Openfire Active Directory Authentication

Oh the joy and the pain of this….

After a very long time I have now got this working how I want it but it was painful getting the right runes to make the two play nicely.

What I wanted:

  • To have a group in AD that could access and authenticate to Openfire
  • To have a groups in Openfire that were defined by an AD group.

AD Structure

  • All of our users are in a group called “Foo Users”
  • All of our groups are in “Foo Groups”
  • All of our Openfire users are in a group called “openfire” whichร‚ย  is inside “Foo Groups”
  • Our Openfire groups are in “Openfire Groups” which is in “Foo Groups” (I made “Openfire Groups” a universal group, this may or may not be needed).
  • I then made the “openfire” group a member of “Openfire Groups”
  • Our domain is called foo.com

The authentication

  • ldap.baseDN : dc=”foo”,dc=”com”
  • adminDN : cn=”administrator”,cn=”Users”,dc=”foo”,dc=”com”
  • Userfilter : (&(memberOf=CN=openfire,OU=Foo Groups,DC=foo,DC=com))
  • Groupfilter : (&(memberOf=CN=openfire,OU=Foo Groups,DC=foo,DC=com))

Hope this helps someoneร‚ย  ๐Ÿ™‚

CVSNT SSH Access: No Such Repository

CVSNT is a drop in replacement for CVS so they say ๐Ÿ™‚

Well ish…ร‚ย ร‚ย  To cut a very long story short I had a problem very similar to this one. I had removed my old CVS install and installed CVSNT in its place.

I go to a dev machine,ร‚ย  use WinCVS and BANG no such repository!ร‚ย ร‚ย  I run to my desk and ssh into the server,ร‚ย  no all our code is there and still in the same place and no change to the CVSROOT on the dev machines either.

Fast forward a few hours of keyboard bashing and searching…

Even if you are only accessing CVS via SSH you will still need to configure /etc/cvsnt/PServer just copy the PServer.example file to PServer edit the Repository0 section to put the path to your repository,ร‚ย  save and you are done ๐Ÿ™‚

This is a CVSNT security measure apparently and it could have been mentioned a bit more prominantly IMHO ๐Ÿ™‚

Hope this saves someone else a lot of time and dry cleaning bill ๐Ÿ™‚

Why lobby when you can lunch in Corfu

I will assume you have heard the news about Lord Mandy, Geffen and a quick paid for amendment to UK Gov policy…

On http://gl.u.gg a forum for nice people ๐Ÿ™‚ Spinnie who has a flair for playing devil’s advocate said

Civil rights groups? It’s a civil right to steal stuff? I must have missed that memo.

It is a valid question and I offer the following:

It is a civil right not to have a form of communication cut off on the basis of unsubstantiated rumor by an arbitrary commercial trade interest group.

Does this seem any more rational:

“The Associated Amateur Dramatics Union paid observer in the pub heard that you went to see a play and then spoke to several friends and said it was not very good, this was damaging to our revenue stream. Our source said that you had done this before. Therefore we demand the right that you no longer have the right to have a telephone to prevent you causing any more damage to our business.”

There is nothing I fear more than Am-Dram societies getting organised.

OpenFire XMPP Server on Debian

I was asked today to set up an IM server for internal use,ร‚ย ร‚ย  originally they were specifying Windows messanger but I was able to suggest we try a proper standards based system instead ๐Ÿ™‚

So I need a server,ร‚ย  a few clicks in the Proxmox interface ( a rather nice way of handling OpenVZ virtualisation) and I have a new blank Debian lenny box already to play with.

Added the non-free option to the apt repository (as we will need the Sun JRE) and off we go :)ร‚ย ร‚ย  Apt decided to moan about :

W: There is no public key available for the following key IDs:
9AA38DCD55BE302B
W: GPG error: http://security.debian.org lenny/updates Release:
The following signatures couldn't be verified because the public
key is not available: NO_PUBKEY 9AA38DCD55BE302B

Which was solved by this post here ๐Ÿ™‚

A quick :

apt-get install debian-archive-keyring

and off we go again ๐Ÿ™‚

Next stop is the Java monster,ร‚ย  mercifully simple to install nowadays:

apt-get install sun-java6-jre

Next we grab the latest openfire deb,ร‚ย ร‚ย  then install:

dpkg -i openfire_3.6.4_all.deb

Which seemed to be too painless…

Fire up the Wizard on port 9090 from a browser and you are done ๐Ÿ™‚

LRL2009 PIMP IT!

Yes ladies, gentlemen and chinny racoons,ร‚ย  LRL 2009 is scheduled for :

Lugradio Live 2009, 24th October 2009,  Newhampton Arts Centre Wolvehampton

To put this countdown on your site is simple,ร‚ย  just copy and paste the following code :

<a href="http://www.lugradio.org/live/2009/" target="_blank"><img style="border: 0pt none ;" 
src="http://da.mned.co.uk/stuff/lrl/lrl_countdown.png" 
alt="Lugradio Live 2009, 24th October 2009,  Newhampton Arts Centre Wolvehampton" width="237" height="251"></a>

There will be more styles and options and of course the code to run the counter yourself to follow ๐Ÿ™‚