Andoy lang's Blog

Alfresco – Desktop Action

andoylang — Thu, 07 Oct 2010 13:55:02 +0000

How’s your Alfresco doing?

In my case, we’re going for implementation after weeks of testing and some modifications.

Well, I don’t want to see those CheckIn/Checout in every folder (and my user’s agree with me). My users keeps asking me about it (wishper: I changed the File Server for some users without their knowledge for testing. Don’t do this or your head will ROLL!). For them Alfresco is like the same Windows File Server. I like it that way for simplicity and I will introduce more functionality when we role out the entire Alfresco system.

NOTE: To disable the feature, you have to put a comment on each property.

<– Enclosed in this arrow are comments
–>

1st – I want to change the Alfresco name into my company name.

Crate a file /opt/alfresco/tomcat/shared/classes/alfresco/extension/webclient_en_US.properties and put your company name

# cd /opt/alfresco/tomcat/shared/classes/alfresco/extension/
# vi webclient_en_US.properties

and put

company_home=Your Company Name

2nd – disable the URLFileName and the Desktop actions. These are the extra files that you see in every folder and everytime you create a folder. For me I don’t see them helping my users to deal with their files/folder.

Edit the /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/fileServers/default/file-servers-context.xml

# cd /opt/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/subsystems/fileServers/default
# vi file-servers-context.xml

Look for the following and comment it like below

__Alfresco.url

–>

and for Desktop Actions

CheckInOut

__CheckInOut.exe

JavaScriptURL

__ShowDetails.exe

alfresco/desktop/showDetails.js

anyFiles

copyToTarget

–>

Restart your Alfresco and check your alfresco in windows file explorer.

How was it? Now, it’s just like the old Windows File Server right?!

Installing Apache and PHP

andoylang — Thu, 09 Sep 2010 12:19:31 +0000

Have you installed a database server and wish you could have installed a web server and php on it to so that you can create your own script to manage the database?

Unfortunately, I came across that situation.

Installing new daemon/server into Linux is an easy task and you don’t have to restart your server. This is a good news for you, that means no downtime for database server.

Let’s start with the installation.

1. Install the Apache Server – Linux server will download some files to be installed and after installing the Apache server, apt-get will start it for you.

# apt-get install apache2

Now, you have a running web server. To test your server:

Apache – type into your URL “http://” and you should have

2. Install PHP5 – Linux server will download all files needed to install PHP5 into your server then apt-get will restart the web server for you.

# apt-get install php5

If web server is not restarted, don’t worry about it for now coz, we have to install the PHP5 module for your web server.

3. Install PHP5 module for Apache

# apt-get install libapache2-mod-php5

If your web server was not restarted, you have to restart it manually.

# /etc/init.d/apache2 restart

To test PHP5, create info.php to view the PHP5 configuration.

phpinfo();
?>

Check PHP5 configuration in your browser, type in “http:///info.php” and you should see the PHP5 configuration.

And… You’re done!

Mounting nfs share on boot

andoylang — Mon, 26 Jul 2010 13:42:51 +0000

Have you encountered that your mounted nfs folder disappeared after the server reboot (for whatever reason)?

Very frustrating huh?!

I will show you how to mount and will not lose the connection.

Let’s check what are the shared folder exported from our NFS server.

# showmount -e
The program ‘showmount’ is currently not installed. You can install it by typing:
apt-get install nfs-common
showmount: command not found

Arg!!! showmount is not installed. Have to install it first using apt-get.

# apt-get install nfs-common

Now we can view the shared folder from our NFS server.

# showmount -e
Export list for :
/mnt/ /255.255.255.0

Let’s try to mount it to test if we will not encounter any problem in mounting the shared folder.

# mount :/mnt/ /home//

We can check the newly mounted share using df.

# df -k
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/sda3             48425796   3339580 42626264   8% /
udev                    509032       248    508784   1% /dev
none                    509032         0    509032   0% /dev/shm
none                    509032       112    508920   1% /var/run
none                    509032         0    509032   0% /var/lock
none                    509032         0    509032   0% /lib/init/rw
:/mnt/ 511900416 139367936 346531840 29% /home//

Neat! It was mounted without any problem.

Mounting it without losing it on boot is not that hard. We have to edit the /etc/fstab

# vi /etc/fstab

Add this line at the bottom the details that you saw when you viewed the shared folder from our NFS server (see above).

:/mnt/ /home// nfs rw 0 0

Reboot the server and watch the magic as it happens.

Check the mounted shared folder using df.

Neat!

Add Alfresco on bootup

andoylang — Sun, 25 Jul 2010 06:49:26 +0000

Ola amigos y amigas

Just finished everything from Alfresco with CIFS a few days ago. I have to test everything from start to simulate all the changes that I made is working properly.

