do it. think it. blog it! ... a twisted world

John Haller has just released an awesome version of OpenOffice that can run on any portable device like a USB thumbdrive. Aptly named Portable OpenOffice (a geeks nugget of joy), it's a fuly functional OpenOffice version for a USB keydrive. Portable OpenOffice has been optimized to perform faster and also extend the life of the USB key. It also has a specialized launcher that allows you to execute OpenOffice from a directory of your choice. The other devices Portable OpenOffice is compatible with are: CDRW (in packet mode), ZIP drives, External Hard Drives, MP3 Players, Flash RAM Cards and many many more.. The current Portable OpenOffice is for the windows platform ONLY. The only issue with it as of now, is that It does not have support for Java as Java is NOT portable. Therefore this version of OpenOffice does not include a JVM and some functions of XHTML will not function. You can Download Portable OpenOffice from sourceforge.net this download also has the Portable OpenOffice Launcher. The Launcher can be downloaded from John Halers Website. Portable OpenOffice can also be launched using a simple .BAT file. In order to use a .BAT file for launching Portable OpenOffice. Simple save the following batch file in your program directory root. Please remember to alter the batch file IF you have renamed the PortableOpenOffice directory NOW life is a lot more simpler for me, as whenever I encounter a customer who does not have OpenOffice or StarOffice installed (or cannot install it for some political reason) on their desktops; I just run Portable OpenOffice from my USB Drive and launch launch my sweet little OpenOffice. and HEY !!! we now we are inter-operable !!! The SourceForge project page for Portable OpenOffice is located at portableOO Can life get any sweeter than this

Geeks have one. So do hairy gay men and their admirers. Isn't it time bloggers have a code to describe themselves as well? (OK, so maybe not, but we charge forward nonetheless). Get your code here! a jsp port by Dav of some php code that was yet another fine web service brought to you by leather egg decoder by Jason DeFillippo Thanks to Lance Lavandowska for providing the code to make this page possible.

The Bloggies 2005 awards are out!! "The Bloggiesâ„¢ are a set of 30 publicly-chosen awards given to weblog writers and those related to weblogs. This is the fifth ceremony, with previous winners listed on their respective sites: 2001, 2002, 2003, and 2004. Everyone's invited to take part in the awarding process, so read below to find out how you can nominate and vote for your favorite blogs!"

Some blogs that never ever caught my attention, and some that I had never heard of are showcased here. In a sense it's a good thing as I guess, it's time for me to explore the blogosphere.

All said and done, what I like best about the Bloggies 2005 awards is that it led me to a link called blog.ELEMENTS. This very closely represents the periodic table and has 115 blogs that are rotated in some sequense. Similarly web.ELEMENTS is also a periodic table of various components of the World Wide Web arranged in a extremely interesting sequence. Something fun to read through and get impressed with.

PS:The Bloggies 2005 awards very interesting and tempting prizes. It sure outbeats my prize for blog.CONTEST

I am a Sushi lover myself and was googling around for good sushi places. At the same time I had my other browser window open and was googling my way to finding good USB drives. And a typo (I happened to type in the word "sushi" and USB in the same search window) led me to Michiko Osada's blog. I am not sure how she found this, But it sure was funny.... Nope.. actually it was very spiffy. She introduced me to this cute product. It is a Sushi-shaped USB Memory stick.

The product information page was in Japanese and I, not being a super-multi lingual person could not read the description on the page.. Maybe someone who's multi lingual could help translate that page for me. You can visit the site and see the products yourself!

• Product Information URL: http://www.solidalliance.com/press/press.html#1018 (in japanese)
• Michiko Osada's blog: http://weblogs.asp.net/michiko/archive/2004/10/19/244927.aspx
• Product Information via SushiDisk's US Reseller URL: http://www.dynamism.com/sushidisk/pricing.shtml (in english).

So aint that a cute interesting thing ?? Well, I wanna have Tuna with 1GB!! Now I’m wondering how Osada-san found them........perhaps her strong love for Sushi (like mine) compelled her to search for THE SUSHI that could quantify her appetite.... and she landed on the Silicon-Sushi-Bubble.

