If, like me, you have had issues with replication in Sun Directory Server, maybe this post will help.

The dsadm list-certs -C command will show you what CA certificates you are trusting, but it won’t show you how it is trusting a certificate. If you are getting an error like “Bind failed with response: Failed to bind to remote (900).”, and you know SSL should be working properly, you probably want to check to see exactly how your CA certificates are being trusted.

To do this, use the certutil command:  Read more... (179 words, estimated 43 secs reading time)

For some corporate wikis, it is beneficial to allow anonymous edits; however, anonymous edits in MediaWiki track IP addresses, and in most corporate environments, it is simple to identify a user simply by knowing what IP address they came from. Also, most corporate environments are opposed to allowing non-authenticated write-access to any resource (for good reason).

So, if you wanted to have a wiki, like a wiki for polls, that needed some form of anonymity for users to trust using it, using the LDAP Authentication extension in a clever way can allow you to do this.  Read more... (615 words, estimated 2:28 mins reading time)

In part 1 of this series, I discussed basic password authentication for Active Directory (AD). In this article, I will discuss basic password authentication for LDAP domains with the posix schema.

For basic password authentication against an LDAP domain with the posix schema, you need to configure three or four things:

1. Domain name
2. Server names
3. How to bind to the LDAP servers
4. The proxy user used to find your user accounts (optional depending on your environment)

Prerequisites

Please see and complete the “Create a local sysop”, and “Enabling the plugin” sections of part 1 before proceeding.  Read more... (901 words, estimated 3:36 mins reading time)

The Plotters extension for MediaWiki allows wiki editors to visualize data using scripts created by administrators. Scripts are added in a way similar to the Gadgets extension.

Three types of scripts are available: helpers, preprocessors. and plotters. The script types are loaded in that order so that helpers can be used in preprocessors and plotters, and so that data can be preprocesed before it is plotted.

Wiki editors can use these scripts by using the plot parser function, or tag:

{{#plot:
|renderer=plotkit
|name=<uniquename>
|width=300
|height=300
|script=<scriptname>
|scriptarguments=arg1,arg2,...
|preprocessors=<preprocessorname1>,<preprocessorname2>,...
|preprocessorarguments=<preprocessor1argument1>,<preprocessor1argument2>,...:preprocessor2argument1>,<preprocessor2argument2>,...:...,...
|labels=label1,label2
|datasep=,
|tableclass=wikitable
|data=1,2
2,4}}

or a simpler example:  Read more... (233 words, estimated 56 secs reading time)

Running a corporate wiki is much different than running a public wiki. People inside a corporate environment expect certain things that (most) public wikis simply don’t have to worry about. These things include single sign on/integrated authentication, WYSIWYG editing, search that finds more than just wiki pages, formalized input, document versioning (draft, stable, published, etc.), document importing, and document exporting.

Thankfully, there are a number of MediaWiki extensions that can provide these types of functionality.
 Read more... (1253 words, estimated 5:01 mins reading time)

The (terrible) doc/ppt/xls Microsoft Office document formats all have the same MIME type. This causes a lot of grief when using MediaWiki, as MediaWiki checks MIME types against file extensions for security purposes. In this article I’ll describe how to allow uploading for these file types, and how to get around the “The file is corrupt or has an incorrect extension” problem.

Allow doc/ppt/xls to be uploaded

Add the following lines to your LocalSettings.php to allow these formats:  Read more... (490 words, estimated 1:58 mins reading time)

Configuring the LDAP Authentication plugin for MediaWiki can be a daunting task. In this series of posts, I’ll go over the basics of configuring the plugin for common environments. In a later series of posts, I’ll go into each environment in detail.

Part 1 will discuss basic password authentication for Active Directory (AD). Part 2 will discuss basic password authentication for LDAP domains with the posix schema. Part 3 will discuss enabling group restrictions and synchronization, and retrieving preferences for AD. Part 4 will discuss group restrictions and synchronization, and retrieving preferences for LDAP domains with the posix schema.  Read more... (858 words, estimated 3:26 mins reading time)

I occasionally get a newsletter from the Louisiana Technology Council (LTC). The most recent newsletter I received was too good not to post about. Here’s the newsletter:

http://www.ltc-la.org/en/art/422/

I’ll pull a few great quotes out of it for you…

You are invited to participate in a survey designed to learn about business blog. A business blog is a novel way of publishing information by or with the support of an organization where entries are made in journal style and displayed in a reverse chronological order.

This is the Louisiana Technology Council right? Did this come out of a dictionary? Is this really the best way to describe a blog?  Read more... (304 words, estimated 1:13 mins reading time)

In part 1 I discussed how to configure NSS and OpenSSL. In part 2, I discussed how to configure pam_pkcs11 and how to test a smartcard against the NSS database we set up. In this part, I’ll discuss how to add pam_krb5 into the mix to automatically get a Kerberos ticket from an Active Directory domain using PKINIT.

Notice that this post will discuss a package that is yet to be officially released by Red Hat. Whenever this is officially released, it may have different configuration options, or different functionality. I’ll update this post at that time.
 Read more... (1058 words, estimated 4:14 mins reading time)

At some point in time, Red Hat snuck in experimental support for NSS in OpenSSH. What does that give us? Smart Card support! This article will describe how to use it.

In another blog post, I mentioned how to configure NSS and OpenSSL; you should take a look at that if you are unfamiliar with the process, because I assume that is prerequisite knowledge. I will also assume you have a basic understanding of how public key authentication in SSH works.

Here are the steps to the process:  Read more... (571 words, estimated 2:17 mins reading time)

1. Copy the NSS databases to .ssh