Reboot the server.

Check the Alfresco in my browser. It’s not working, expected result.

But, I want my Alfresco to start at boot so that I don’t have to manually start it everytime I boot my server.

Let’s see…

I need to add alfresco script to start-up application.

# cd /opt/alfresco/33G
# update-rc.d alfresco.sh defaults
update-rc.d: warning: /etc/init.d/alfresco.sh missing LSB information
update-rc.d: see
Adding system startup for /etc/init.d/alfresco.sh …
/etc/rc0.d/K20alfresco.sh -> ../init.d/alfresco.sh
/etc/rc1.d/K20alfresco.sh -> ../init.d/alfresco.sh
/etc/rc6.d/K20alfresco.sh -> ../init.d/alfresco.sh
/etc/rc2.d/S20alfresco.sh -> ../init.d/alfresco.sh
/etc/rc3.d/S20alfresco.sh -> ../init.d/alfresco.sh
/etc/rc4.d/S20alfresco.sh -> ../init.d/alfresco.sh
/etc/rc5.d/S20alfresco.sh -> ../init.d/alfresco.sh
#

Reboot the machine again. Now, Alfresco started. Nice!

Tried Alfresco in Windows Explorer. No dice.

Just remembered that I have to run the iptables again. Argg!

I need to create the iptables script and execute it on boot like alfresco script.

# cd /etc/init.d
# vi alfresco.iptables

Put in the iptables commands

#!/bin/bash
# Flash all IPTables rule
iptables -F
iptables -t nat -F

# Accept all INPUT, Forward and Output
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

# IPTables forwarding samba port to Alfresco
iptables -A INPUT -p udp -m state –state NEW –dport 137 -j ACCEPT
iptables -A INPUT -p udp -m state –state NEW –dport 138 -j ACCEPT
iptables -A INPUT -p tcp -m state –state NEW –dport 139 -j ACCEPT
iptables -A INPUT -p tcp -m state –state NEW –dport 445 -j ACCEPT

#IPTables for Alfresco
iptables -t nat -A PREROUTING -p udp –dport 137 -j REDIRECT –to-ports 1137
iptables -t nat -A PREROUTING -p udp –dport 138 -j REDIRECT –to-ports 1138
iptables -t nat -A PREROUTING -p tcp –dport 139 -j REDIRECT –to-ports 1139
iptables -t nat -A PREROUTING -p tcp –dport 445 -j REDIRECT –to-ports 1445

Make it executable and run update-rc.d again.

# chmod 755 alfresco.iptables
# update-rc.d alfresco.iptables defaults
update-rc.d: warning: /etc/init.d/alfresco.iptables missing LSB information
update-rc.d: see
Adding system startup for /etc/init.d/alfresco.iptables …
/etc/rc0.d/K20alfresco.sh -> ../init.d/alfresco.iptables
/etc/rc1.d/K20alfresco.sh -> ../init.d/alfresco.iptables
/etc/rc6.d/K20alfresco.sh -> ../init.d/alfresco.iptables
/etc/rc2.d/S20alfresco.sh -> ../init.d/alfresco.iptables
/etc/rc3.d/S20alfresco.sh -> ../init.d/alfresco.iptables
/etc/rc4.d/S20alfresco.sh -> ../init.d/alfresco.iptables
/etc/rc5.d/S20alfresco.sh -> ../init.d/alfresco.iptables
#

Reboot Alfresco Server again.

Test Alfresco.

Isn’t it nice when your application runs perfectyly

Alfresco with CIFS

andoylang — Tue, 20 Jul 2010 14:30:22 +0000

After successfull configuration on Alfresco authenticating in Active Directory. We will try the hardest part in Alfresco configuration.

Alfresco with CIFS

I tried configuring this for weeks now to no avail. Search in Google, Yahoo, Bing, etc. No luck still.

Finally I hit a jackpot!

Let me tell you how I did it.

I only edit the /opt/alfresco/tomcat/shared/classes/alfresco-global.properties and didn’t touch any file other than this. Remember to put your configuration at the end of the file.

Authentication chain should be alfrescoNtlm, passthru and ldap.

authentication.chain=alfrescoNtlm1:alfrescoNtlm,passthru1:passthru,ldap1:ldap

why 3?

Based on Alfresco Wiki – ldap can synchronize with Active Directory (which is what we did in previous blog) while passthru can do authentication for CIFS. Read carefully the Note, it will save you a head ache.

