Document Goals:
1. zentyal 2.0 install configured as ldap slave (warning: passwords will be passed in the clear. both master and slave are on my local network, so i'm not too worried. However, I would never configure it this way on the internet, i would use a VPN tunnel to sync between master and slave, eventually, i'll configure the vpn and document it here)
2. liferay 6.1 bundle w/ ldap auth to localhost
Disclaimer:
My skill level is laughable at best as i spend most of my days quagmired heavy with confusion. I have patience, persistence and many people on IRC helping me, as well as many web and forum postings to guide me. The information in this document might be wildly incorrect.. but it's my roundabout way to get this shit working. I welcome any constructive criticism improving what I have. I appreciate learning. Hopefully this will be helpful to someone else.
references:
http://www.liferay.com/documentation/liferay-portal/6.1/user-guidehttp://trac.zentyal.org/wiki/Documentation/Community/Installation/InstallationGuideapologies, there should be more references here.
_breath life into new machine with kvm/libvirt_
create a volume big enough; name it after the machine.
sudo virt-install --name=portal --ram=4192 --vcpus=4 --cpuset=0-3 --os-variant=ubuntulucid --cdrom=ubuntu-10.04-server-amd64.iso --disk path=/dev/cleopatra/portal --network=bridge=br0,model=virtio --vnc
run through the install dialogs
select ssh server
finish the install, reboot
_run updates_
ssh into it.
sudo apt-get update && sudo apt-get upgrade
sudo apt-get install unzip
_install Zentyal 2.0_
sudo apt-get install -y python-software-properties && sudo add-apt-repository ppa:zentyal/2.0 && sudo apt-get update
sudo apt-get install zentyal
- at this point in my time, i like to keep the admin page on 4430 so i can ssl the regular website
open your browser
head over to
https://portal:4430accept self-signed security certificate
login to zentyal
select "skip install"
install the LDAP part of zenny:
once at the main dashboard, select 'software management' -> 'zentyal components' -> 'users and groups'; click 'install'; confirm the extra packages
configure the network:
eth0 is internal, so click 'next'
it gets a dhcp address, so click 'next'
Select the type of ldap server: "Advanced configuration (Master/Slave/AD Sync)", click next.
Click on "Save Changes"
configure module status:
at the dashboard, select 'Module Status'. Turn all the modules that can be turned on and select accept at each module dialog. Save changes.
configure firewall to allow ldap:
at the dashboard, select 'Firewall' -> 'Packet Filter' -> 'Internal networks to Zentyal'
Edit the 'LDAP' entry, change from 'Deny' to 'Accept'
_Configure LDAP as slave_
reset users and groups for whatever reason:
go to your terminal and run: sudo /usr/share/ebox-usersandgroups/ebox-usersandgroups-reinstall
after that is finished, go back to your browser, refresh the zentyal admin page and select 'users and groups', then 'mode'
From the "Mode" dropdown box select "Slave".
type the address of your master (i've been having to type in my actual ip address, not hostname for whatever reason... i'm pretty sure my dns is fine) and master password
go to the module, enable 'users and groups'
_Add the service and configure firewall for tomcat7/liferay_
add a service called tomcat7 on port 8080
From the Dashboard, select "Services" -> Add New:
Service Name: tomcat7
Description: tomcat7/liferay portal
Tick the internal checkbox.
Select Add.
Under "Editing Service":
Protocol: TCP
Source Port: Any
Destination Port: Single Port: 8080
Save Changes!
Now Select "Firewall" -> "Packet Filter" -> "Filtering rules from internal networks to Zentyal" -> "Add New"
Decision: ACCEPT
Source: Any
Service: tomcat7
Select "Add"
Save Changes
_install oracle java jdk v6_
wget
http://download.oracle.com/otn-pub/java/jdk/6u31-b04/jdk-6u31-linux-x64.binfor whatever reason it worked better for 'sudo -i' to begin with
chmod +x jdk-6u31-linux-x64.bin
./jdk-6u31-linux-x64.bin
sudo mkdir -p /usr/local/java
sudo mv jdk1.6.0_31 /usr/local/java/jdk1.6.0_31
sudo ln -s /usr/local/java/jdk1.6.0_31 /usr/local/java/latest
sudo mv /etc/environment /etc/environment.bak
sudo echo "JAVA_HOME=\"/usr/local/java/latest\"" > ~/environment
sudo echo "JRE_HOME=\"/usr/local/java/latest/jre\"" >> ~/environment
sudo echo "PATH=\"\$JAVA_HOME/bin:$PATH\"" | cat >> ~/environment
sudo mv ~/environment /etc/environment
sudo echo "export JAVA_HOME=\"/usr/local/java/latest\"" > /etc/profile.d/javaenv.sh
sudo echo "export JRE_HOME=\"/usr/local/java/latest/jre\"" >> /etc/profile.d/javaenv.sh
sudo echo "export PATH=\"\$JAVA_HOME/bin:$PATH\"" | cat >> /etc/profile.d/javaenv.sh
sudo chmod +x /etc/profile.d/javaenv.sh
again for whatever reason, i had to reboot to get this to work
_install mysql_
sudo apt-get install mysql-server
_create liferay mysql user and db_
mysql -p -u root
CREATE DATABASE lportal CHARACTER SET utf8;
CREATE USER 'lportal'@'localhost' IDENTIFIED BY 'lportal';
