my opinion are that it does not depend in any way on Active Directory, and that it integrates well with open source standards like Open LDAP and University of Washington IMAP. Its downsides are that the documentation is sparse and scattered, that is is backed with PostgreSQL rather than MySQL, and that the package is bundled into a TON of RPM's.

I have not tried installing it from source, though I suspect that it would not be much more work than using the RPM's. Anyhow, if you want to install it for yourself, here are some quick scripts to help you, as well as some quick cookbook instructions. I installed it on RHEL 3 Workstation, though I suspect that it would work most Linux distributions.

The first thing we have to do is install the foundation for OpenGroupWare From the RHEL CD's or Website:

Install apache
Install PostgreSQL
Install PostgreSQL-devel
Install php
Install php_PostgreSQL

Next, run the following commands to get the database and webserver started:

# /sbin/chkconfig httpd on
# /sbin/chkconfig postgresql on
# /sbin/service postgresql start
# /sbin/service httpd start

Sendmail should already be installed and running, but if not, you will have to install it as well.

OK, so I said before that there are a TON of RPM's that you will have to install. These can be found at the OpenGroupWare website. Get them however you want, but if you have "wget" installed, you can use my script to fetch everything you need. You can omit the "devel" packages if you don't want to install the source code.

PLAIN TEXT
HTML:
  1. ###### SNIP #######
  2. #!/bin/sh
  3. #GetOpenGroupWare.sh
  4. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-gnustep_make-1.10.0-0.i386.rpm
  5. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/sope-4.5.8-sixtyfour/sope45-xml-4.5.8-r1321.0.i386.rpm
  6. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/sope-4.5.8-sixtyfour/sope45-xml-devel-4.5.8-r1321.0.i386.rpm
  7. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/ThirdParty/libfoundation11-1.1.3-r155.0.i386.rpm
  8. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/ThirdParty/libfoundation11-devel-1.1.3-r155.0.i386.rpm
  9. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/sope-4.5.8-sixtyfour/sope45-core-4.5.8-r1321.0.i386.rpm
  10. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/sope-4.5.8-sixtyfour/sope45-core-devel-4.5.8-r1321.0.i386.rpm
  11. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/sope-4.5.8-sixtyfour/sope45-appserver-4.5.8-r1321.0.i386.rpm
  12. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/sope-4.5.8-sixtyfour/sope45-appserver-devel-4.5.8-r1321.0.i386.rpm
  13. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/sope-4.5.8-sixtyfour/sope45-gdl1-4.5.8-r1321.0.i386.rpm
  14. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/sope-4.5.8-sixtyfour/sope45-gdl1-devel-4.5.8-r1321.0.i386.rpm
  15. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/sope-4.5.8-sixtyfour/sope45-ldap-4.5.8-r1321.0.i386.rpm
  16. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/sope-4.5.8-sixtyfour/sope45-ldap-devel-4.5.8-r1321.0.i386.rpm
  17. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/sope-4.5.8-sixtyfour/sope45-ldap-tools-4.5.8-r1321.0.i386.rpm
  18. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/sope-4.5.8-sixtyfour/sope45-mime-4.5.8-r1321.0.i386.rpm
  19. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/sope-4.5.8-sixtyfour/sope45-mime-devel-4.5.8-r1321.0.i386.rpm
  20. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-logic-1.1.5-r1717.0.i386.rpm
  21. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-logic-devel-1.1.5-r1717.0.i386.rpm
  22. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-logic-tools-1.1.5-r1717.0.i386.rpm
  23. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-docapi-1.1.5-r1717.0.i386.rpm
  24. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-docapi-devel-1.1.5-r1717.0.i386.rpm
  25. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-docapi-db-project-1.1.5-r1717.0.i386.rpm
  26. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-docapi-db-project-devel-1.1.5-r1717.0.i386.rpm
  27. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-docapi-fs-project-1.1.5-r1717.0.i386.rpm
  28. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-docapi-fs-project-devel-1.1.5-r1717.0.i386.rpm
  29. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-core-1.1.5-r1717.0.i386.rpm