So anyway, As I was browsing through the English Reseller website for SushuSisk, I also came across iDuck, another cute USB drive shaped like a duck. Cool Stuff.

I have been asked over and over again n procedures and processes to enable the migration of NIS / NIS+ infrastructures over to LDAP... especially with the Support-EOL drop dead date soon approaching..

Most of the time, the folks who ask me questions already have gone through sufficient documentation and trial runs, but yet there exists a reluctance in performing the upgrade without a approval signoff from an architect.

Please read the updates at the bottom of this post.

So: to make everybodys life easier, i thought of posting a blog on the as close as possible steps that would be required to perform this upgrade.

Unless one has a humongous NIS / NIS+ infrastructure, the steps in this post followed to the dot should suffice. hopefully after readin this, some organizations may save some consulting dollars... hey !!! mail me a gift certificate with your savings

So, fun aside. here goes...

This blog post is a high level draft of options that one could use to enable native ldap authentication... This may not be 100% accurate, but if and when yu try this out and find out something thats different from whats listed here, please do comment on it... The term user information is not restricted to a users entry containing just his username and password, but rather extended to also contain pertinent information for the LDAP store to serve as a naming services server in conjunction with extenstions to use the data as a authentication source for web applications.

Native LDAP:
For details on the Usage and Guidelines Please refer to http://www.ietf.org/rfc/rfc2307.txt

Any naming system should only have one source of authoritative information. Current naming Services Environments usually use DNS, which uses flatfiles as sources. Under LDAP, the source of authoritative data is the directory, and it is managed using directory management tools. FlatFile sources could be retained for emergency backup or backout only, and they generally should not be used.

This post/blog is a superset of the information contained in the chapter "Naming and Directory Services (DNS, NIS, and LDAP)" of the System Administration Guide (found on the Sun Product Documentation site: http://docs.sun.com). The former presents a relatively simple “cookbook” approach for first time users. This post contains technical detail for the more advanced user.

My plan is to make additions to this post or post more updates as new deployment techniques are discovered.

This Document describes ONLY the following structure.

• Solaris9 Server with SunONE Directory Server 5.2 As the master datasource for naming Services information.
• Solaris8 Clients with LDAP used as the naming services protocol rather than DNS/(local)FlatFiles.

Server Setup:

• Install Solaris9 (8/03)-Release using http://docs.sun.com/db/prod/solaris.9u803#hic as a guideline document.
• Setup the LDAP server thats comes bundled with the OS. (v.5.2)
• Ensure that the wrappers for “directoryserver”, “idsconfig” exist on the server.
• Run idsconfig in order to configure the directory server with naming Services Schema and structure.
• Use the root (ie: dc=yourcompany,dc=com) as the base dn for the LDAP server while running idsconfig
• Manually create the naming services required indexes on the LDAP server after stopping the slapd process running on the Solaris9 host.
  1. Indexes need to be executed on all the naming services maps. Please follow the usage for “directoryserver” as prompted after running “idsconfig”
  2. If the server does not have the “directoryserver” wrapper, you could alternatively run the indexes by using / < directory-server-install-root > / slapd-ldapsrv/vlvindex -n userRoot -T yourcompany.com.getgrent etc...

     NOTE:What are a VLV-indexes and why do we need these?
     These indexes are used (and needed) to improve performance when browsing through large tables that contain many objects. i.e. when an enduser on a LDAP-client issues the command "getent hosts", all entries in of ou=Hosts,dc=yourcompany,dc=com become read from the LDAP-server. If a VLV-index for the Hosts-table does exist, the LDAP-client will receive the response very quickly. Please see "Section 10 Managing Indexes in the IDS 5.1 Administrator's Guide" to find further information

