Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - andygraybeal

Pages: [1]
1
Document Goals:
 1. zentyal 2.0 install configured as ldap slave (warning: passwords will be passed in the clear. both master and slave are on my local network, so i'm not too worried. However, I would never configure it this way on the internet, i would use a VPN tunnel to sync between master and slave, eventually, i'll configure the vpn and document it here)
 
 2. liferay 6.1 bundle w/ ldap auth to localhost

Disclaimer:
My skill level is laughable at best as i spend most of my days quagmired heavy with confusion.  I have patience, persistence and many people on IRC helping me, as well as many web and forum postings to guide me.  The information in this document might be wildly incorrect.. but it's my roundabout way to get this shit working.  I welcome any constructive criticism improving what I have.  I appreciate learning.  Hopefully this will be helpful to someone else.


references:
http://www.liferay.com/documentation/liferay-portal/6.1/user-guide
http://trac.zentyal.org/wiki/Documentation/Community/Installation/InstallationGuide
apologies, there should be more references here.


_breath life into new machine with kvm/libvirt_
create a volume big enough; name it after the machine.

sudo virt-install  --name=portal --ram=4192 --vcpus=4 --cpuset=0-3 --os-variant=ubuntulucid --cdrom=ubuntu-10.04-server-amd64.iso --disk path=/dev/cleopatra/portal --network=bridge=br0,model=virtio --vnc

run through the install dialogs

select ssh server

finish the install, reboot

_run updates_
ssh into it.
sudo apt-get update && sudo apt-get upgrade
sudo apt-get install unzip

_install Zentyal 2.0_
sudo apt-get install -y python-software-properties && sudo add-apt-repository ppa:zentyal/2.0 && sudo apt-get update

sudo apt-get install zentyal
 - at this point in my time, i like to keep the admin page on 4430 so i can ssl the regular website

open your browser
head over to https://portal:4430
accept self-signed security certificate
login to zentyal
select "skip install"

install the LDAP part of zenny:
once at the main dashboard, select 'software management' -> 'zentyal components' -> 'users and groups'; click 'install'; confirm the extra packages

configure the network:
eth0 is internal, so click 'next'
it gets a dhcp address, so click 'next'
Select the type of ldap server: "Advanced configuration (Master/Slave/AD Sync)", click next.
Click on "Save Changes"

configure module status:
at the dashboard, select 'Module Status'.  Turn all the modules that can be turned on and select accept at each module dialog.  Save changes.

configure firewall to allow ldap:
at the dashboard, select 'Firewall' -> 'Packet Filter' -> 'Internal networks to Zentyal'
Edit the 'LDAP' entry, change from 'Deny' to 'Accept'

_Configure LDAP as slave_
reset users and groups for whatever reason:
go to your terminal and run: sudo /usr/share/ebox-usersandgroups/ebox-usersandgroups-reinstall

after that is finished, go back to your browser, refresh the zentyal admin page and select 'users and groups', then 'mode'
From the "Mode" dropdown box select "Slave".

type the address of your master (i've been having to type in my actual ip address, not hostname for whatever reason... i'm pretty sure my dns is fine) and master password

go to the module, enable 'users and groups'

_Add the service and configure firewall for tomcat7/liferay_
add a service called tomcat7 on port 8080
From the Dashboard, select "Services" -> Add New:
 Service Name: tomcat7
 Description: tomcat7/liferay portal
 Tick the internal checkbox.
 Select Add.
  Under "Editing Service":
  Protocol: TCP
  Source Port: Any
  Destination Port: Single Port: 8080
  Save Changes!
 Now Select "Firewall" -> "Packet Filter" -> "Filtering rules from internal networks to Zentyal" -> "Add New"
   Decision: ACCEPT
   Source: Any
   Service: tomcat7
   Select "Add"
   Save Changes
   

