Monday, July 28, 2014

LDAP - Configuring OpenLDAP

In previous post LDAP - Installing OpenLDAP, I listed down the steps to install OpenLDAP. In this post, I will list down the step to add LDAP entry for OpenLDAP

I will use LDIF and ldapadd to add LDAP entry into OpenLDAP database.

The LDAP Data Interchange Format (LDIF) is used to represent LDAP entries in a simple text format. And ldapadd is a utility which shipped with OpenLDAP to add LDAP entry

Adding an Organization Role

1. Create a LDIF file, ie, organization_roles.ldif
2. Add the following into organization_roles.ldif

# Organization for Example Corporation
dn: dc=example,dc=com
objectClass: dcObject
objectClass: organization
dc: example
o: Example Corporation
description: The Example Corporation

# Organizational Role for Directory Manager
dn: cn=Manager,dc=example,dc=com
objectClass: organizationalRole
cn: Manager
description: Directory Manager

The above create a organization role "Manager" in example.com LDAP directory.

3. Use ldapadd command to add the entry

Assuming that slapd.conf has the following entry

rootdn "cn=Manager,dc=example,dc=com"
rootpw secret

Then, you can use the following command to add a LDAP entry

ldapadd -f organization_roles.ldif -x -D "cn=Manager,dc=example,dc=com" -w secret

where
-f    # file name which contains the entry
-x   # Use simple authentication instead of SASL
-D   # Use the Distinguished Name binddn to bind to the LDAP directory. (Username, usually rootdn)
-w   # the password for simple authentication (password for rootpw)

4. On successful adding, you should see the following on the stdout

adding new entry "dc=example,dc=com"

adding new entry "cn=Manager,dc=example,dc=com"

Adding Multiple Users

1. Create a LDIF file, ie, users.ldif
2. Add the following into users.ldif

# Admin's Entry
dn: cn=Admin,dc=example,dc=com
cn: Administrator
objectClass: person
sn: Admin

# User1's Entry
dn: cn=User1,dc=example,dc=com
cn: User1
objectClass: person
sn: User1

# Eric Simpson's Entry
dn: cn=Eric Simpson,dc=example,dc=com
cn: Eric Simpson
cn: Eric Robert Simpson
objectClass: person
sn: Simpson

3. Use ldapadd command to add the entry 

ldapadd -f users.ldif -x -D "cn=Manager,dc=example,dc=com" -w secret

where
-f    # file name which contains the entry
-x   # Use simple authentication instead of SASL
-D   # Use the Distinguished Name binddn to bind to the LDAP directory. (Username, usually rootdn)
-w   # the password for simple authentication (password for rootpw)

4. Verify your entry with ldapsearch

ldapsearch -x -b 'dc=example,dc=com' '(objectclass=*)'

where

-x    # Use simple authentication instead of SASL
-b   # the starting point for the search
(objectclass=*)    # It is the filter to be applied for the search. In this case, any objectClass

Reference:

1. http://www.openldap.org/doc/admin24/dbtools.html
2. http://www.openldap.org/software/man.cgi?query=ldapadd&apropos=0&sektion=0&manpath=OpenLDAP+2.0-Release&format=html

Monday, June 30, 2014

LDAP - Installing OpenLDAP

Now, I need to play with LDAP. So, what is LDAP?

LDAP (Lightweight Directory Access Protocol) is an industry standard application protocol for accessing and maintaining distributed directory information server over an Network

Then, what is OpenLDAP? Well, it is an open-source implementation of LDAP.

For some reason, their default downloading mirroring sites are either timing me out or not valid. So, it will be easier to download OpenLDAP from their FTP over HTTP site (http://www.openldap.org/software/download/OpenLDAP/)

This notes will only be a high level guide on the steps (which I had tried) to install OpenLDAP. It will also highlight the problems and solutions during the installation

Prerequisites

OpenLDAP has the following prerequisites

1. Require Transport Layer Security services. I would suggest to use OpenSSL. By default, during the configuration, it will detect whether any TLS library is available. If you want to check whether your system support OpenSSL, you can try
openssl version
to check the currently install OpenSSL version

2. Require Cyrus SASL libraries to provide Simple Authentication and Security Layer services. To check if SASL is installed, you can use
ls -al /usr/lib/sasl2
to check whether the library exist

3. Install MIT Kerberos if you need Kerberos support from OpenSSL

4. Require Oracle Berkeley Database. BDB and HDB is the primary database backends for OpenLDAP

Now, during configuration, if you encounter the following error

checking for Berkeley DB major version in db.h... 4
checking for Berkeley DB minor version in db.h... 3
checking if Berkeley DB version supported by BDB/HDB backends... no
configure: error: BerkeleyDB version incompatible with BDB/HDB backends
This means that you need to upgrade your Berkeley Database because OpenLDAP support database version >= 4.4. You can do the following to upgrade your Berkeley Database

Installing the latest Berkeley Database

You can get the latest installer from http://www.oracle.com/technetwork/database/database-technologies/berkeleydb/downloads/index.html

For some reason, although Oracle said that the download is Berkeley DB X.X.XX.tar.gz, the downloaded file is call db-X.X.XX.gz (X.X.XX is the current version number). So assuming that X.X.XX is 6.0.30, all you need to do is to change db-6.0.30.gz to db-6.0.30.tar.gz and use tar -zxvf db-6.0.30.tar.gz to extract the installation file.