• Start the slapd process. (either using the SunONE console or using commandlione tools as documented in the SunONE Directory Server Administration guide)
• The nisDomain attribute must be present in the top entry of the subtree where the NIS maps are stored. Both the LDAP client search base and the name of the NIS domain (serviced by the server) are set to this top entry.
• Check the existence of the nisDomainObject by using the following command
  ldapsearch -b cn=schema objectclass=* | grep nisDomainObject
• The Result should be as follows:
  objectClasses=( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top STRUCTURAL MUST nisDomain X-ORIGIN 'user defined' )
• If you get absolutely no result while running this crosscheck setep You should add the nisDomainObject By doing the following.
  1. The LDIF you use to create the nisDomainObject object varies depending on whether you place the NIS maps at the top of the tree created during the installation, under a separate branch point of that tree, or under a new suffix. The next sections give example LDIF that can be imported to add the nisDomainObject object in each of these scenarios. Even though the attribute is called nisdomain, the client accessing the directory is not using NIS. The name is simply carried over from legacy NIS implementations.
     1. dn: dc=yourcompany, dc=com
     2. changetype: modify
     3. add: objectclass
     4. objectclass: nisDomainObject
     5. -add: nisdomain
     6. nisdomain: yourcompany.com
  2. Note : You do not have to match the value for nisdomain to the DNS domain name, but it is a common practice to do so.

     Client Setup:
     Initialize the Solaris8 Client on the box using:

     • ldapclient -i -D <”PROXYAGENTCN”> -w <PASSWORD> -b <BASEDN> <IPADDRESS of the HOST>
     • This would create a ldap_client_file and a ldap_credential_file on the machine that is now a ldapclient.
     • Verify that the ldap client file has entries that resemble the following:
       
       1. NS_LDAP_FILE_VERSION= 2.0
       2. NS_LDAP_SERVERS= 127.0.0.1"replace this with your IP"
       3. NS_LDAP_SEARCH_BASEDN= dc=yourcompany,dc=com
       4. NS_LDAP_AUTH= simple
       5. NS_LDAP_CACHETTL= 3600
       6. NS_LDAP_CREDENTIAL_LEVEL= anonymous<
       7. NS_LDAP_SERVICE_SEARCH_DESC= group:ou=somecustomgroups,dc=yourcompany,dc=com
       8. NS_LDAP_SERVICE_CRED_LEVEL= pam_ldap:simple
     • Edit the file /etc/nsswitch.conf with the following data source:
       #Use LDAP in conjunction with files
       # "hosts:" and "services:" in this file are used only if the
       # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
       # the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
       
       1. passwd: ldap [NOTFOUND=return] files
       2. group: ldap files
       3. hosts: ldap [NOTFOUND=return] files
       This value should be changed to dns ldap if the intention is to use dns for name resolutions and hostnames
       
       1. networks: ldap [NOTFOUND=return] files
       2. protocols: ldap [NOTFOUND=return] files
       3. rpc: ldap [NOTFOUND=return] files
       4. ethers: ldap [NOTFOUND=return] files
       5. netmasks: ldap [NOTFOUND=return] files
       6. bootparams: ldap [NOTFOUND=return] files
       7. publickey: ldap [NOTFOUND=return] files
       8. netgroup: ldap
       9. automount: files ldap
       10. aliases: files ldap
       # for efficient getservbyname() avoid ldap
       1. services: files ldap
       2. sendmailvars: files
     • You need to use ldapaddent to create entries in the LDAP containers for all of the standard system databases stored in files under the /etc directory. You need to transfer the following Solaris databases:
       1. aliases (ou=Aliases)
       2. bootparams(ou=Bootparams)
       3. ethers(requires bootpararmas database to be installed first)(ou=Ethers)
       4. group(ou=Group)
       5. hosts(ou=Hosts)
       6. netgroup(ou=Netgroup)
       7. netmasks(requires networks database to be installed first)(ou=Networks)
       8. networks(ou=Networks)
       9. passwd(ou=People)
       10. shadow(requires passwd database to be installed first)(ou=People)
       11. protocols(ou=Protocols)
       12. publickey(ou=Hosts)
       13. rpc(ou=Rpc)
       14. services (ou=Services)
     • Enter the following commands from within the /usr/sbin/directoryserver directory:
       1. ldapaddent -D “cn=Directory Manager” -w [password] -f /etc/aliases aliases
       2. ldapaddent -D “cn=Directory Manager” -w [password] -f /etc/bootparams bootparams
       3. ldapaddent -D “cn=Directory Manager” -w [password] -f /etc/ethers ethers
     • Unix/NIS Groups:
       1. ldapaddent -D “cn=Directory Manager” -w [password] -f /etc/group group
       2. ldapaddent -D “cn=Directory Manager” -w [password] -f /etc/hosts hosts
       3. ldapaddent -D “cn=Directory Manager” -w [password] -f /etc/netgroup netgroup
       4. ldapaddent -D “cn=Directory Manager” -w [password] -f /etc/networks networks
       5. ldapaddent -D “cn=Directory Manager” -w [password] -f /etc/netmasks netmasks
       6. ldapaddent -D “cn=Directory Manager” -w [password] -f /etc/passwd passwd
       7. ldapaddent -D “cn=Directory Manager” -w [password] -f /etc/shadow shadow
       8. ldapaddent -D “cn=Directory Manager” -w [password] -f /etc/protocols protocols
       9. ldapaddent -D “cn=Directory Manager” -w [password] -f /etc/publickey publickey
       10. ldapaddent -D “cn=Directory Manager” -w [password] -f /etc/rpc rpc
       11. ldapaddent -D “cn=Directory Manager” -w [password] -f /etc/services services
     • These are specific to remote mounting of home directories:
       1. ldapaddent -D “cn=Directory Manager” -w [password] -f /etc/auto_home auto_home
       2. ldapaddent -D “cn=Directory Manager” -w [password] -f /etc/auto_master auto_master
       3. ldapaddent -D “cn=Directory Manager” -w [password] -f /etc/auto_direct auto_direct
     • Now that you have added your users into LDAP, you can test whether or not the machine that is an ldapclient can recognize them:

       # getent passwd [user id]

     • This should result in something that looks like this :

       test4::1005:1:this is a test user:/export/home/test4:/bin/csh

     • Reboot the Server
     When the client is initialized, an IP address of one or more LDAP servers and a search base is specified. This information can be specified as a command line argument to the ldapclient command, or in a profile generated by the ldap_gen_profile command. The preferred method is to generate a profile with the ldap_gen_profile command. The search base that is set in the profile is determined by how the tree is set up.

     The nisdomain value that the client looks for is the name listed in the /etc/defaultdomain file, or one supplied with the -d argument to the ldapclient command. The steps that the ldapclient command perform are:

     1. Search the LDAP server’s DSE to obtain the naming contexts supported in the specified directory server.
     2. Search the found naming contexts for an entry containing a nisDomainObject object.
     3. Check the found nisdomain attribute of the entry to verify if its value equals the value stored in the client’s /etc/defaultdomain file.
     4. Search the ou=profile container directly below the entry for an entry that matches the profile name rovided on the command line.
     5. Use the information retrieved from the profile entry to create the /var/ldap/ldap_client_file and /var/ldap/ldap_client_cred files on the client.
     A key point here is that the search for the profile entry will start directly below the entry containing the nisDomainObject with the matching nisdomain value. Another important point is that you only want to have one entry with the same nisdomain value in the directory server. The search will stop at the first match and fail if it cannot find the specified profile which is expected to be directly below the entry with nisDomainObject.

     Client searches on the naming service database default to ou=people, ou=group, etc. based on the SolarisSearchBaseDN variable set in the LDAP client profile. However, different search bases can be specified for different databases. You can specify these by overriding the defaults in the profile. To override a default, use the -B option of the ldap_gen_profile command. For example:
     ldap_gen_profile -P altpasswd -b o=nismaps,dc=yourcompany,dc=com -B “passwd: (ou=people,dc=yourcompany,dc=com)” -D cn=proxyagent,ou=profile,dc=yourcompany,dc=com -w [password] 127.0.0.1

     In this example, the passwd database is accessed from an alternative path. If user account information is shared with applications other than Solaris OE clients, you should separate the People container from the rest of the naming service databases.

