Month: May 2008

Fedora 9 Released!!!

And it rocks!!

The first thing you notice after fedora 9 is the blazing faaaast startup and shutdown times.

Now, before I say anything else about Fedora 9, here are a few screenshots :

Here’s Gnome in F9 :

And here is KDE 4 (finally !!):

KDE 4 seems to be following the footsteps of some of its latest applications like Basket. The new start menu now acts like that of IPOD. And the inbuilt search as shown in the following video is simply amazing!. The whole desktop has been given a major revamp. And so has been the theme. The widgets on the desktop now act a bit like widgets on Vista.

Among the key features, the feature that i think will prove to be indispensable later in making fedora more famous is the windows fedora live usb creator.

A feature (a release method actually) that really helped me a lot in creating the live DVD is Jigdo. Here is what the official release notes say about Jigdo :

Fedora releases are also available via Jigdo. This distribution method can improve the speed of obtaining the installation ISO images. Instead of waiting for torrent downloads to complete, Jigdo seeks the fastest mirrors it can find via the Fedora Project Mirror Manager infrastructure, and downloads the bits it needs from these mirrors. To optimize seeking these bits, you can tell Jigdo to scan a DVD or CD you already have, and cut down on redundant downloads. This feature becomes particularly useful if you:

1. Download all the test releases and then get the final release, in which case you have 90% of the data already with each subsequent download.

2. Download both the DVD and the CD set, in which case the DVD holds 95% of the data needed for the CD sets.

3. Download any combination of the above.

Anaconda, the installer for fedora, now supports resizing of ntfs, ext3 and ext4 partitions during installation. This will be of great help to windows users. (yes, it supports ext4 now.) Also, it gives an option of installing encrypted partitions. Business users ought to try this, but with caution.
Here is a list of all the new features in fedora 9.

Things done in college – technology

Here is a list of things I have done in the past three years. I have written for the sake of personal record.

As a member of Delta :
Created a “PC Based Oscilloscope” in IIT Bombay, as a summer project. Used java servlets on the server side and a java applet on the client side. Was responsible for the whole of the software side – 2006 Summers
Worked in Pragyan CMS V1, which finally got implemented in our college website – 2005-2007
Made Dalal Street, a stock market simulator using java servlets on the server side and using eclipse to make a java based ui compiled using gcj to eliminate the need of jvm to run the final executable – 2006 Dec – 2007 Jan
Used CVS for the development of Dalal Street, understood the importance of a code versioning system.

As being a part of Delta Core (Technology Changes) :
Implemented LDAP using openldap, in Delta, allowing everyone to have a central authentication server, with a common login everywhere, where everywhere includes :
system login in Sun Lab comps
Implemented NFS on Delta, which gets mounted on all Sun Lab comps, using the default nfs service provided by default on fedora, so everyone has the same home irrespective of the comp they login to, which they do through their ldap accounts.
Implemented pure-ftpd on Delta, configured it to work through ldap, allowing everyone to access their home drives even from “outside” (the user labs).
Setup, and advocated use of Doku for information keeping, made it work through LDAP.
Implemented and introduced SVN on Delta, setup three repositories : pragyan, delta and dalal, delta for the use of all delta projects.
Implemented and introduced trac on delta, setup three repositories : pragyan, delta and dalal. Customized all of these three. Learned how to customize through .egg files.
Made svn and trac work through httpd authentication, which used LDAP to get authentication details. (this was hell)
Revived delta as a student group – meaning, made sure many meetings were held, made sure everyone knew each other, everyone contributed something to delta and felt a part of the group, made sure many treats were held, and chucked a few inactive members out of delta.
Created Pragyan CMS V2, from scratch.

As being Pragyan’08 Systems head :
Implemented mail system through postfix, made its authentication work through ldap. Implemented mailman like features using contact attribute in ldap and aliases in postfix.
Made dovecot work through ldap too.
Learned what SSL certificates are, how they work, created a self signed ssl certificate for pragyan.org, using tinyCA2 provided in Fedora, and made it use it. (basically, allowed the use of https://pragyan.org/…)
Implemented FDS (Fedora Directory Server) as a much better alternative to LDAP on Pragyan Server.

LDAP authentication through Apache for svn, trac or anything else for that matter :P

Apache can be used as an access method for things like svn, trac, and even a whole file system through webdav. And apache also supports authentication through LDAP. Hence Apache can be used to authenticate the services that it provides through LDAP.

Here is how it is done :

For SVN :

<VirtualHost *:80> ServerName repos.nitt.edu DocumentRoot "/var/www/svn/DocumentRoot/" ErrorLog logs/repos.nitt.edu-error_log CustomLog logs/repos.nitt.edu-access_log combined

<Location /pragyan>
DAV svn
SVNPath /var/www/svn/pragyan
<LimitExcept OPTIONS REPORTGET>
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthName “Pragyan SVN LDAP Authentication”
AuthLDAPURL ldap://localhost:389/ou=Pragyan,dc=www,dc=nitt,dc=edu?cn?sub?(objectClass=*)
AuthLDAPGroupAttribute contact
require valid-user
require ldap-group listName=coding,ou=Groups,ou=Pragyan,dc=www,dc=nitt,dc=edu
</LimitExcept>
</Location>
</VirtualHost>

For trac :
<Location "/trac/delta/login"> AuthType Basic AuthName "Delta Trac LDAP Authentication" AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthLDAPURL ldap://delta.nitt.edu:389/ou=Webteam,dc=delta,dc=nitt.edu?uid?sub?(objectClass=*) AuthLDAPGroupAttribute memberUid require valid-user require ldap-group cn=webteam,ou=Groups,ou=Webteam,dc=delta,dc=nitt.edu </Location>

CrAzY SVN / HTTPD Errors!!! (301, 302 …..)

Yup.

SVN IS MAD.

Sorry, SVN and HTTPD team up to drive people crazy.

I just came across two (or maybe three) of their misdoing in my effort to setup SVN on http://repos.nitt.edu

1) First, with this nitt.edu.conf in /etc/httpd/conf.d directory :

<VirtualHost *:80>
    ServerName                          repos.nitt.edu
    DocumentRoot            "/var/www/html"

I got an error

RA layer request failed
svn: PROPFIND request failed on '/pragyan'
svn: PROPFIND of '/pragyan': 302 Found (http://repos.nitt.edu)

I found this article : http://ynniv.com/blog/2005/12/troubling-svn-error.html

It said that the error occurs when some cms meddles with the way non existent file message (404) is shown. This,… was my case. (Thanks to my Praygan CMS). So then I changed my document root to /var/www/svn.

Then with

<VirtualHost *:80>
ServerName                          repos.nitt.edu
DocumentRoot            "/var/www/svn"

I got an error

RA layer request failed
svn: PROPFIND request failed on '/pragyan'
svn: PROPFIND of '/pragyan': 301 Moved Permanently (http://repos.nitt.edu)

Article that helped me in this grave time of need was : http://subversion.tigris.org/faq.html#http-301-error

It said that the error occurs because, when configuring SVN to work with httpd, the virtualhost document root shouldn’t contain the repository location (or httpd gets confused or something). My repos location was /var/www/svn/pragyan (which was within Document root). I simply changed the DocumentRoot to /var/www/svn/DocumentRoot and all started working well again.

Creating your own schemas in FDS Ldap for use in postfix (or anything else for that matter) :P

What I needed for mailman like functioning while making postfix work with ldap was an attribute that stores content of type DN (Distinguished Name) i.e. a node address, or holding a data type that stores nothing but data of type that can hold address of the data type itself.

In openldap, I used a schemas called evolutionPerson and evolutionPersonList (available with my fedora openldap distribution by moving evolutionperson.schema in /usr/share/evolution-data-server-1.12/ to /etc/opanldap/schemas/). evolutionPerson is very similar to inetOrgPerson class, which stores basically everything that could ever be used to describe a person. The reason I chose evolutionPerson over inetOrgPerson was the availablity of the evolutionPersonList class. Its attributes are : mail, contact and listnName, where both mail and contact can contain more than one values. mail and listName attribute type is text, and contact attribute type is DN. contact’s were used to create groups, and mail’s were used to forward the email to a third party server. Here is a screenshot of the same in action :

The contact attribute worked like charm. If any contact attribute turns out to be another evolutionPersonList, it repeats the whole process again for it, collecting new mails from it, and if it turns out to be evolutionPerson, it takes its mail attribute. The whole process repeats itself, taking care that infinite loops do not get created. In the end, what we get a list of mail ids to which the mail has to be sent.

Now, I haven’t yet figured out how to add evolutionperson.schema to schema. So, what did I do for delta?? I simply created my own schema. For a user, I already had whatever I needed in inetOrgPerson. All I need was some sort of an inetOrgPersonList. So, here are the steps :

I am assuming you have already setup fedora directory server through the wonderful install scripts provided. (/usr/sbin/setup-ds-admin.pl and then /usr/sbin/setup-ds.pl)
Open Fedora Directory Server admin console : /usr/bin/fedora-idm-console
Under the server groups entry in the default view tree, select your directory server and open it, using the DN and password you provided earlier during the directory server setup.
Under the to configuration tab, select schema. Select Attributes in the right hand pane.
Create a new attribute by clicking on the new attribute button at the bottom of the right pane.
I needed two new attributes for my purpose :
1. contact : of type DN, multi valued.
2. listName : of type String, single valued.
3. The third multivalued attribute I needed, mail, already exists.
Now, under the Object Classes pane, create any number of Objects you nees, using the attributes you just now created, or the preexisting ones.
The one created was inetorgpersonlist having Required Attributes listName and objectClass, and Allowed Attributes contact and mail.

That’s it!!

public_html web server – without mod_userdir

Hell, what does the title mean??

It means this :

Allow people to put files in the public_html folder in their home directories and allow it to be seen through the web server of that server in this format : http://servername/~username/hisorherfiles

Most people use mod_userdir to allow ~username directories in their webservers. However, there is simple rewrite rule workaround that eliminates the need for mod_userdir. I needed this because we had the home directories on the server, but the users had no login accounts on the server and they needed their public_html to work.

Here is how it goes :

#First, disable the default thing : 
<IfModule mod_userdir.c>
    UserDir disable
</IfModule>
#Then the rewrite rule

#To prevent access to files ~something.html and #something.html#
<Files ~ ".*(~|#)$">
    	   Order allow,deny
    	   Deny from all
</Files>
#To show public_html access
    RewriteEngine On
    RewriteCond %{REQUEST_URI}	^/~\w+/.*$
    RewriteRule /~(\w+)/(.*)	/webteam/$1/public_html/$2
    RewriteCond %{REQUEST_URI}	^/~\w+$
    RewriteRule /~(\w+)		/webteam/$1/public_html/
#To enable .htaccess rules in public_html
<Directory /webteam/*/public_html>
    AllowOverride All
</Directory>

Sahil Ahuja’s Weblog

Random unpredictable thoughts. Confirming to the quantum theory.