Alfresco NTLM, passthru and ldap configuration for CIFS

ntlm.authentication.sso.enabled=false
ntlm.authentication.authenticateCIFS=false
alfresco.authentication.authenticateCIFS=false
alfresco.authentication.allowGuestLogin=false
passthru.authentication.sso.enabled=false
passthru.authentication.authenticateCIFS=true
ldap.authentication.active=false
ldap.synchronization.active=true

Authentication domain can be left blank while the authentication server

passthru.authentication.useLocalServer=false
passthru.authentication.domain=
passthru.authentication.servers=\\

I don’t want unknown users to connect into my Alfresco server.

ntlm.authentication.sso.enables=false
ntlm.authentication.mapUnknownUserToGuest=false

I don’t want to use FTP

passthru.authentication.authenticateFTP=false

Define the administrator accounts separated by coma. In my case, I want my Administrator account.

passthru.authentication.guestAccess=false
passthru.authentication.defaultAdministratorUserNames=administrator
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS

Ldap Synchronisation – have to define the authentication type and the authentication server url

ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=%s
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://:389
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false

We need to provide the Active Directory account with Administrator privileges to bind with Active Directory.

ldap.synchronization.java.naming.security.principal=\\administrator
ldap.synchronization.java.naming.security.credentials=
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupDifferentialQuery=(&(objectclass=nogroup)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(& (objectclass=user)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupQuery=(objectclass\=group)

Synchronization for group and user per domain.

ldap.synchronization.groupSearchBase=cn\=users,dc=,dc=com
ldap.synchronization.userSearchBase=cn\=users,dc=,dc=com

The query that we want to pass to Active Directory

ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss’.0Z’
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=msExchALObjectVersion
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=Nogroup
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member
synchronization.synchronizeChangesOnly=true

CIFS Configuration.

cifs.disableNativeCode=false
cifs.enabled=true
cifs.serverName=
cifs.domain=
cifs.hostannounce=true
cifs.sessionTimeout=500
cifs.ipv6.enabled=false
cifs.tcpipSMB.port=1445
cifs.netBIOSSMB.namePort=1137
cifs.netBIOSSMB.datagramPort=1138
cifs.netBIOSSMB.sessionPort=1139
cifs.WINS.autoDetectEnabled=true

Save and start Alfresco.

I’m accessing alfresco as alfresco_user. That means I don’t have privilege to use SMB ports. IPTables comes in handy. (whisper: I got this from Alfresco wiki )

# iptables -F
# iptables -t nat -F
# iptables -P INPUT ACCEPT
# iptables -P FORWARD ACCEPT
# iptables -P OUTPUT ACCEPT
# iptables -t nat -A PREROUTING -p tcp –dport 445 -j REDIRECT –to-ports 1445
# iptables -t nat -A PREROUTING -p tcp –dport 139 -j REDIRECT –to-ports 1139
# iptables -t nat -A PREROUTING -p udp –dport 137 -j REDIRECT –to-ports 1137
# iptables -t nat -A PREROUTING -p udp –dport 138 -j REDIRECT –to-ports 1138

In my case I opened three terminal, one is for Alfresco log monitoring in case there’s an error and second is to modify alfresco-global.properties and the third is to start/stop alfresco.

alf_start.sh

Neat eh! No error. We’ll try to connect to Alfresco from windows xp.

ERROR [org.alfresco.fileserver] java.lang.IllegalArgumentException: NetworkFile does not implement NetworkFileStateInterface
ERROR [org.alfresco.fileserver]    at org.alfresco.jlan.server.filesys.cache.FileStateLockManager.lockFile(FileStateLockManager.java:147)
ERROR [org.alfresco.fileserver]    at org.alfresco.jlan.smb.server.NTProtocolHandler.procLockingAndX(NTProtocolHandler.java:2104)
ERROR [org.alfresco.fileserver]    at org.alfresco.jlan.smb.server.NTProtocolHandler.runProtocol(NTProtocolHandler.java:299)
ERROR [org.alfresco.fileserver]    at org.alfresco.jlan.smb.server.SMBSrvSession.runHandler(SMBSrvSession.java:1366)
ERROR [org.alfresco.fileserver]    at org.alfresco.jlan.smb.server.SMBSrvSession.processPacket(SMBSrvSession.java:1458)
ERROR [org.alfresco.fileserver]    at org.alfresco.jlan.smb.server.nio.NIOCIFSThreadRequest.runRequest(NIOCIFSThreadRequest.java:105)
ERROR [org.alfresco.fileserver]    at org.alfresco.jlan.server.thread.ThreadRequestPool$ThreadWorker.run(ThreadRequestPool.java:153)
ERROR [org.alfresco.fileserver]    at java.lang.Thread.run(Thread.java:619)

What?! Error again! (went to pantry and get a coffee)

Troubleshooting:

Checking the iptables rules

# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
REDIRECT   tcp – anywhere             anywhere            tcp dpt:microsoft-ds redir ports 1445
REDIRECT   tcp – anywhere             anywhere            tcp dpt:netbios-ssn redir ports 1139
REDIRECT   udp – anywhere             anywhere            udp dpt:netbios-ns redir ports 1137
REDIRECT   udp – anywhere             anywhere            udp dpt:netbios-dgm redir ports 1138

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Everything seems to be in order.