     NOTE: The Solaris9 Server with the SunONE Directory Server 5.2 can be a client to itself. In order to have the Solaris9 Server (Naming Services Host) to be a client to itself, please rerun the instructions for Client Setup on the naming Services Host (Solaris9 Server with Directory Server5.2).

     Reboot the naming Sevices Host after configuring it to be a client to itself.

     NOTE: Solaris 9 includes a copy of the Sun Management Console 2.1 with support for LDAP Directory Server provisioning. SMC is rather complex, however, and attempting to provision LDAP users is an exercise in frustration. I have got to the point where I can begin to add LDAP users and groups, but there is no communication to the Directory Server and log entries are very cryptic.

     Useful References:
     

     1. Solaris 9 Administation Guide: Naming Server (NIS, NIS+, DNS and LDAP)
     2. NIS to LDAP Micgration Scripts
     3. SysAdmin to SysAdmin: Syncing NIS and LDAP
     4. NIS end-of-life and LDAP
     5. Migrating from NIS and NIS+ to RFC 2307-compliant LDAP services: Network Information Services (NIS and NIS+) Guide
     6. Transitioning From NIS+ to LDAP : Sun Docs
     7. PADL: NIS to LDAP MigrationTools
     8. The Official Red Hat Linux Reference Guide Configuring Your System to Authenticate Using OpenLDAP
     9. LDAP-mini-HOWTO By Mark Grennan
     10. Approaching LDAP Migration from LINUX.COM

         WHEW !!!. I'm poofed for now. Shall post another addendum to this sometime soon...

         UPDATE 1 : There has been no announcement made that nis would be EOL'd. I stand corrected. UPDATE 2 : My colleague Michael Haines pointed out a few inaccuracies in this post. I would like to add that for detailed usage and guidelines, you would need to refer to http://www.ietf.org/rfc/rfc2307.txt and http://www.padl.com/~lukeh/rfc2307bis.txt. There also seems to be some in accuracies in the ldapaddent section. I shall ammend that as soon as i find out the specifics of the inacuracies.

Mercedes-Benz is the first to offer full integration of your iPod® into the vehicle’s audio and information system. The iPod and Mercedes-Benz are simply connected via "plug and play". The dashboard multifunction display adopts the iPod title navigation.

Initially, the iPod kits will only be available in Europe. Controllable from the steering wheel as per standard for in-car audio features, the iPod system also allows instant automatic system configuration meaning the device is both easy to navigate and quick to set up.

The Mercedes Benz iPod system will be compatible with all third generation iPods plus mini, photo and limited U2 editions.

View a interactive Demo of the iPod integration kit in a Mercedez

Blueprints published by Sun Microsystems have a very good article about pGina, which enables you to change/alter the authentication used for Microsoft Windows PC's. I've used it in the past (extended it rather) in test environments, and it worked pretty well for me.

XPA Systems phrases pGINA as the following : As it stands, the Microsoft Windows 2000 client operating system only provides a single method of user authentication. This method calls for the availability of a machine running the Microsoft Windows 2000 Server operating system. While this method may work very well in several situations, it does not work at all in others. Should someone be looking to bring the Windows 2000 operating system into an environment where user authentication is currently being handled by something other than a Windows 2000 server, it is an extremely difficult task to allow for this single method of authentication.

For instance, should an administrator wish to use an existing Unix server, and its existing base of users, to authenticate access to Windows 2000 machines there are few options. The methods employed may range from using a Windows 2000 server for authentication and having the administrator maintain identical lists of usernames/passwords on each server, to using Samba to emulate a Windows NT 4 Server. However, each method has its drawbacks and limitations. Ideally the administrator should be able to setup a standard naming service, such as NIS (Network Information Services) or LDAP (Lightweight Directory Access Protocol), on ANY type of server and have all clients, regardless of OS revision, access that single repository.

