Archive for April 2011
Using the Sun PDF Import OpenOffice extension to collaborate on PDF documents
A seldom-promoted feature of OpenOffice is the ability for users to collaborate on PDFs using the Sun PDF Import extension. It’s a fantastic way to seamlessly share and edit PDF documents, which would otherwise leave you having to send the source file and PDF around (clumsy), or rely on an Adobe Acrobat license to retro-actively edit the PDF (clumsy and expensive).
Here’s how it works. When an OpenOffice document is exported as a “hybrid” PDF, a copy of the source ODF file is embedded in the PDF. When the PDF (not the ODF) is then opened in another instance of OpenOffice with the extension installed, the source file is available for editing: a user can conveniently make changes as needed, and then export the file as a hybrid PDF for further sharing, or, as a standard PDF for end-delivery.
First, grab the Sun PDF Import Extension from here: http://extensions.services.openoffice.org/project/pdfimport
First thing you’ll note is that it’s a free download. I imagine the reason for this is that it’s open source, which possibly prevented Oracle from restricting it to people with USD9000 burning a hole in their back pocket.
Anyway, download the extension for the platform of your choice (I use two OpenIndiana x86 machines, and the Solaris x86 installer works just fine), and install it in OpenOffice (goto Tools -> Extension Manager):
Now, using a new or existing OpenOffice Writer document, export a file as a PDF.
In the PDF options window that appears, tick “Create hybrid file”:
This will export a perfectly normal-looking PDF of your source document – no surprises here:
However, let’s try using another machine running OpenOffice with same Sun PDF Import extension installed to open up the PDF directly, and see what happens. Simply use the standard File -> Open command in OpenOffice to open the PDF – there is no “importing” or whatever involved.
Et voila: With the extension installed, we can freely edit the PDF as an ODF file, adding new content, images…anything you can do natively in OpenOffice:
Once done, you can export the file as a hybrid PDF for further collaboration, or simply a standard PDF if you like:
Great feature, and one that’s particularly useful for people and organisations smart enough to use open source productivity applications as alternatives to the paid, proprietary status quo.
Oracle dumps OpenOffice – but what of the Sun ODF plugin?
Now that the brilliant minds at Oracle have realised too late that no-one is interested in their ham-fisted attempt to make money out of a commercialised variant of OpenOffice, any word on whether they’ll revert to making the Sun ODF plugin for Microsoft Office a free download again, rather than the minimum USD9000 dollar spend their sales and marketing team decided on instead?
A simple enough question, but one (given Oracle’s proven ability to communicate clearly and in a timely fashion with their valued user communities) that I’m not expecting an answer to anytime soon…
Bordeaux for OpenIndiana part 2: Safari and VLC media player
Continuing on in my multi-part review of Bordeaux for OpenIndiana, I’m trying out a few of the supported applications to see how well they run.
I must say there are some odd inclusions to the supported applications list, amongst them VLC media player, and Apple’s Safari web browser. Practically every current desktop-ish operating system out there is guaranteed to have a media player of some sort available for it: on OpenIndiana, I use MPlayer (which runs great), and generally if you’re running desktop Linux then you’re going to have access to a whole bunch of media players capable of handling practically any codec or format imaginable – so I’m not entirely sure why VLC under Wine would be desirable, nor even something Wine development resources should be focused on. Running VLC under Bordeaux for Linux, for example, just feels a bit pointless.
Safari is a similarly baffling inclusion. The rationale is so that web designers have access to Safari to check the rendering of web pages on – but I really think any web designer remotely serious about their job (at least, serious enough to use the title “web designer”) would have access to a Mac OS X box of some sort. Furthermore, Safari itself in my opinion is just a pointless browser to support – it runs on a single platform, is controlled by a single vendor, and frankly – in this day and age of cross compatibility – is just increasingly irrelevant to me.
At any rate, the performance of both of these applications under Bordeaux on OpenIndiana leaves plenty to be desired. VLC wouldn’t install at all using the standard Bordeaux GUI: I believe Bordeaux references download locations on the actual source vendors’ sites, and if the vendor changes these at all then the installer ceases to work: unfortunately, the Bordeaux installer GUI does not give sufficient feedback that this is the case. After manually downloading and installing VLC 1.1.0 for Windows under Bordeaux, I immediately noticed graphical artifacts in the VLC GUI:
Interestingly, actual movie quality seemed to be degraded compared to the same file being played back under a native media player. In the below grab, a native media player is on the left, with the same movie being played back under VLC on Bordeaux on the right – click to zoom:
Regarding Safari, the application appeared to install, but when attempting to view bookmarks, or perform other certain commands, the application would crash:
Even worse, it would then screw up the windowing system, requiring manual killing of the wine processes:
Finally, I could never actually get to any sites, internal or external, even though internet connectivity on the host was fine.
My suggestion to the Bordeaux developers would be to simply remove these redundant applications from the supported applications list, and focus on getting core business applications such as Microsoft Office working seamlessly under Bordeaux. Even if someone out there really does have a use for VLC or Safari under Wine, then it’s imperative to have these applications running smoothly in a shipping product: my initial impressions are that there are several areas where things aren’t quite ready for prime time.
Set up LDAP authentication between Ubuntu 10.04 and OpenDJ 2.4.1
The following guide describes how to quickly set up a test environment for authenticating Ubuntu client LDAP logins to a directory server. This is an insecure setup, intended only for learning more about LDAP authentication.
I am using VirtualBox to virtualise my test Ubuntu 10.04 client, although you may of course use a physical machine. The LDAP server is Forgerock’s OpenDJ v2.4.1, running on OpenIndiana oi_147 x86. OpenDJ is chosen for its brilliantly easy-to-use Java-based installation and management utilities, coupled with the fact it’s developed by ex-Sun Microsystems talent, and, perhaps best of all, Oracle has nothing to do with it.