  30. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-core-devel-1.1.5-r1717.0.i386.rpm
  31. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-app-1.1.5-r1717.0.i386.rpm
  32. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-environment-1.1.5-0.i386.rpm
  33. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/sope-4.5.8-sixtyfour/sope45-ical-4.5.8-r1321.0.i386.rpm
  34. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/sope-4.5.8-sixtyfour/sope45-ical-devel-4.5.8-r1321.0.i386.rpm
  35. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/sope-4.5.8-sixtyfour/sope45-gdl1-postgresql-4.5.8-r1321.0.i386.rpm
  36. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/mod_ngobjweb-2.0.46-r1323.0.i386.rpm
  37. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-database-setup-1.1.5-0.i386.rpm
  38. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-pda-1.1.5-r1717.0.i386.rpm
  39. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-pda-devel-1.1.5-r1717.0.i386.rpm
  40. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-theme-blue-1.1.5-r1717.0.i386.rpm
  41. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-theme-default-1.1.5-r1717.0.i386.rpm
  42. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-theme-kde-1.1.5-r1717.0.i386.rpm
  43. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-theme-ooo-1.1.5-r1717.0.i386.rpm
  44. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-theme-orange-1.1.5-r1717.0.i386.rpm
  45. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-tools-1.1.5-r1717.0.i386.rpm
  46. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-calendar-1.1.5-r1717.0.i386.rpm
  47. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-contact-1.1.5-r1717.0.i386.rpm
  48. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-mailer-1.1.5-r1717.0.i386.rpm
  49. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-mailer-devel-1.1.5-r1717.0.i386.rpm
  50. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-news-1.1.5-r1717.0.i386.rpm
  51. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-project-1.1.5-r1717.0.i386.rpm
  52. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-resource-basque-1.1.5-r1717.0.i386.rpm
  53. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-resource-de-1.1.5-r1717.0.i386.rpm
  54. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-resource-dk-1.1.5-r1717.0.i386.rpm
  55. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-resource-en-1.1.5-r1717.0.i386.rpm
  56. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-resource-es-1.1.5-r1717.0.i386.rpm
  57. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-resource-fr-1.1.5-r1717.0.i386.rpm
  58. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-resource-hu-1.1.5-r1717.0.i386.rpm
  59. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-resource-it-1.1.5-r1717.0.i386.rpm
  60. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-resource-jp-1.1.5-r1717.0.i386.rpm
  61. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-resource-nl-1.1.5-r1717.0.i386.rpm
  62. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-resource-no-1.1.5-r1717.0.i386.rpm
  63. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-resource-pl-1.1.5-r1717.0.i386.rpm
  64. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-resource-pt-1.1.5-r1717.0.i386.rpm
  65. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-resource-ptbr-1.1.5-r1717.0.i386.rpm
  66. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-resource-sk-1.1.5-r1717.0.i386.rpm
  67. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-webui-task-1.1.5-r1717.0.i386.rpm
  68. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-xmlrpcd-1.1.5-r1717.0.i386.rpm
  69. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-zidestore-1.1.5-r1717.0.i386.rpm
  70. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-zidestore-devel-1.1.5-r1717.0.i386.rpm
  71. wget http://download.opengroupware.org/nightly/packages/rhel3/releases/opengroupware-1.1.5-moveon/ogo-meta-1.1.5-r1717.0.i386.rpm
  72. ###### /SNIP #######

Ok, so now we have a directory filled up wit RPM's. Many of these have a lot of dependancies, so the order of install is important. The script below has them in the correct order, so you can either use it as a reference to install them yourself, or just save the script in the directory that has all your RPM's and run it. Your choice.