However, Microsoft does allow for customization of its client access and authentication methods through the interface specifications and details of their GINA (Graphical Identification aNd Authentication) dynamic link library. This library “… is a replaceable DLL component that is loaded by the Winlogon executable. The GINA implements the authentication policy of the interactive logon model and is expected to perform all identification and authentication user interactions.” (MSDN)

Through the creation of a substitute GINA that can dynamically load “plugins”, where a plugin can be created to use ANY method of authentication, we propose that it is possible to systematically, and simply, provide for the authentication and login of a user via many different methods. Thereby, we are simplifying the provided GINA interface, and providing the skeleton code necessary to quickly and easily implement many different methods of user authentication. Once a plugin has been created for any particular authentication method, it can quickly and easily be installed on multiple machines and even provided for other users and institutions, without the need for an in-depth understanding of the Windows logon process or its structure.

My upcoming blog article is on Identity Management and Biometric Authentication. Please bookmark this page for an update on when and blog article would be posted. I am working on it right now and will publish it as soon as I''m Done.

I shall Update this Blog post with a link to the Actual Post on this subject. This is just a heads up...

Adorably Sensational :: A tricycle that morphs into a bicycle — on the fly!
I just stumbled on this article on a cool invention this morning. I have been trying hard all weekend to get my cousin to learn to ride a bike...

Frustrations of getting a 19year young teenage girl to ride a bike without getting her mad at the embarassments of falling down in front of all her friends got the better of me. I went to my best pal.. the "computer" to google for good training bikes for adults... and guess what I found.. This invention is really really cool.. IF only they had it in my day.

Now I know for sure the bike MY daughter & son would have as they learns to bike around the community...

First the Segway.. and now THIS !!!. This one surely takes the cake.

Obtain more information on the SHIFT Bicycle at http://design.runride.com/design/

Three cheers to the designers Scott Shim, Ryan Lightbody and Matt Grossman who won the grand prize in a bicycle design competition held by the Taiwanese government last month. When the bike is moving an articulating hub draws the wheels inward to mimic a single wheel and "make the aesthetics cool," said Shim in Bradford McKee's short piece on the bike that appeared in yesterday's New York Times.

So if the company that commercially launches this product goes public, or is looking pout for angel venture capitalists I'm investing.. !!

Hi Folks, I bet all of you who are reading this must be wondering what a blog.CONTEST is all about. I just came up with an idea (courtesy: blogmela) to make blogs.sun.com a more interesting blog.server than it's other counterparts. So I've setup blog.CONTEST: blog.CONTEST Winner Receives: Sony MP3 CD Walkman® Portable CD Player. (I will ship this to the winner ONLY in U.S and Canada. Winners from outside this territory may choose to pay for the shipping to obtain their prize or could choose to donate it back to blog.CONTEST as a prize to be used towards the next blog.CONTEST. I/WE/US anticipating participation from all of you would make Apt mention of the sponsor of the prize for every forthcoming contest). I shall sponsor the prize for the winner of the first contest. Any of you can volunteer to keep the contest going and to sponsor prizes. Here are the rules: (courtesy: blogmela)

1. Nominations and posts can be made by anybody. (need not necessarily be a sun employee). You could also self nominate your own post.
2. Please send permalinks to the blog entries only, not just the blog URL. If the permalink is not working, send me the title and date of the blog entry. Whole blogs are not accepted as nominations.
3. Please send permalinks to the blog entries only, not just the blog URL. If the permalink is not working, send me the title and date of the blog entry. Whole blogs are not accepted as nominations.
4. Not all entries nominated may be accepted. Editorial discretion will be used.

Please post your nominations as comments to this post. Don't post too many links at once. So go ahead and submit your nominations to blog.CONTEST and be on your way to winning a Sony MP3 CD Walkman® Portable CD Player. PS: if any of you would like to join me in keeping this blog.CONTEST going, please contact me by emailing me at rohan at rohanpinto dot com. suggest a name Should I change the name of this contest from blog.CONTEST to blog.FEST (with the number of product namechanges we at sun have gone through in the last 4 years, I think I need to change the name of this contest too.. just to keep up.... with the trend...{{{wink}}})