I will try connecting to the ports from my Linux box.

# smbclient -U andy \\\\\\alfresco -p 1139
Enter andy’s password:
Domain=[] OS=[Java] Server=[Alfresco CIFS Server 5.1.0]
smb: \> ls
.                                   D        0 Tue Jul 13 16:06:10 2010
.                                   D        0 Tue Jul 13 16:06:10 2010
__Alfresco.url                      R      134 Tue Jul 20 15:49:37 2010
Data Dictionary                     D        0 Tue Jul 13 16:06:10 2010
Guest Home                          D        0 Tue Jul 13 16:06:11 2010
User Homes                          D        0 Tue Jul 13 16:06:11 2010
Sites                               D        0 Tue Jul 13 16:06:26 2010
Web Projects                        D        0 Tue Jul 13 16:06:52 2010
Web Deployed                        D        0 Tue Jul 13 16:06:53 2010

40000 blocks of size 2097152. 36000 blocks available
smb: \>

That’s good. Linux box was able to connect to Alfresco. Port forwarding is working perfectly. But not Windows XP. Why?! (Thinking… sipping coffee)

Wait. I used port 1139 instead of 139, Windows is using port 139 and not 1139. I’ll try it again, this time I will connect my Linux box to port 139.

# smbclient -U andy \\\\\\alfresco -p 139
Enter andy’s password:
Connection to failed (Error NT_STATUS_CONNECTION_REFUSED)

BAM! Error! NT_STATUS_CONNECTION_REFUSED (Thinking… Pulling my hair)

That means port 139 is closed. If it’s closed we need to open it.

# iptables -A INPUT -p udp -m state –state NEW –dport 137 -j ACCEPT
# iptables -A INPUT -p udp -m state –state NEW –dport 138 -j ACCEPT
# iptables -A INPUT -p tcp -m state –state NEW –dport 139 -j ACCEPT
# iptables -A INPUT -p tcp -m state –state NEW –dport 445 -j ACCEPT

IPTables above will accept new connection on ports 137, 138, 139 and 445 so that redirection will take effect otherwise, IPTables will drop the connection on the said ports.

Try again. Test Alfresco from windows xp.

Good! Good! no error. I was able to connect.

Let’s try to copy file to Alfresco.

Neat! Accepting ports in 137, 138, 139 and 445 solved the problem.

Ha! Ha! Ha!

Hope you’ll be happy like me

Alfresco with Active Directory

andoylang — Sun, 18 Jul 2010 14:07:23 +0000

If you have not read my Basic Alfresco Installation read it now before going here.

We will going to configure Alfresco to authenticate using Active Directory so that our Windows users can use Alfresco. We will not have any Alfresco account.

Alfresco’s configuration file is alfresco-global.properties, you can find it in /opt/alfresco/tomcat/shared/classes. Make sure to backup the original file, in case you mess up with it.

Basic configuration is already defined and we will add our configuration at the bottom of the file.

Authentication Chain will be passthru with ldap

authentication.chain=passthru1:passthru,ldap1:ldap

Passthru configuration. I don’t want guest users to login into my Alfresco and access my files.

passthru.authentication.sso.enabled=false
passthru.authentication.allowGuestLogin=false

Passthru authentication. We are not going to use CIFS/Samba and FTP, thus we are going to disable it.

passthru.authentication.authenticateCIFS=false
passthru.authentication.authenticateFTP=false

We have to define the Active Directory server where Alfresco users will be authenticated and define the Administrator account who’s going to configure our Alfresco.

passthru.authentication.servers=<Your.AD.Server.IP.Address>
passthru.authentication.domain=<Netbios Domain>
passthru.authentication.useLocalServer=false
passthru.authentication.defaultAdministratorUserNames=<Your.Active.Directory.Administrator.Account>
passthru.authentication.connectTimeout=5000
passthru.authentication.offlineCheckInterval=300
passthru.authentication.protocolOrder=TCPIP,NETBIOS

Ldap authentication configuration. I don’t want an LDAP authentication rather I want a passthru authentication

ldap.authentication.active=false
ldap.authentication.java.naming.security.authentication=simple
ldap.authentication.userNameFormat=%s
ldap.authentication.allowGuestLogin=false
ldap.authentication.java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
ldap.authentication.java.naming.provider.url=ldap://:389
ldap.authentication.escapeCommasInBind=false
ldap.authentication.escapeCommasInUid=false

Ldap Synchronization. You have to define the user that has an administrative account in your Active Directory. This account will login to your Active Directory Server to pull all your users.

ldap.synchronization.active=true
ldap.synchronization.java.naming.security.principal=\\
ldap.synchronization.java.naming.security.credentials=
ldap.synchronization.queryBatchSize=1000
ldap.synchronization.groupDifferentialQuery=(&(objectclass=nogroup)(!(modifyTimestamp<\={0})))
ldap.synchronization.personQuery=(&(objectclass=user)(userAccountControl\:1.2.840.113556.1.4.803\:\=512))
ldap.synchronization.personDifferentialQuery=(& (objectclass=user)(!(modifyTimestamp<\={0})))
ldap.synchronization.groupQuery=(objectclass\=group)

We are going to synchronize all users and groups from your Domain.

ldap.synchronization.groupSearchBase=cn\=users,dc=,dc=com
ldap.synchronization.userSearchBase=cn\=users,dc=,dc=com

Other default ldap synchronization configuration

ldap.synchronization.modifyTimestampAttributeName=modifyTimestamp
ldap.synchronization.timestampFormat=yyyyMMddHHmmss’.0Z’
ldap.synchronization.userIdAttributeName=sAMAccountName
ldap.synchronization.userFirstNameAttributeName=givenName
ldap.synchronization.userLastNameAttributeName=sn
ldap.synchronization.userEmailAttributeName=mail
ldap.synchronization.userOrganizationalIdAttributeName=msExchALObjectVersion
ldap.synchronization.defaultHomeFolderProvider=userHomesHomeFolderProvider
ldap.synchronization.groupIdAttributeName=cn
ldap.synchronization.groupType=Nogroup
ldap.synchronization.personType=user
ldap.synchronization.groupMemberAttributeName=member

We want to synchronize the changes that we made from our Active Directory

synchronization.synchronizeChangesOnly=true

We are not going to use CIFS/Samba

cifs.enabled=false

Start your Alfresco and monitor your log.

$ cd /opt/alfresco
$ ./alf_start.sh
$ tail -f alfresco.log

Everything seems to be ok.

From your browser, type in your Alfresco server with port 8080

http://:8080/alfresco

while your Alfresco Share is

http://:8080/share

Next time, I will configure Alfresco with CIFS/Samba. I read that this is tough to configure.

Wish me luck!

Alfresco basic installation

andoylang — Thu, 15 Jul 2010 08:28:24 +0000

What is Alfresco?

From wikipedia:

Alfresco is an enterprise content management system for Microsoft Windows and Unix-like operating systems. Alfresco comes in two flavours[2]. Alfresco Community Edition is free software, LGPL licensed open source and open standards. Alfresco Enterprise Edition is commercially & proprietary licensed open source, open standards and enterprise scale. Its design is geared towards users who require a high degree of modularity and scalable performance.

From Samaxes:

A lot of people still misunderstand the purpose of Alfresco. Alfresco is not yet a full WCM (Web Content Management) like Joomla or Drupal, but an ECM (Enterprise Content Management).

Alfresco, at its core, is a general purpose content repository with content management services. It can be used to manage all your business documents and transform them in web-ready formats (HTML, PDF) and categorize them linking into overall site navigation and index pages.

Did he say, manage all your business documents and transform them into web-ready formats? That’s what I’m looking for.

I’m going to install one for me to see what it really offers.

All installation must be done as root. Otherwise you have to do a sudo on each command.

# sudo su

After installing your linux server for Alfresco. You have to upgrade it. I mean, you have to download and install all the fixes for your linux version.

# apt-get upgrade

Install all the Alfresco pre-requisite

# apt-get install mysql-server sun-java6-jdk imagemagick swftools openoffice.org-core openoffice.org-java-common openoffice.org-writer openoffice.org- impress openoffice.org-calc

Add your JAVA_HOME settings in your System-wide environment viriables. This will enable all users to use the JAVA environt when they login into the system. Edit the environment file and add JAVA_HOME=”/usr/lib/jvm/java-6-sun/” at the end of the line

# vi /etc/environment

To use the newly added environment variable, it’s either you have to logout and login again so that the JAVA environment variables will be added into your session or reload the System-wide environment. I prefer to reload the environment variables without re-login.

# source /etc/environment

After installing the pre-requisite applications now, Alfresco installation.

I prefer to install 3rd party application in /opt to separate the linux application from other application. This helps me in managing and administration.