PLAIN TEXT
HTML:
  1. ###### SNIP #######
  2. # InstallOpenGroupware.sh
  3. #!/sbin/sh
  4. rpm -Uvh ogo-gnustep_make-1.10.0-0.i386.rpm
  5. rpm -Uvh sope45-xml-4.5.8-r1321.0.i386.rpm
  6. rpm -Uvh sope45-xml-devel-4.5.8-r1321.0.i386.rpm
  7. rpm -Uvh libfoundation11-1.1.3-r155.0.i386.rpm
  8. rpm -Uvh libfoundation11-devel-1.1.3-r155.0.i386.rpm
  9. rpm -Uvh sope45-core-4.5.8-r1321.0.i386.rpm
  10. rpm -Uvh sope45-core-devel-4.5.8-r1321.0.i386.rpm
  11. rpm -Uvh sope45-mime-4.5.8-r1321.0.i386.rpm
  12. rpm -Uvh sope45-mime-devel-4.5.8-r1321.0.i386.rpm
  13. rpm -Uvh sope45-appserver-4.5.8-r1321.0.i386.rpm
  14. rpm -Uvh sope45-appserver-devel-4.5.8-r1321.0.i386.rpm
  15. rpm -Uvh sope45-gdl1-4.5.8-r1321.0.i386.rpm
  16. rpm -Uvh sope45-gdl1-devel-4.5.8-r1321.0.i386.rpm
  17. rpm -Uvh sope45-ldap-4.5.8-r1321.0.i386.rpm
  18. rpm -Uvh sope45-ldap-devel-4.5.8-r1321.0.i386.rpm
  19. rpm -Uvh sope45-ldap-tools-4.5.8-r1321.0.i386.rpm
  20. rpm -Uvh ogo-logic-1.1.5-r1717.0.i386.rpm
  21. rpm -Uvh ogo-logic-devel-1.1.5-r1717.0.i386.rpm
  22. rpm -Uvh ogo-logic-tools-1.1.5-r1717.0.i386.rpm
  23. rpm -Uvh ogo-docapi-1.1.5-r1717.0.i386.rpm
  24. rpm -Uvh ogo-docapi-devel-1.1.5-r1717.0.i386.rpm
  25. rpm -Uvh ogo-docapi-db-project-1.1.5-r1717.0.i386.rpm
  26. rpm -Uvh ogo-docapi-db-project-devel-1.1.5-r1717.0.i386.rpm
  27. rpm -Uvh ogo-docapi-fs-project-1.1.5-r1717.0.i386.rpm
  28. rpm -Uvh ogo-docapi-fs-project-devel-1.1.5-r1717.0.i386.rpm
  29. rpm -Uvh ogo-webui-core-devel-1.1.5-r1717.0.i386.rpm
  30. rpm -Uvh ogo-webui-app-1.1.5-r1717.0.i386.rpm ogo-theme-default-1.1.5-r1717.0.i386.rpm ogo-webui-resource-en-1.1.5-r1717.0.i386.rpm ogo-webui-resource-de-1.1.5-r1717.0.i386.rpm
  31. rpm -Uvh ogo-environment-1.1.5-0.i386.rpm
  32. rpm -Uvh sope45-ical-4.5.8-r1321.0.i386.rpm
  33. rpm -Uvh sope45-ical-devel-4.5.8-r1321.0.i386.rpm
  34. rpm -Uvh sope45-gdl1-postgresql-4.5.8-r1321.0.i386.rpm
  35. rpm -Uvh mod_ngobjweb-2.0.46-r1323.0.i386.rpm
  36. rpm -Uvh ogo-database-setup-1.1.5-0.i386.rpm
  37. rpm -Uvh ogo-pda-1.1.5-r1717.0.i386.rpm
  38. rpm -Uvh ogo-pda-devel-1.1.5-r1717.0.i386.rpm
  39. rpm -Uvh ogo-theme-blue-1.1.5-r1717.0.i386.rpm
  40. rpm -Uvh ogo-theme-kde-1.1.5-r1717.0.i386.rpm
  41. rpm -Uvh ogo-theme-ooo-1.1.5-r1717.0.i386.rpm
  42. rpm -Uvh ogo-theme-orange-1.1.5-r1717.0.i386.rpm
  43. rpm -Uvh ogo-tools-1.1.5-r1717.0.i386.rpm
  44. rpm -Uvh ogo-webui-calendar-1.1.5-r1717.0.i386.rpm
  45. rpm -Uvh ogo-webui-contact-1.1.5-r1717.0.i386.rpm
  46. rpm -Uvh ogo-webui-core-1.1.5-r1717.0.i386.rpm
  47. rpm -Uvh ogo-webui-mailer-1.1.5-r1717.0.i386.rpm
  48. rpm -Uvh ogo-webui-mailer-devel-1.1.5-r1717.0.i386.rpm
  49. rpm -Uvh ogo-webui-news-1.1.5-r1717.0.i386.rpm
  50. rpm -Uvh ogo-webui-project-1.1.5-r1717.0.i386.rpm
  51. rpm -Uvh ogo-webui-resource-basque-1.1.5-r1717.0.i386.rpm
  52. rpm -Uvh ogo-webui-resource-dk-1.1.5-r1717.0.i386.rpm
  53. rpm -Uvh ogo-webui-resource-es-1.1.5-r1717.0.i386.rpm
  54. rpm -Uvh ogo-webui-resource-fr-1.1.5-r1717.0.i386.rpm
  55. rpm -Uvh ogo-webui-resource-hu-1.1.5-r1717.0.i386.rpm
  56. rpm -Uvh ogo-webui-resource-it-1.1.5-r1717.0.i386.rpm
  57. rpm -Uvh ogo-webui-resource-jp-1.1.5-r1717.0.i386.rpm
  58. rpm -Uvh ogo-webui-resource-nl-1.1.5-r1717.0.i386.rpm
  59. rpm -Uvh ogo-webui-resource-no-1.1.5-r1717.0.i386.rpm
  60. rpm -Uvh ogo-webui-resource-pl-1.1.5-r1717.0.i386.rpm
  61. rpm -Uvh ogo-webui-resource-pt-1.1.5-r1717.0.i386.rpm
  62. rpm -Uvh ogo-webui-resource-ptbr-1.1.5-r1717.0.i386.rpm
  63. rpm -Uvh ogo-webui-resource-sk-1.1.5-r1717.0.i386.rpm
  64. rpm -Uvh ogo-webui-task-1.1.5-r1717.0.i386.rpm
  65. rpm -Uvh ogo-xmlrpcd-1.1.5-r1717.0.i386.rpm
  66. rpm -Uvh ogo-zidestore-1.1.5-r1717.0.i386.rpm
  67. rpm -Uvh ogo-zidestore-devel-1.1.5-r1717.0.i386.rpm
  68. rpm -Uvh ogo-meta-1.1.5-r1717.0.i386.rpm
  69. ###### /SNIP #######

