I’m all moved in and situated in our new apartment. It is a nice area. Thanks go to Mark for his assistance this past weekend. Installed a Linksys WET54GS5 wireless to ethernet bridge to avoid some hairy cabling throughout the apartment. As expected, work has been occupying a lot of my time, though I’m learning more and more each day. This week alone I’ve fiddled with the Palm OS Simulator in order to debug a Stryker application, worked with regular expressions using JRX Real-time JavaScript Regular Expression Evaluator, installed and configuration centralized authentication for all our Linux boxes, ported our source control repositories to Linux, and experimented with open source forum software. I’ve also started working towards my Sun Developer Certification. Next week should prove equally busy.

Security-Enhanced Linux is a great idea, and does a fantastic job of being transparent to the end user. That is, except when initializing a PostgreSQL database under Centos 4. More information about SELinux is available in the Linux Red Hat SELinux Guide.

Some notes on getting CVS running on Red Hat, and another for Fedora Core 2. Information for Red Hat 6.1 with CVS, with information on authentication, and finally, a Linux Format article on CVS.

Centralized authentication under Linux shouldn’t be so difficult. Looking at the directory options, your choices basically boil down to Network Information Service (NIS), Network Information Service Plus (NIS+), MIT Kerberos, or Lightweight Directory Access Protocol (LDAP).

In this set of notes, I use OpenLDAP as the mechanism for centralized authentication, namely, because it has a lot of industry support, including products such as Novell eDirectory, Microsoft Active Directory, and IBM RADIUS, all of which implement LDAP as the backend to their authentication systems.

More importantly, Linux users who wish to authenticate via Microsoft Active Directory can actually do so, thanks to Microsoft Services for UNIX. Reciprocally, Microsoft Windows workstations can centrally authenticate to a Linux primary domain controller through Samba. Of course, configuration becomes more difficult as complexity increases.

In my work, I only have to worry about Linux machines. And in my case, the domain controller is running CentOS, while my clients are all Linux boxes running Debian, Fedora, Red Hat Enterprise Linux, and SuSE. Variety is the spice of life, but more often than not, it’s the clients decision and we just go with it.

The good news is that there’s a ton of documentation out there for completing such a setup. The bad news is that none of them are entirely correct. Thus, my personal set of notes.

The first step is to install the OpenLDAP server on the domain controller, and install the OpenLDAP clients on the clients. In CentOS, this is simply:

yum install openldap-servers
yum install openldap-clients

Next, complete the chapter on Lightweight Directory Access Protocol. Caveat: during migrate_all_online.sh, credentials is just a fancy word for password. Also, the migrate scripts may not work. If this is the case, you must comment out some of the imports until you find the one that is causing the error:

slapadd: could not parse entry (line=71)

Worse, there seems to be no standardized mechanism for adding and deleting users after the initial import.

After completion:

chown -R ldap /var/lib/ldap

You may also want home directories to be automatically created on login if they do not exist. To do so, add:

session required pam_mkhomedir.so  skel=/etc/skel umask=0022

to the relevant /etc/pam.d files.

Debugging

The LDAP Browser/Editor is essential in debugging the LDAP configuration. For the login, be sure that you use the full rootdn string, that is:

cn=manager,dc=objectwareinc,dc=net

The LDAP browser will provide read/write access to the LDAP directory.

Resources

• OpenLDAP in Debian
• Authenticating with LDAP
• LDAP Authentication for Linux
• Writing PAM Modules
• Creating a User Home directory when you use LDAP Authentication

After completing the Road to Hibernate tutorial, Nick Heudecker’s Introduction to Hibernate provides an excellent second reading that continues the Hibernate learning experience with many-to-one relationships and sets. It also introduces the use of the hbm2ddl utility to generate table schemas from the XML mapping documents, as well as hbm2java, found in the Hibernate Extensions package, which takes mapping documents and generates stub Java files.

Though I talk about Hibernate a lot, it’s certainly not the only framework for object relational mapping for J2EE. There are even a few open source frameworks for the .NET platform, including Gentle.NET, and NHibernate, to name a few. Sadly, it doesn’t appear that object relational mapping has taken off to the extent that it has in the Java world, at least not in the open source sense; perhaps everyone is still sitting around waiting for Microsoft ObjectSpaces to arrive. And when it does, I’m certain that it will be tied to a particular database anyway.

Though the result was very anticlimatic, I’m happy to announce that I’ve just passed my Sun Certified Programmer Exam. The mock Java Programmer Exam Simulator is surprisingly consistent with the actual exam, and JavaRanch has additional mock exams to practice with. I don’t care what people say, but certifications are not easy to get, particularly if you get them from respectable companies. Though I consider myself a good Java programmer, the exam was still a very humbling experience, and I now have a lot more respect for professional certifications than I used to.

Up next, the Sun Certified Java Developer two-part exam, followed by the Sun Certified Web Component Developer exam. It’s like academia for the corporate world.

As Michael is quick to point out, XMLHTTP has been around for a while. But it wasn’t until Google Maps and Google Suggest that I really become interested in the use of cross-platform client-side scripting. Microsoft originally implemented XMLHttpRequest in Internet Explorer 5 for Windows as an ActiveX object. Recently, both Safari and Mozilla have chosen to adopt this proprietary extension as native components, paving the way for asynchronous Javascript development. Adaptive Path calls this new approach to web development Ajax, and it has a lot of potential for some exciting web-based user interfaces. I’ve already started using it in several of our web applications at work.

Magnolia is actually much easier to build than I expected. You simply need Subversion to pull from the repository and Maven to build.

All on one line:

svn export
http://svn.magnolia.info/svn/magnolia/branches/magnolia2.02

And to compile, run maven within the directory. The only part they don’t tell you is that you’ll need an existing JSR repository folder in order to run Magnolia successfully.

Like last month, and the month before, it was once again time for our monthly blogger meetup at the Prince of Wales. Lots of new, friendly faces, including Brian, other Scott, Lady Crumpet , and Robert, and well as our regulars, Hollis MB, music Scott, and Lisa. Sadly, Mary could not attend, and thus I could not find my car. Lori’s puppy also became sick, and understandably, she was also unable to make the event.

Donald Knuth, Professor Emeritus of The Art of Computer Programming at Stanford University, creator of the TeX Typesetting System, interviews on National Public Radio. His astonishing thirty four page resume is also available on his web site.