Now, you can follow these instruction to install latest Berkeley Database http://docs.oracle.com/cd/E17076_03/html/installation/build_unix.html

Export Paths before performing ./configure

You need to export the following (assuming that the downloaded version is 6.0.30)

export LD_LIBRARY_PATH="/usr/local/BerkeleyDB.6.0/lib"
export CPPFLAGS="-I/usr/local/BerkeleyDB.6.0/include"
export LDFLAGS="-L/usr/local/BerkeleyDB.6.0/lib"   

The above will tell ./configure to look for the latest Berkeley Database for library linkage

Installation

Below are the summary steps for installation

1. Get the installation package. The current version is openldap-2.4.39.tgz. and I will use this as an example
2. Unpack the installation
gunzip -c openldap-2.4.39.tgz | tar xvfB -
3. Navigate to the OpenLDAP installation directory
cd openldap-2.4.39
4. Run configure
./configure
5. Build the software
./make depend
./make
6. Test the build
./make test
7. Install OpenLDAP. Usually, it will installed in /usr/local
su root -c 'make install'
or
sudo make install
8. Edit the configuration file at /usr/local/etc/openldap/slapd.conf as root

Add the following (using example.com as example)
database bdb
suffix "dc=example,dc=com"
rootdn "cn=Manager,dc=example,dc=com"
rootpw secret
directory /usr/local/var/openldap-data
9. Start slapd (Standalone LDAP Daemon)
su root -c /usr/local/libexec/slapd
or
sudo /usr/local/libexec/slapd
Note: 

If you encounter the following error
/usr/local/libexec/slapd: error while loading shared libraries: libdb-6.0.so: cannot open shared object file: No such file or director
It means that you had not set up the shared library for Berkeley Database 6.0 correctly. You can use the following steps to fix it.

a. Create a file at /etc/ld.so.conf.d/db-6.conf 
b. Add /usr/local/BerkeleyDB.6.0/lib in the above file
c. Then, update library cache with sudo ldconfig
d. Run sudo /usr/local/libexec/slapd to test the setting

To check to see if the server is running and configured correctly, you can run the following command
ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
It should display (using example.com as example)
dn:
namingContexts: dc=example,dc=com
The above should help you to set OpenLDAP up and running. If you want to know the details about the setup, see http://www.openldap.org/doc/admin24/quickstart.html for full installation details.

References:

1) http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol

Monday, May 19, 2014

EMACS - Commands Compliation

This list is for my own easy reference for EMACS commands

Open EMACS as a standalone process

emacs "filename" &

Editing Commands

C-a   # Go to beginning of line 
C-k   # Delete line from current point

Buffers Commands

C-x b   # Switch between buffers
C-x C-s   # Save current buffer
C-x C-c    # Close current buffer

Windows Commands

C-x 4 b "buffer name"   # Open buffer in another window

C-x 4 f "filename"    # Open file in another window

C-x 0    # Close the currently selected window.

C-x 1    # Close all windows except the selected one.

C-x o    # Select another window.

Shell Commands

A-! "command"    # Execute shell command

A-x shell       # launch a interactive subshell

Wednesday, May 14, 2014

Malware - Removing Trovi

For some reason, which I still not sure why, I am hit by Trovi. Trovi is a browser hijacker which is capable of taking over the homepage of your browser. It has no simple way to remove it.

A search on Google has numbers of hit. Personally, I tried MalwareTips (http://malwaretips.com/blogs/trovi-search-removal/) advise and works.

Below are the general steps provide by MalwareTips

STEP 1: Remove Trovi Search browser hijacker from your computer with AdwCleaner (Complete scan in 15 min)
STEP 2: Remove Trovi Search from Internet Explore, Firefox and Google Chrome with Junkware Removal Tool (Complete scan in 10 min)
STEP 3: Remove Trovi Search malicious files with Malwarebytes Anti-Malware Free (Complete scan in 30 min)
STEP 4: Double-check for the Trovi Search infection with HitmanPro (Complete scan in 30 min, however, you need to manual remove those resulting hits as it is not a freeware)
(OPTIONAL) STEP 5: Reset your browser settings to remove Trovi Search from Internet Explorer, Firefox and Google Chrome

Details screenshots and step by step guild can be found at http://malwaretips.com/blogs/trovi-search-removal/

Thursday, April 3, 2014

Oracle - Tablespace vs Schema

This may not be a new things to someone work with Oracle for ages, however, I feel confused when I come across the term tablesapce and it is different from schema

The main catch is there is no relationship between schemas and tablespaces. Ok... that surprised me a little.