Some things to note about the install.

These all have to be done on one line or "rpm" will complain that it can's resolve dependancies:
rpm -Uvh ogo-webui-app-1.1.5-r1717.0.i386.rpm ogo-theme-default-1.1.5-r1717.0.i386.rpm ogo-webui-resource-en-1.1.5-r1717.0.i386.rpm ogo-webui-resource-de-1.1.5-r1717.0.i386.rpm

ogo-database-setup-1.1.5-0.i386.rpm sets up your PostgreSQL database and database user for you. The output should look something like this:


Preparing...                     ########################################### [100%]
1:ogo-database-setup             ########################################### [100%]
PostgreSQL seems to be already initialized
and I can see it running:
PIDS used: 3456 3458 3459
We're on PostgreSQL 7 (7.4)
checking /var/lib/pgsql/data/postgresql.conf
need to patch /var/lib/pgsql/data/postgresql.conf for 7.4
backup current one to /var/lib/pgsql/data/postgresql.conf.20061213-153319
checking /var/lib/pgsql/data/pg_hba.conf
need to patch /var/lib/pgsql/data/pg_hba.conf for 7.4
backup current one to /var/lib/pgsql/data/pg_hba.conf.20061213-153319
The changes we've made require that we restart PostgreSQL...
Stopping postgresql service:    [  OK  ]
Starting postgresql service:      [  OK  ]
OK! PostgreSQL runs again: (3909 3911 3912)
creating database user: OGo
creating the database itself: OGo
we've successfully created both the user OGo and the raw database OGo
we'll now fill the database with the scheme itself
checking the logfile created during scheme rollin...
/tmp/database_setup_psql.sh.20061213-153319.log
removing log - not needed anymore

