Archive for the 'activedirectory' Category
Today: 04-Nov-2008: Fun with Kerberos
Today was a mostly ordinary day, though the day started with me buying Red Alert 3, so that wasn’t too bad – yay! Australia! A week behind the rest of the world! I could have pirated the game and had it faster and cheaper, perhaps even finished! But I digress, it was an ordinary day.
Today is Melbourne Cup day, being the first Tuesday of November, so we had a luncheon of sorts and a drawing for the horses. Didn’t win, the food was good, I’m $10 poorer and such is life.
I’ve been spending more time at work using my Mac as a primary machine. Since I’ve moved to Exchange from Domino (or Outlook from Notes), I’ve gotten Evolution on Linux mostly working (with the exception that it doesn’t automatically look up names for emails which is tedious) and Apple’s Mail and Address Book both playing nicely with Exchange. I do miss the fact that I had Notes on my Linux desktop and things mostly worked albeit slowly and consuming large amounts of memory, but it worked with all of the features available normally. Mail’s ability to due autocompletion is what is drawing me back to it as a client, which when you start writing emails is actually more useful than you would think. Its still not up to par with the Notes autocomplete which was quite cool and a lot more advanced than either Mail’s or Outlook’s (I get Outlook via Citrix).
I’ve also been trying out NetBean’s PHP Early Access through a nightly build (has the ability to create PHP projects from existing sources) and I’m impressed with it. I tried it out because I wanted to try out debugging with my PHP instance and the dated version of Eclipse I had (3.2) seems to have issues – more than likely my fault – and I don’t want to waste time on trying to fix something. NetBean’s installed and worked almost instantly, however it took me a while to find where I could change the params to get J! to route items properly. I managed to work out the bug that I was having without too much issue. I knew what it was but not where it was: turned out to be exactly what I thought, an assignment operator used instead of the append operator. The Subversion support seems to be a bit off and doesn’t work yet, so I’m not quite ready to ditch Eclipse yet – but I’ll try with later versions to see what I get.
I had a chat with the principal (we have principal, manager, director, CEO as our chain of command) about the projects that I’m doing and the ones I’m interested in so I’ll have to do some paperwork and business cases for the new projects and justify items. We’ve recently got a new manager who is trying to find where everything is so part of this is explaining everything so that he can get a grasp of the way the system works.
Then I spent the majority of the afternoon with one of the ITS guys working through how our Citrix boxes work with Flex profiles and the mandatory profiles filling in the gaps in his knowledge and how different parts of the system and why items might break or behave in a particular way. I think he’s worked out how it works and he’s even figured out why a few issues are happening. So nothing exciting but useful.
And finally I had fun with Kerberos. I built the Kerberos module on the SLES10 server, installed it, restarted Apache and tried to get it to work. On my Mac both Safari and Firefox requested a username and password instead of using a Kerberos token and IE6 in my Citrix session seemed to just go in a weird infinite loop. I slowly worked through my entire Kerberos configuration on the server until I got to looking at the keys. It turns out that the keys were created with the wrong virtual host name for the server which is causing the issues. The keys for the real server name actually worked fine when I got around to testing them which proves that everything will work once I get the keys. The last part is a fix to the Citrix system which for some reason think that the intranet site is actually on the internet, but I’m assured that this should be easy to achieve. Getting Kerberos up and running was pretty easy ignoring the faulty keys compared with some of the nightmares I’ve had getting items to play nicely together. I’ll probably add something to my guide (http://sammoffatt.com.au/jauthtools/Kerberos) on it, to help with items.
Who knows, I may have even figured this Kerberos thing out!
No commentsJDiagnostic tech preview released
A lot of emails I get are with regards to deploying JAuthTools and Microsoft Active Directory (AD). AD doesn’t make things easy for users in the LDAP interface: its case sensitive, has everything in capitals, disallows anonymous searching (though users can bind anonymously and see,well, nothing) and has an interesting default layout (e.g. CN=Users instead of OU=Users). By default Joomla! 1.0.x doesn’t have the ability to log items which is a function of the system (e.g. there are very few functions that run purely in the ‘background’) which makes it hard to diagnose things that are going wrong. There is a small tool I use called JLogger which is basically a mambot API loader and a component to view the logs. Its pretty primitive and I haven’t ‘released’ it because it hasn’t had anywhere enough work done on it (it is available via Subversion, zip files together to create installable packages) but it was one of the first step towards diagnostic tools, and this is another step.
Recently I released JDiagnostic, a tech demo of a tool that I hope will evolve into a launching pad for a wide range of useful tools, tests and diagnostics. At present it solves the above stated problem: MSAD integration. Its a step by step wizard configurator for Active Directory, with tests along the way. At the end it configures the LDAP SSI and Joomla! LDAP mambots with as much details as it can (what you’ve supplied) leaving you hopefully with a consistent and working Active Directory setup, without the pain of having to read through logs to see what is happening.
You can check out JDiagnostic on the Pasamio’s Projects FRS page.
7 comments