_install oracle java jdk v6_

wget http://download.oracle.com/otn-pub/java/jdk/6u31-b04/jdk-6u31-linux-x64.bin

for whatever reason it worked better for 'sudo -i' to begin with

chmod +x jdk-6u31-linux-x64.bin

./jdk-6u31-linux-x64.bin


    sudo mkdir -p /usr/local/java
    sudo mv jdk1.6.0_31 /usr/local/java/jdk1.6.0_31
    sudo ln -s /usr/local/java/jdk1.6.0_31 /usr/local/java/latest
    sudo mv /etc/environment /etc/environment.bak
    sudo echo "JAVA_HOME=\"/usr/local/java/latest\"" > ~/environment
    sudo echo "JRE_HOME=\"/usr/local/java/latest/jre\"" >> ~/environment
    sudo echo "PATH=\"\$JAVA_HOME/bin:$PATH\"" | cat >> ~/environment
    sudo mv ~/environment /etc/environment
    sudo echo "export JAVA_HOME=\"/usr/local/java/latest\"" > /etc/profile.d/javaenv.sh
    sudo echo "export JRE_HOME=\"/usr/local/java/latest/jre\"" >> /etc/profile.d/javaenv.sh
    sudo echo "export PATH=\"\$JAVA_HOME/bin:$PATH\"" | cat >> /etc/profile.d/javaenv.sh
    sudo chmod +x /etc/profile.d/javaenv.sh
   
again for whatever reason, i had to reboot to get this to work


_install mysql_

sudo apt-get install mysql-server

_create liferay mysql user and db_
mysql -p -u root
CREATE DATABASE lportal CHARACTER SET utf8;
CREATE USER 'lportal'@'localhost' IDENTIFIED BY 'lportal';
GRANT ALL PRIVILEGES ON *.* TO 'lportal'@'localhost' WITH GRANT OPTION;

_d/l liferay bundle_

wget "http://downloads.sourceforge.net/project/lportal/Liferay%20Portal/6.1.0%20GA1/liferay-portal-tomcat-6.1.0-ce-ga1-20120106155615760.zip?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Flportal%2Ffiles%2FLiferay%2520Portal%2F6.1.0%2520GA1%2F&ts=1331124425&use_mirror=voxel" -O liferay-portal-tomcat-6.1.0-ce-ga1-20120106155615760.zip

_expand liferay into /opt/liferay_
sudo mkdir /opt/liferay
unzip liferay-portal-tomcat-6.1.0-ce-ga1-20120106155615760.zip
sudo mv liferay-portal-6.1.0-ce-ga1 /opt/liferay

_create config file_
sudo vim /opt/liferay/liferay-portal-6.1.0-ce-ga1/tomcat-7.0.23/webapps/ROOT/WEB-INF/classes/portal-ext.properties

put this in it:
#
# MySQL
#
jdbc.default.driverClassName=com.mysql.jdbc.Driver
jdbc.default.url=jdbc:mysql://localhost/lportal?useUnicode=true&characterEncoding=UTF-8&useFastDateParsing=false
jdbc.default.username=lportal
jdbc.default.password=lportal

_remove sevencogs-hook_
There is only one application included in the bundle that you need to remove. It's called sevencogs-hook. It's a Liferay plugin that copies the 7Cogs data into the database when Liferay is started. To remove it, all you have to do is undeploy it. The method for doing this differs by application server and that, of course, depends on the bundle you have chosen. For example, on Tomcat you delete the application from the [Tomcat Home]/webapps folder

sudo rm -rf /opt/liferay/liferay-portal-6.1.0-ce-ga1/tomcat-7.0.23/webapps/sevencogs-hook
keep the sevencogs-theme if you want, it might be useful.


_configure tomcat to be a service_
sudo vim /etc/init.d/tomcat7
# Tomcat auto-start
#
# description: Auto-starts tomcat 7
# processname: tomcat7
# pidfile: /var/run/tomcat.pid

export JAVA_HOME=/usr/local/java/latest

case $1 in
start)
        sh /opt/liferay/liferay-portal-6.1.0-ce-ga1/tomcat-7.0.23/bin/startup.sh
        ;;
stop)
        sh /opt/liferay/liferay-portal-6.1.0-ce-ga1/tomcat-7.0.23/bin/shutdown.sh
        ;;
restart)
        sh /opt/liferay/liferay-portal-6.1.0-ce-ga1/tomcat-7.0.23/bin/shutdown.sh
        sh /opt/liferay/liferay-portal-6.1.0-ce-ga1/tomcat-7.0.23/bin/startup.sh
        ;;
esac
exit 0