GRANT ALL PRIVILEGES ON *.* TO 'lportal'@'localhost' WITH GRANT OPTION;
_d/l liferay bundle_
wget "
http://downloads.sourceforge.net/project/lportal/Liferay%20Portal/6.1.0%20GA1/liferay-portal-tomcat-6.1.0-ce-ga1-20120106155615760.zip?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Flportal%2Ffiles%2FLiferay%2520Portal%2F6.1.0%2520GA1%2F&ts=1331124425&use_mirror=voxel" -O liferay-portal-tomcat-6.1.0-ce-ga1-20120106155615760.zip
_expand liferay into /opt/liferay_
sudo mkdir /opt/liferay
unzip liferay-portal-tomcat-6.1.0-ce-ga1-20120106155615760.zip
sudo mv liferay-portal-6.1.0-ce-ga1 /opt/liferay
_create config file_
sudo vim /opt/liferay/liferay-portal-6.1.0-ce-ga1/tomcat-7.0.23/webapps/ROOT/WEB-INF/classes/portal-ext.properties
put this in it:
#
# MySQL
#
jdbc.default.driverClassName=com.mysql.jdbc.Driver
jdbc.default.url=jdbc:mysql://localhost/lportal?useUnicode=true&characterEncoding=UTF-8&useFastDateParsing=false
jdbc.default.username=lportal
jdbc.default.password=lportal
_remove sevencogs-hook_
There is only one application included in the bundle that you need to remove. It's called sevencogs-hook. It's a Liferay plugin that copies the 7Cogs data into the database when Liferay is started. To remove it, all you have to do is undeploy it. The method for doing this differs by application server and that, of course, depends on the bundle you have chosen. For example, on Tomcat you delete the application from the [Tomcat Home]/webapps folder
sudo rm -rf /opt/liferay/liferay-portal-6.1.0-ce-ga1/tomcat-7.0.23/webapps/sevencogs-hook
keep the sevencogs-theme if you want, it might be useful.
_configure tomcat to be a service_
sudo vim /etc/init.d/tomcat7
# Tomcat auto-start
#
# description: Auto-starts tomcat 7
# processname: tomcat7
# pidfile: /var/run/tomcat.pid
export JAVA_HOME=/usr/local/java/latest
case $1 in
start)
sh /opt/liferay/liferay-portal-6.1.0-ce-ga1/tomcat-7.0.23/bin/startup.sh
;;
stop)
sh /opt/liferay/liferay-portal-6.1.0-ce-ga1/tomcat-7.0.23/bin/shutdown.sh
;;
restart)
sh /opt/liferay/liferay-portal-6.1.0-ce-ga1/tomcat-7.0.23/bin/shutdown.sh
sh /opt/liferay/liferay-portal-6.1.0-ce-ga1/tomcat-7.0.23/bin/startup.sh
;;
esac
exit 0
#eof
--
Change the mode of the file:
sudo chmod 755 /etc/init.d/tomcat7
create links in the rc.d
sudo ln -s /etc/init.d/tomcat7 /etc/rc1.d/K99tomcat
sudo ln -s /etc/init.d/tomcat7 /etc/rc2.d/S99tomcat
reboot to test
_check the tomcat log_
watch the machine come up, it may take a while, so be patient, it takes a coupla minutes on my machine.
sudo tail -f /opt/liferay/liferay-portal-6.1.0-ce-ga1/tomcat-7.0.23/logs/catalina.out
_configure the machine in the browser_
open your browser and head to
http://portal:8080finish off the install here.
_Configure LDAP_
After installed, login with:
test@liferay.com / password
Control Panel -> Portal Settings -> Authentication -> LDAP:
Tick "Enabled" check box, hit save.
Under "LDAP Servers" click the "Add" button
Server Name: Local (arbitrary, i chose Local cause I'm boring)
At first I was confused by the "Default Values interface" but now I understand that it simply just resets the settings to match the which ever directory paradigm. You can simply ignore this.
Under "Connection"
Base Provider URL: ldap://localhost:1389 (please note, that port 389 is used to bind to the ldap master, and 1389 is used to bind onto the ldap slave, thank you exekias for your constant reminder, maybe one day, I'll remember)
Base DN: dc=zabulon,dc=casanueva,dc=com
Principal: cn=ebox,dc=zabulon,dc=casanueva,dc=com
Credentials: ZeeZecretPassword
Go ahead and test the connection
Under "Users"
Authentication Search Filter: (mail=@email_address@)
Import Search Filter: (objectClass=inetOrgPerson)
User Mapping:
Screen Name: uid
Password: userPassword
Email Address: mail (From what I remember, which is not to be trusted, I had to manually edit my Zentyal LDAP and add my mail address to the master, and i believe it propogates it to the slaves without a hitch - to edit i use jxplorer or luma (i can't remember which app i used specifically), this is something to be aware of when upgrading or re-installing the master from scratch.. something i have yet to do)
Full Name: <empty>
First Name: givenName
Middle Name: <empty>
Last Name: sn
Job Title: <empty>
Portrait: <empty>
Group: <empty>
UUID: <empty>
Go ahead and test the LDAP Users, see if it works; adjust the settings if needed.
Groups:
Import Search Filter: (objectClass=posixGroup)
Group Mapping:
Group Name: cn
Description: description (i don't know if this is needed.. but i kept it so far, seems fine, can't hurt)
User: memberUid
Test the Groups.
I left the whole Export section alone, I don't want to export from Liferay, as far as I can tell at this moment.
Click the "Save" button
Import / Export
I ticked the "Import Enabled" checkbox, i don't know if this is correct.
I left "Import on Startup Enabled" and "Export Enabled" unticked.
Password Policy
I ticked "Use LDAP Password Policy" checkbox.
Aight, that's it; good luck and happy authing.