But comes to think of it, it is 2 different concepts.

By Oracle definition

Schema - A schema is a collection of database objects. A schema is owned by a database user and has the same name as that user. Schema objects are the logical structures that directly refer to the database's data. Schema objects include structures like tables, views, and indexes.

Tablespaces - A tablespaces is a collection of logical storage units in a database. It groups related logical structures together. For example, tablespaces commonly group together all application objects to simplify some administrative operations.

So, in fact, a tablespace can contain objects from different schemas, and the objects for a schema can be contained in different tablespaces.

Below are 2 very good figure from Oracles to explains Schema Objects, Tablespaces, and Datafiles

Text description of cncpt041.gif follows

Description of Figure 3-1 follows

Now, an example between schema and tablespaces. Below is an example of a single schema that exists in 2 different tablespaces

CREATE TABLE hr.payroll (
         empno      NUMBER(5) PRIMARY KEY,
         ename      VARCHAR2(15) NOT NULL,
         salary        NUMBER(9) ENCRYPT)
   TABLESPACE payroll_tbs;

CREATE TABLE hr.emp (
         empno      NUMBER(5) PRIMARY KEY,
         ename      VARCHAR2(15) NOT NULL,
         ssn        NUMBER(9) ENCRYPT)
   TABLESPACE emp_tbs;

The above statement create 2 tables payroll and emp under hr schema and owned by me. Although it is under the same schema, hr.payroll exists in payroll_tbs tablespaces and hr.emp exists in emp_tbs tablespaces.

Some good readings and references:

http://docs.oracle.com/cd/B19306_01/server.102/b14220/physical.htm
http://docs.oracle.com/cd/B10500_01/server.920/a96524/c11schem.htm
http://docs.oracle.com/cd/B19306_01/server.102/b14220/intro.htm#sthref70

Tuesday, March 18, 2014

Database - IBM Informix - Turning On/Off Transactional Database

A transactional database is a DBMS where write transactions on the database are able to be rolled back if they are not completed properly (e.g. due to power or connectivity loss). This is to enforce each database transaction comply with ACID (atomic, consistent, isolated and durable) properties.

IBM Informix database server make use of transaction logging to keep a record of each change that is applied to the database during a transaction. If transaction is cancel due to unforeseen circumstances, it can restored to the same state as before the transaction started. This is call a rollback.

Now, if you see error such as transaction not available when using Informix, it can means that the database administrator could have turn off transaction logging or create a database without logging. Switching transaction log off will make a database "un-transactional".

To fix this, you can either

1)  Turn on transaction logging with ontape command

The following will add unbuffered logging to the database

ontape -s -U your_database

2) Create database with regular logging

The following will create a database with regular unbuffered logging

CREATE DATABASE your_database WITH LOG

Both ways are sufficient for most database. In the event of a failure, you lose only uncommitted transactions.

Reference :
1. http://en.wikipedia.org/wiki/Database_transaction
2. http://publib.boulder.ibm.com/infocenter/idshelp/v10/index.jsp?topic=/com.ibm.sqlt.doc/sqltmst161.htm
3. http://pic.dhe.ibm.com/infocenter/idshelp/v117/index.jsp?topic=%2Fcom.ibm.admin.doc%2Fids_admin_0671.htm
4. http://publib.boulder.ibm.com/infocenter/idshelp/v10/index.jsp?topic=/com.ibm.ddi.doc/ddi73.htm

Wednesday, February 26, 2014

Linux - set -vx

Set command in Linux is used to set or unset values of shell options and positional parameters.

It has many useful options, and specifically, set -vx is very useful to debug a Linux script.

-v  Print shell input lines as they are read.
-x  Print commands and their arguments as they are executed.

To use this, simply put set -vx before an interested script line. Usually, I will put it at the top of my script to print out everything.

For example, you can use set -vx as follow script call test.sh

#!/bin/bash
set -vx
export foo=$1
echo $foo 

Executing the test.sh with

./test.sh hello

The output will be

export foo=$1
+ export foo=hello
+ foo=hello
echo $foo
+ echo hello
hello

Those line with + sign are evaluated value during execution

Reference: http://linuxcommand.org/lc3_man_pages/seth.html