#eof
--
Change the mode of the file:
sudo chmod 755 /etc/init.d/tomcat7

create links in the rc.d
sudo ln -s /etc/init.d/tomcat7 /etc/rc1.d/K99tomcat
sudo ln -s /etc/init.d/tomcat7 /etc/rc2.d/S99tomcat

reboot to test

_check the tomcat log_
watch the machine come up, it may take a while, so be patient, it takes a coupla minutes on my machine.
sudo tail -f /opt/liferay/liferay-portal-6.1.0-ce-ga1/tomcat-7.0.23/logs/catalina.out

_configure the machine in the browser_
open your browser and head to http://portal:8080
finish off the install here.

_Configure LDAP_
After installed, login with: test@liferay.com / password
Control Panel -> Portal Settings -> Authentication -> LDAP:
  Tick "Enabled" check box, hit save.
  Under "LDAP Servers" click the "Add" button
    Server Name: Local (arbitrary, i chose Local cause I'm boring)
    At first I was confused by the "Default Values interface" but now I understand that it simply just resets the settings to match the which ever directory paradigm.  You can simply ignore this.
    Under "Connection"
      Base Provider URL: ldap://localhost:1389  (please note, that port 389 is used to bind to the ldap master, and 1389 is used to bind onto the ldap slave, thank you exekias for your constant reminder, maybe one day, I'll remember)
      Base DN: dc=zabulon,dc=casanueva,dc=com
      Principal: cn=ebox,dc=zabulon,dc=casanueva,dc=com
      Credentials: ZeeZecretPassword
    Go ahead and test the connection
    Under "Users"
      Authentication Search Filter: (mail=@email_address@)
      Import Search Filter: (objectClass=inetOrgPerson)
      User Mapping:
        Screen Name: uid
        Password: userPassword
        Email Address: mail (From what I remember, which is not to be trusted, I had to manually edit my Zentyal LDAP and add my mail address to the master, and i believe it propogates it to the slaves without a hitch - to edit i use jxplorer or luma (i can't remember which app i used specifically), this is something to be aware of when upgrading or re-installing the master from scratch.. something i have yet to do)
        Full Name: <empty>
        First Name: givenName
        Middle Name: <empty>
        Last Name: sn
        Job Title: <empty>
        Portrait: <empty>
        Group: <empty>
        UUID: <empty>
      Go ahead and test the LDAP Users, see if it works; adjust the settings if needed. 
    Groups:
      Import Search Filter: (objectClass=posixGroup)
      Group Mapping:
        Group Name: cn
        Description: description (i don't know if this is needed.. but i kept it so far, seems fine, can't hurt)
        User: memberUid   
      Test the Groups.
    I left the whole Export section alone, I don't want to export from Liferay, as far as I can tell at this moment.
    Click the "Save" button
  Import / Export
    I ticked the "Import Enabled" checkbox, i don't know if this is correct.
    I left "Import on Startup Enabled" and "Export Enabled" unticked.
  Password Policy
    I ticked "Use LDAP Password Policy" checkbox.
   
Aight, that's it; good luck and happy authing.

2
Installation and Upgrades / [SOLVED] Zarafa Groups, zentyal 2.0x
« on: October 11, 2011, 05:16:07 pm »
My Zentyal groups are not being imported into Zarafa.  Is there anything I should be doing to get this to work?

I am working on getting resources to work, and I would like to have permissions assigned to the groups to control the resources.  I need the groups to exist before I can give resources permissions.. (i'm still learning how to create the resources ).

This looks like it is the same issue posted May 19, 2011:
http://forum.zentyal.org/index.php/topic,6888.msg27614.html#msg27614
With no response.

This may be the same thing:
http://forum.zentyal.org/index.php/topic,8240.msg33862.html#msg33862
This post says 'Solved' but I don't understand it enough to see the resolution.


Thanks,
Andy

3
Installation and Upgrades / Zarafa Resources, recommendation request
« on: October 04, 2011, 05:30:27 pm »
Greetings,
I would like a recommendation from the group on how to setup Zarafa Resources.  I've read the Zarafa documentation and this is the URL for setting up resources: http://doc.zarafa.com/7.0/Administrator_Manual/en-US/html/_resource_configuration.html

This documentation is great and I'm happy about this.  I'm wondering if I should follow these instructions or if there is another way, since I'm using Zarafa in conjunction with Zentyal, that you folks might recommend.

Andy

4
Greetings.  I am looking into "Timetrex" for payroll and scheduling.  I would like to get it to authenticate with Zentyal's LDAP.

I'm no good at this LDAP stuff... I guess i need more practice.  Here is Timetrex's LDAP Auth configuration settings directly from the admin module.  The stuff in parenthesis is explaining the field in Timetrex's words.:


1. Server: hostname, this one is easy :)
2. Port: 389, also easy
3. Bind User Name: ?? (Used to search for the Timetrex user, leave blank for anonymous binding)
4. Bind Password: ??
5. Base DN:  dc=zabulon,dc=casanueva,dc=com  ... I copied directly from my zentyal ldap master, I think this is what it needs.
6. Bind Attribute: ??  (For binding the LDAP user. ie: AD/openLDAP: userPrincipalName, Mac OSX: uid)  I think this is "Users" for zentyal, but I need some help here.
7. User filter: ?? (Additional filter parameters, ie is_timetrex_user=1)  I think this is just extra and not needed
8. Login Attribute: ?? (For searching the LDAP user.  ie: AD: sAMAccountName, openLDAP:dn, Mac OSX: dn)  I'm just going to assume that I should use "dn" like it says- but again I have no idea.


I'm hoping someone can connect the dots, I assume that no one has experience connecting Timetrex with Zentyal because google hasn't turned anything up and it doesn't exist yet in this forum.

Thanks,
Andy

5
Hi,
I'm using Zentyal as an email server, and I'm wondering where postmaster and webmaster end up going?   I'm also running Mailman (just got it all working today :) and I'm thinking about having a postmaster and webmaster mail list, in order to have several people receive these emails.

Let me know your thoughts about this.  Thank you,
Andy

6
I would like to be able to do mail lists.  I'm wondering if Mailman can do this task or if there is another recommended way.  

Maybe there is some documentation I could follow to help me configure Mailman with Zentyal :)

Thank you,
Andy

7
Installation and Upgrades / [SOLVED] zentyal without xwindows?
« on: May 03, 2011, 10:16:05 pm »
Can I have Zentyal but without XWindows?

Can I install Zentyal from the Zentyal iso file and then remove XWindows?

I'm having troubles with my ISP not being able to use vmvga with qemu and for whatever reason.  I can switch to vmvga here locally and that makes everything work okay.

Thank you,
Andy

8
Installation and Upgrades / Multiple Server setup
« on: April 19, 2011, 02:51:17 pm »
Greetings,
I am thinking about having our Zentyal mail server (and Joomla web server, but this is less important at the moment) hosted by a company that uses KVM images in a real server room.  The rest of the Zentyal system (Groupware, Filesharing, PDC, Master LDAP, etc) will live in a rack in our office. Our office system is on UPS, but there is no generator, 24/7 operators, etc; so most likely it will go down due to natural causes from time to time.  I can't afford to have the mail or web server go down.

How do I integrate the non-local mail server with the locally installed groupware application?

I just ordered the Zentyal Admin book, it looks like it will arrive in a month.  I am hoping the answer is in the book, but I don't want to wait a month... maybe I should though.

I hope this question makes sense.  Any help is appreciated.  If more information is needed to provide a better question/answer, please let me know.

-Andy

9
Installation and Upgrades / NexentaStor LDAP Client configuration
« on: April 04, 2011, 07:03:05 pm »
Greetings,
I would like to use the storage appliance NexentaStor.  It has an LDAP client configuration screen which I've attached to this message.

It has three drop down fields with information not obtainable from the screenshot:
LDAP config type: manual / init
Credential Level: anonymous / proxy / proxy anonymous
Authentication Method: none / simple / SASL/CRAM-MD5 / SASL/DIGEST-MD5 / tls:simple

I have allowed the firewall to talk to the NexentaStor machine's IP address.

I'm new to this and confused any help would be appreciated.

-Andy

Pages: [1]