# makdir -p /opt/alfresco/33G

Have to change the permission of the newly created folder for alfresco_user.

# chown -R alfresco_user:alfresco_user /opt/alfresco

Download alfresco using alfresco_user

# exit
$ cd ~
$ mkdir download
$ cd download
$ wget http://dl.alfresco.com/release/community/build-2860/Alfresco-Community-3.3g-Linux-x86-Install?dl_file=release/community/build-2860/Alfresco-Community-3.3g-Linux-x86-Install

Change Alfresco’s permission and Install

$ chmod 744 Alfresco-Community-3.3g-Linux-x86-Install.bin
$ ./Alfresco-Community-3.3g-Linux-x86-Install.bin

Follow the installation procedure

After the installation, run alfresco for the first time.

$ cd /opt/alfresco/33G
$ ./alf_start.sh

Check Alfresco log for error.

$ tail -f alfresco.log

Running good… good… Error! Error!

ERROR [org.alfresco.repo.content.transform.magick.AbstractImageMagickContentTransformerWorker] ImageMagickContentTransformerWorker not available: 06130000 Failed to perfo rm ImageMagick transformation:
Execution result:
os: Linux
command: [/usr/local/bin/convert, /opt/alfresco/tomcat/temp/Alfresco/ImageMagickContentTransformerWorker_init_source_5931186726648279134.gif[0], /opt/alfresco/tomcat/temp/Alfresco/ImageMagickContentTransformerWorker_init_target_339515008452978855.png]
succeeded: false
exit code: 1
out:
err: Cannot run program “/usr/local/bin/convert”: java.io.IOException: error=2, No such file or directory
16:06:05,588 ERROR [org.alfresco.repo.content.transform.RuntimeExecutableContentTransformerWorker] Failed to start a runtime executable content transformer:
Execution result:
os: Linux
command: [/opt/alfresco/bin/pdf2swf, -V]
succeeded: false
exit code: 1
out:
err: Cannot run program “/opt/alfresco/bin/pdf2swf”: java.io.IOException: error=2, No such file or directory

The error is “Cannot run program /usr/local/bin/convert”. Checking if the file really exist, Alfresco’s right. There’s no convert in /usr/local/bin.

We have to find (It’s better if we find the missing file as root) those applications and fix it according to Alfresco’s configuration. First problem is convert.

$ sudo find / -name convert -print

Found it! It’s in /usr/bin and not in /usr/local/bin, as per Alfresco’s configuration.

/usr/bin/convert
/usr/local/bin/convert

We will going to fix it by creating a link from /usr/bin to /usr/local/bin so that Alfresco can detect it.

$ sudo ln -s /usr/bin/convert /usr/local/bin/convert

Do the same for converter and pdf2swf

Restart Alfresco and check for error

$ cd /opt/alfresco/33G
$ ./alf_stop.sh
$ ./alf_start.sh
$ tail -f alfresco.log

Looks good eh! Seeing Alfresco started without error.

Wait! Wait! I saw some warning on JVM.

18:11:31,144 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM – v1.6.0_20-b02; maximum heap size 494.938MB
18:11:31,144 WARN [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM – WARNING – maximum heap size 494.938MB is less than recommended 512MB

Ok! Ok! We will fix it too.

We have to expand the JVM memory to solve this warning. Go to Alfresco install home, in my installation it’s in /opt/alfresco/33G, and edit the alfresco.sh file, and modify the JAVA_OPTS:

From:

export JAVA_OPTS=’-Xms128m -Xmx512m -XX:MaxPermSize=128m -server’

To:

export JAVA_OPTS=’-Xms256m -Xmx1024m -XX:MaxPermSize=512m -server’

Restart Alfresco again.

18:32:17,312 INFO [org.alfresco.service.descriptor.DescriptorService] Alfresco JVM – v1.6.0_20-b02; maximum heap size 989.875MB

Very good! Whew!

Now, log-in to Alfresco from your favorite browser:

http://:8080/alfresco

Log-in as admin, depends on what account/password you define during your installation. In my case, it’s:

username: admin

password: admin

That’s it for now. Next time we will configure alfresco with Active Directory.

Filtering using Squid

andoylang — Fri, 09 Jul 2010 10:19:59 +0000

Typical office set-up always have an internet connection. Even stores have one and they are fast! Thanks to wireless internet. But, in a office of 30 or more employees with 1MBPS connection, you will have a different experience. That’s because some of your users are downloading mp3′s, movies, etc while working. Those downloads will slow down your internet not to mention the internet advertisement being displayed in most of the website that your users visited.