OK... Now everything is installed, and if you run the following command:

# /sbin/chkconfig --list | grep ogo

You should see the following output:

ogo-zidestore   0:off   1:off   2:on    3:on    4:on    5:on    6:off
ogo-webui       0:off   1:off   2:on    3:on    4:on    5:on    6:off
ogo-xmlrpcd     0:off   1:off   2:on    3:on    4:on    5:on    6:off
ogo-nhsd        0:off   1:off   2:on    3:on    4:on    5:on    6:off

Now, let's fire up these services:


# /sbin/service ogo-zidestore start
# /sbin/service ogo-webui start
# /sbin/service ogo-xmlrpcd start
# /sbin/service ogo-nhsd start

Everything should be up and running now, so you can grab a web browser and go to the following RUL:

http://server.domain.com/OpenGroupware

You will be logged in as the root user, so make sure to change the password.

If you are using this system as a stand-alone server, you are pretty much all set. We needed to authenticate it against our central LDAP, and point it towards our IMAP server though, so I added the following lines to "/var/lib/opengroupware.org/.libFoundation/DefaultsNSGlobalDomain.plist":


LSAuthLDAPServer = "ldapserver.domain.com";
LSAuthLDAPServerRoot = "dc=mydomain,dc=com";
imap_host = "imapserver.domain.com";
UseSkyrixLoginForImap = YES;

Make sure to put these lines at the end of the file, but before the closing braces.

The file should look something like this:

###### SNIP #######
{
"skyrix_id" = "server.domain.com";
LSConnectionDictionary = {
  databaseName = OGo;
  hostName = "127.0.0.1";
  password = "";
  port = 5432;
  userName = OGo;
};
  LSNewsImagesPath = "/var/lib/opengroupware.org/news";
  LSNewsImagesUrl = "/ArticleImages";
  Languages = (
  English
);
  TimeZoneName = GMT;
  WOHttpAllowHost = (
  localhost,
  "127.0.0.1",
  "localhost.localdomain"
);
  LSAuthLDAPServer = "ldapserver.domain.com";
  LSAuthLDAPServerRoot = "dc=domain,dc=com";
  imap_host = "imapserver.domain.com";
  UseSkyrixLoginForImap = YES;
}
###### /SNIP #######

Since the system won't let you authenticate the "root" user against the local database if your are using LDAP, you have to create a root user on your central LDAP.

Create an LDIF file called root.ldif like so:

###### SNIP #######
dn: uid=root,ou=People,dc=mydomain,dc=com
objectClass: organizationalPerson
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
uid: root
uidNumber: 0
gidNumber: 0
sn: Root
cn: Root
homeDirectory: /root
loginShell: /bin/bash
gecos: Root
###### /SNIP #######

Finally, run the following command to add the root user:


ldapadd -x -D "cn=Manager,dc=mydomain,dc=com" -W -f root.ldif"

You should now be authenticating against your central LDAP server. Have fun!

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Related Articles:

WordPress LDAP Plugin

October 26, 2005 | Filed Under All Stories, Data and Technology 4 Comments

It looks like Pat Cavit who runs Zilla Smash has coded a nifty little plugin that allows WordPress to authenticate against an LDAP server. Needless to say, this has great potential for universities and organizations who have LDAP based account provisioning and would like to offer blogging to large numbers of people.

So here’s version 1.01 of my LDAP Authentication plugin for WordPress 1.5.1. Note that this will NOT WORK with any previous version of WordPress. Installation is pretty simple: download, unzip into wp-content/plugins, activate, go to the “LDAP Options” menu and set up your LDAP information.

In the very near future we will be testing this LDAP plugin with WordPress MU. Check back for updates. We'll post any code changes that are required for MU.

Tags: , , , , , , , , , , ,

Related Articles: