Monday 21 June 2010

HOWTO: phpLDAPadmin on 10.04 Lucid Lynx

PLATFORM:
* Ubuntu Server 10.04 LTS (Lucid)

PREREQUISITES:
* A vanilla Ubuntu 10.04 server install.
* You have successfully installed a working LDAP server

Network overview;
* domain name: example.com
* ldap-server 10.1.1.5

Currently, the version of phpLDAPadmin that is in the Lucid repositories is a relatively old version (v1.1.07) which is not compatible with the version of PHP that actually ships with Lucid (v5.3.2).

Doh!

What we need to do is use the current version (v1.2.0.5) from Launchpad

wget https://launchpad.net/~ubuntu-security-proposed/+archive/ppa/+build/1744905/+files/phpldapadmin_1.2.0.5-1ubuntu1.10.04.1_all.deb

Install dependancies

sudo apt-get install apache2 apache2-mpm-prefork apache2-utils apache2.2-bin apache2.2-common libapache2-mod-php5 libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap php5-common php5-ldap ssl-cert

Install the package

sudo dpkg -i phpldapadmin_1.2.0.5-1ubuntu1.10.04.1_all.deb

Make a softlink to the downloaded version of php

sudo ln -s /usr/share/phpldapadmin /var/www/phpldapadmin

Pointing phpldapadmin to your domain;

Edit config.php

sudo vi /etc/phpldapadmin/config.php

Find these lines;

$servers->setValue('server','base',array('dc=example,dc=com'));

$servers->setValue('login','bind_id','cn=admin,dc=example,dc=com');


Change the lines to suit your own network. In my case this would be like this;

$servers->setValue('login','bind_id','cn=admin,dc=tuxnetworks,dc=com');

Restart apache

sudo /etc/init.d/apache2 restart

Test it by browsing to your ldap server at;

http://10.1.1.5/phpldapadmin/

and login using;

USER: cn=admin,dc=example,dc=com
PASS: your_password

Once you have logged in, expand the tree & you should see something like this;

+--> dc=example,dc=com (3)
---> cn=admin
+--> ou=groups (1)
+--> ou=people (1)
---> Create new entry here


And that's it, you're done!

HOWTO: LDAP Server on 10.04 Lucid Lynx

In my previous LDAP server howto we used 8.04 Hardy Heron. Things have changed quite a bit since then, so I have updated my procedure. Most of this is ajust a reproduction of the Ubuntu Doc's page for LDAP (See references at the end of the article for a link)

PLATFORM:
* Ubuntu Server 10.04 LTS (Lucid)

PREREQUISITES:
* A standard vanilla Ubuntu 10.04 server install.
* An NFS server exporting the users home directorys

Network overview;
* domain name: example.com
* ldap-server 10.1.1.5

Install The Packages

We want to install the OpenLDAP server daemon slapd and ldap-utils, a package containing LDAP management utilities:

sudo apt-get install slapd ldap-utils
Notes:
By default slapd is configured with minimal options needed to run the slapd daemon.

The configuration example in the following sections will match the domain name of the server. For example, if the machine's Fully Qualified Domain Name (FQDN) is ldap.example.com, the default suffix will be dc=example,dc=com.

Populating the server
Notes:
OpenLDAP uses a separate directory which contains the cn=config Directory Information Tree (DIT). The cn=config DIT is used to dynamically configure the slapd daemon, allowing the modification of schema definitions, indexes, ACLs, etc without stopping the service.

The backend cn=config directory has only a minimal configuration and will need additional configuration options in order to populate the frontend directory. The frontend will be populated with a "classical" scheme that will be compatible with address book applications and with Unix Posix accounts. Posix accounts will allow authentication to various applications, such as web applications, email Mail Transfer Agent (MTA) applications, etc.

* For external applications to authenticate using LDAP they will each need to be specifically configured to do so. Refer to the individual application documentation for details.

* Remember to change dc=example,dc=com in the following examples to match your LDAP configuration.

First, some additional schema files need to be loaded. In a terminal enter:

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif
sudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif


Next, create an LDIF file

vi ~/backend.ldif

With the following contents;

# Load dynamic backend modules
dn: cn=module,cn=config
objectClass: olcModuleList
cn: module
olcModulepath: /usr/lib/ldap
olcModuleload: back_hdb

# Database settings
dn: olcDatabase=hdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: dc=tuxnetworks,dc=com
olcDbDirectory: /var/lib/ldap
olcRootDN: cn=admin,dc=tuxnetworks,dc=com
olcRootPW: mypassword
olcDbConfig: set_cachesize 0 2097152 0
olcDbConfig: set_lk_max_objects 1500
olcDbConfig: set_lk_max_locks 1500
olcDbConfig: set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcLastMod: TRUE
olcDbCheckpoint: 512 30
olcAccess: to attrs=userPassword by dn="cn=admin,dc=tuxnetworks,dc=com" write by anonymous auth by self write by * none
olcAccess: to attrs=shadowLastChange by self write by * read
olcAccess: to dn.base="" by * read
olcAccess: to * by dn="cn=admin,dc=tuxnetworks,dc=com" write by * read

* Change olcRootPW: mypassword to a password of your choosing.

* Change dc=example,dc=com to suit your own domain details.

Now add the LDIF to the directory:

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.ldif

The frontend directory is now ready to be populated. Create a frontend.ldif file

vi ~/frontend.ldif

Enter the following contents, once again making the necessary changes to suit your own network:

# Create top-level object in domain
dn: dc=tuxnetworks,dc=com
objectClass: top
objectClass: dcObject
objectclass: organization
o: Tuxnetworks
dc: Tuxnetworks
description: LDAP Server

# Admin user.
dn: cn=admin,dc=tuxnetworks,dc=com
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin
description: LDAP administrator
userPassword: mypassword

dn: ou=people,dc=tuxnetworks,dc=com
objectClass: organizationalUnit
ou: people

dn: ou=groups,dc=tuxnetworks,dc=com
objectClass: organizationalUnit
ou: groups

dn: uid=brettg,ou=people,dc=tuxnetworks,dc=com
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: brettg
sn: Glasson
givenName: Brett
cn: Brett Glasson
displayName: Brett Glasson
uidNumber: 1000
gidNumber: 10000
userPassword: mypassword
gecos: Brett Glasson
loginShell: /bin/bash
homeDirectory: /home/brettg
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
mail: brett.glasson@tuxnetworks.com
postalCode: 31000
l: Melbourne
o: tuxnetworks
mobile: +33 (0)6 xx xx xx xx
homePhone: +33 (0)5 xx xx xx xx
title: System Administrator
postalAddress:
initials: BG

dn: cn=users,ou=groups,dc=tuxnetworks,dc=com
objectClass: posixGroup
cn: users
gidNumber: 10000

Notes:
In this example the directory structure, a user, and a group have been setup. In other examples you might see the objectClass: top added in every entry, but that is the default behaviour so you do not have to add it explicitly.

Add the entries to the LDAP directory:

sudo ldapadd -x -D cn=admin,dc=tuxnetworks,dc=com -W -f frontend.ldif

We can check that the content has been correctly added with the ldapsearch utility. Execute a search of the LDAP directory:

ldapsearch -xLLL -b "dc=tuxnetworks,dc=com" uid=brettg sn givenName cn

Which should return something like this;

dn: uid=brettg,ou=people,dc=,dc=com
cn: Brett Glasson
sn: Glasson
givenName: Brett


Next, you should go ahead and install phpLDAPadmin, add Samba support or configure a client

References:
Ubuntu Docs

Friday 4 June 2010

USB Devices in VirtualBox guests

Prerequisites:
    Oracle version of Virtualbox (The OSE version found in the standard repository does not support USB)
    Virtualbox extension pack
    Virtualbox guest tools
    Member of the vboxusers group

Note: It is usually not necessary to add the USB device from the command line as described here. As long as the above prerequisites are met you can usually use the gui to add device filters.

I want to connect an external HDD to a virtualbox guest. The unit is a WD "My Book" and the guest is named "Windows". Make sure your VM is powered off before you start!

First, check that your user is a member of the vboxusers group:

groups | grep vboxusers
myuser adm disk cdrom sudo dip plugdev lpadmin sambashare vboxusers libvirt

Note: If you aren't a member of the vboxusers group you must add yourself, logout and login again for the changes to take.

On the host running VirtualBox run the following command:

sudo VBoxManage list usbhost

Find the section that relates to the device you want to use. In my case it looks like this:

UUID:               f61de8f1-9c92-4781-92c5-d091705a0b79
VendorId:           0x1058 (1058)
ProductId:          0x1100 (1100)
Revision:           1.117 (01117)
Manufacturer:       Western Digital 
Product:            My Book         
SerialNumber:       57442D574341565930303934373837
Address:            sysfs:/sys/devices/pci0000:00/0000:00:1d.7/usb1/1-4//device:/dev/bus/usb/001/003
Current State:      Busy

Add a usb filter using the device details gleaned from the previous command:

VBoxManage usbfilter add 0 --target Windows --vendorid 1058 --productid 1100 --name "2TbExt" --active yes

The number after the "add" is the index number, if this is not the first device on the guest then adjust to the next "free" index. You can see the devices currently associated with a guest using this command:

VBoxManage showvminfo Windows

Finally enable usb for the guest:

VBoxManage modifyvm Windows --usb on

Now, after starting your VM, you should be able to see that the usb device is present in the virtual machine.

Note: If you have this working and it suddenly stops working, possibly after an update check that you still belong to the vboxusers group. If you don't belong to that group then no devices will show but there will be no "permisison denied" errors that might help to explain why.

UPDATED: November 2018