Hit google and research! I found a solution – Proxy Server. Proxy’s main function is to cache the most visited web sites. But wait, proxy is not only to cache most visited websites, it can do filtering too.

Did I say filtering? Yes, you’re right filtering. I know, most of users will hate you for doing this. They’ll feel that they’re being suppressed of right to access the internet and everything. Ha! ha! ha! I know I’ve been in your shoes.

But, What can you do? Your network is slowing down and you need to speed up the sending/receiving of email, the important websites for research. Managers needs to communicate and do research. Besides, the company needs to make money, right? Otherwise, the company cannot pay your salaries, bla bla bla.

As the System or Network Administrator you need to speed up the internet connection without increasing the bandwidth ‘coz bigger bandwidth costs money.

It’s time to install SQUID proxy server!

There are number of proxy server on the internet why squid? Squid has been around for years and it’s stable and fast but most of all you can configure it according to your need. (whisper: most important, it’s my personal favorite!)

Let’s dig in into business.

Below is the basic configuration to run squid proxy but, we are not interested in that configuration, we are more interested in filtering of websites and internet advertisement, slowing down downloads and stuff.

#General Setup

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
http_port 3128 transparent
icp_port 0
request_body_max_size 10240 KB
cache_mem 64 MB
cache_replacement_policy heap LFUDA
cache_dir ufs /opt/squid/cache 6000 16 256
access_log /var/log/squid/access.log squid

#Replace “server_hostname” with the hostname of your Ubuntu machine
visible_hostname

refresh_pattern -i .deb$ 0 50% 28800
refresh_pattern -i .rpm$ 0 50% 28800
refresh_pattern -i .tgz$ 0 50% 28800
refresh_pattern -i .exe$ 0 50% 28800
refresh_pattern -i .cab$ 0 50% 28800
refresh_pattern -i .zip$ 0 50% 28800
refresh_pattern -i .rar$ 0 50% 28800
refresh_pattern -i .arj$ 0 50% 28800
refresh_pattern -i .jpg$ 0 50% 28800
refresh_pattern -i .gif$ 0 50% 28800
refresh_pattern -i .bmp$ 0 50% 28800
refresh_pattern -i .mov$ 0 50% 28800
refresh_pattern -i .avi$ 0 50% 28800
refresh_pattern -i .mpg$ 0 50% 28800
refresh_pattern -i .mpeg$ 0 50% 28800
refresh_pattern -i .wmv$ 0 50% 28800
refresh_pattern -i .mp3$ 0 50% 28800
refresh_pattern -i .wav$ 0 50% 28800
refresh_pattern -i .bin$ 0 50% 129600

# caching TTL and DNS
negative_ttl 1 minutes
positive_dns_ttl 15 hours
negative_dns_ttl 1 minutes
half_closed_clients off

acl manager proto cache_object
acl CONNECT method CONNECT
acl PURGE method PURGE

Now that you have the basic configuration we will add the Access Lists.

You have to define your IP networks

acl Servers src 192.168.1.0/24
acl Production src 192.168.2.0/24
acl back-office src 192.168.3.0/24
acl sales src 192.168.4.0/24
acl Management src 192.168.5.0/24

Define the web sites that you want to deny and give full speed and most important slow down the downloads.

acl fullspeed dstdomain “/etc/squid/fullspeed.dat”
acl DeniedSites dstdomain “/etc/squid/deniedsites.dat”
acl slow_it_down url_regex -i “/etc/squid/slow_this_down”

Access Lists for ftp

# acl www_ports src 80 443
acl ftp_ports src 21
acl localhost src 127.0.0.1/32
acl manager proto cache_object
acl CONNECT method CONNECT
acl PURGE method PURGE

Define who can and don’t access the internet

http_access allow manager localhost our_network
http_access allow manager localhost
http_access allow servers back-office sales management
http_access allow PURGE
http_access allow localhost
http_access deny manager
http_access deny PURGE
http_access deny DeniedSites

Define the FTP account for anonymous FTP download. Change domain for your domain name

ftp_user Squid@.com
ftp_passive off

Now, for serious stuff.

We don’t want to delay our Servers and management’s traffic. Don’t forget to include your IP Address.

delay_parameters -1/-1 means that they have no limit in using the internet. That includes you

delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_access 1 allow cubic-server fullspeed management networkadmin

For the Second delay pool.
we want to delay downloading files mentioned in slow_it_down.

The numbers here are values in bytes;

40000/500000 = 40 kbps download speed and 25 MB bucket for the network
15000/250000 = 15kbps download speed with 25 MB bucket for each user

after downloaded files exceed about 250000 bytes, they will continue to download at about 5000 bytes/s

delay_class 2 2
delay_parameters 2 40000/500000 15000/250000
delay_access 2 allow slow_it_down production back-office sales

That’s it. Reload squid’s configuration.

# service squid reload

# /etc/init.d/squid reload

After configuring your proxy, it’s time to define the denied websites, etc.

create a file named deniedsites in /etc/squid

# vi /etc/squid/deniedsites

and add the sites that you want to deny.

.youtube.com
.facebook.com
.friendster.com
.video.msn.com
.megavideo.com
.doubleclick.net
.bannerconnect.net
.ads.clicksor.com
.ads.overclock.net
.ads.ozonemedia.co.in
.statcounter.com
.207.net
.2mdn.net
.advertising.com
.atdmt.com
.atwola.com
.intellitxt.com
.kanoodle.com
c.live.com
.msads.net
.ads1.msn.com
.rad.msn.com
c.msn.com
.pointroll.com
.revsci.net
.llnwd.net
.ugamsolutions.com
.zedo.com
sg.adserver.yahoo.com
pagead2.googlesyndication.com
.blip.tv
.dailymotion.com

Wait a minute. Did I just include youtube, facebook and friendster? Now, that’s a serious problem. I will have a lot of question from the users. Yes, you will hehehe and be ready to answer all of them or send out an IT Advisory that the company’s internet is slowing down bla bla bla. You need to be creative on this

The rests are internet advertising sites.

As for downloading of files, you have to define the extension name of the files that you want to slow down.

.ftp
.mp3
.vqf
.rpm
.zip
.avi
.mpeg
.mpe
.mpg
.qt
.ram
.rm
.raw
.wav
.mov

Now, define the web sites that can be downloaded very fast

.google.com
.yahoo.com
..com

NOTE: Be on guard always, users might get back on you on what you’ve done on the internet hehehe

putty as an alternative to hyperterminal

andoylang — Wed, 07 Jul 2010 20:02:13 +0000

New laptop’s don’t come with Serial connection anymore. That’s a problem if your studying/configuring cisco routers. Cisco can only configured with console cable.

I searched ebay and found the RS232 to USB converter but, the driver that comes with it is not working.

I seeked help from all friendly google for the driver and found one that works for me.

Now that I installed the driver, I can now proceed with my study.

I’m going to use putty instead of hyperterminal (windows vista and windows 7 does not have hyperterminal). Below are the procedures on how I configured putty to access my cisco router.

Plug your console cable to cisco router and the RS232 (female) to RS232 (male) of converter and plug the USB in your laptop. Now, you have to check the communication port number from Computer Management (Start –> Control Panel –> Administrative Tools –> Computer Management –> Device Manager and look at Port (COM & LPT).

Open putty and configure:

a. Select Serial from Connection Type
b. Specify the COM Port number in Serial line, check the Com port from above.
c. Speed should be 9600

d. Click on Serial from Category to configure additional Options
e. Flow Control should be None.

f. Click on Window from Category and change the line of scroll back. I use 500,000

g. Go back to Session and save the configuration

Now, power your router and click Open (putty).

Wait for the magic to happen.

Viola! You have your router console terminal.

Email migration using imapsync

andoylang — Tue, 06 Jul 2010 06:51:11 +0000

Email migration is tough job. There are application that can do this but, it will not include emails with attachments.

I found imapsync do the job for me. How I did it? Here’s how:

Install imapsync

# apt-get install imapsync

The syntax is:

# /usr/bin/imapsync \

—host1 imap.truc.org —user1 foo —passfile1 /etc/secret1 \

—host2 imap.trac.org —user2 bar —passfile2 /etc/secret2

This syntax will only migrate 1 email account from 1 domain to another. I created a script that will read the details from file and process the migration.

#!/bin/sh
while read v1 v3 v4 v5 v6
do echo”$v1″ > gmail.account
echo “$v2″ > gmail.passwd
echo “$v4″ > domain.account
echo “$v5″ > domain.passwd
echo “$v6″ > domain.log.account

# to test the script you have to add —dry
# Dry run

imapsync —host1 imap.gmail.com —ssl1 –authmech1 LOGIN —user1 $v1 —password1 $v2 —host2 mail.domain.com —ssl2 —authmech2 LOGIN —user2 $v4 —passfile2 $5 —skipsize —allowsizemismatch —dry > /home/root/imapsync/logs/$v6
done < migrate.account

This script will read the email account detail from migrate.account up to the last record. Lists of email accounts that you want to migrate.

email@gmail.com gmailpassword email@domain.com domainpassword email_log

To run the script:

You have to set the permission of the script

# chmod 744 email.migration

Create a log folder

# mkdir logs

Run the script

# ./email.migration

And of you go. Now, monitor the migration in log folder