This guide assumes prior basic familiarity with installing OpenDJ, and installing VirtualBox guest VMs. Let’s get started.
Install and configure OpenDJ 2.4.1 on the host system
Download OpenDJ 2.4.1 from http://forgerock.com/downloads-opendj.html, and install it via the Java quick start utility. Simply use the default settings as follows:
Next, we want to change the default password storage scheme for our LDAP user accounts to MD5. We use the command-line dsconfig utility for this, which sits in the bin directory of your OpenDJ installation.
Following is a transcript of the sequence of commands performed using dsconfig to do this (including the initial dsconfig command followed by authenticating to the directory server as the administrative user). You’ll note that we are running the utility in interactive mode:
Click on the “view source” button for the command transcripts recreated below for the easy-to-read view.
dave@enigmaforce:/opt/OpenDJ$ /opt/OpenDJ/OpenDJ/bin/dsconfig
>>>> Specify OpenDS LDAP connection parameters
Directory server hostname or IP address [enigmaforce]:
Directory server administration port number [4444]:
Administrator user bind DN [cn=Directory Manager]:
Password for user 'cn=Directory Manager':
>>>> OpenDS configuration console main menu
What do you want to configure?
1) Access Control Handler 23) Log Rotation Policy
2) Account Status Notification Handler 24) Matching Rule
3) Administration Connector 25) Monitor Provider
4) Alert Handler 26) Network Group
5) Attribute Syntax 27) Network Group QOS Policy
6) Backend 28) Password Generator
7) Certificate Mapper 29) Password Policy
8) Connection Handler 30) Password Storage Scheme
9) Crypto Manager 31) Password Validator
10) Debug Target 32) Plugin
11) Entry Cache 33) Plugin Root
12) Extended Operation Handler 34) Replication Domain
13) Extension 35) Replication Server
14) External Changelog Domain 36) Root DN
15) Global Configuration 37) Root DSE Backend
16) Group Implementation 38) SASL Mechanism Handler
17) Identity Mapper 39) Synchronization Provider
18) Key Manager Provider 40) Trust Manager Provider
19) Local DB Index 41) Virtual Attribute
20) Local DB VLV Index 42) Work Queue
21) Log Publisher 43) Workflow
22) Log Retention Policy 44) Workflow Element
q) quit
Enter choice: 29
>>>> Password Policy management menu
What would you like to do?
1) List existing Password Policies
2) Create a new Password Policy
3) View and edit an existing Password Policy
4) Delete an existing Password Policy
b) back
q) quit
Enter choice [b]: 1
Password Policy : Type : password-attribute : default-password-storage-scheme
------------------------:---------:--------------------:--------------------------------
Default Password Policy : generic : userpassword : Salted SHA-1
Root Password Policy : generic : userpassword : Salted SHA-512
Press RETURN to continue
>>>> Password Policy management menu
What would you like to do?
1) List existing Password Policies
2) Create a new Password Policy
3) View and edit an existing Password Policy
4) Delete an existing Password Policy
b) back
q) quit
Enter choice [b]: 3
>>>> Select the Password Policy from the following list:
1) Default Password Policy
2) Root Password Policy
c) cancel
q) quit
Enter choice [c]: 1
>>>> Configure the properties of the Password Policy
Property Value(s)
--------------------------------------------------------------------
1) account-status-notification-handler -
2) allow-expired-password-changes false
3) allow-user-password-changes true
4) default-password-storage-scheme Salted SHA-1
5) deprecated-password-storage-scheme -
6) expire-passwords-without-warning false
7) force-change-on-add false
8) force-change-on-reset false
9) grace-login-count 0
10) idle-lockout-interval 0 s
11) last-login-time-attribute -
12) last-login-time-format -
13) lockout-duration 0 s
14) lockout-failure-count 0
15) lockout-failure-expiration-interval 0 s
16) max-password-age 0 s
17) max-password-reset-age 0 s
18) min-password-age 0 s
19) password-attribute userpassword
20) password-change-requires-current-password false
21) password-expiration-warning-interval 5 d
22) password-generator Random Password Generator
23) password-history-count 0
24) password-history-duration 0 s
25) password-validator -
26) previous-last-login-time-format -
27) require-change-by-time -
28) require-secure-authentication false
29) require-secure-password-changes false
?) help
f) finish - apply any changes to the Password Policy
c) cancel
q) quit
Enter choice [f]: 4
>>>> Configuring the "default-password-storage-scheme" property
Specifies the names of the password storage schemes that are used to
encode clear-text passwords for this password policy.
Do you want to modify the "default-password-storage-scheme" property?
1) Keep the value: Salted SHA-1
2) Add one or more values
3) Remove one or more values
4) Remove all values
?) help
q) quit
Enter choice [1]: 3
Select the Password Storage Schemes you wish to remove:
1) Salted SHA-1
?) help
c) cancel
q) quit
Enter one or more choices separated by commas [c]: 1
Press RETURN to continue
>>>> Configuring the "default-password-storage-scheme" property (Continued)
Do you want to modify the "default-password-storage-scheme" property?
1) Add one or more values
2) Revert changes
?) help
q) quit
Enter choice [1]: 1
Select the Password Storage Schemes you wish to add:
1) 3DES 9) Salted MD5
2) AES 10) Salted SHA-1
3) Base64 11) Salted SHA-256
4) Blowfish 12) Salted SHA-384
5) Clear 13) Salted SHA-512
6) CRYPT 14) SHA-1
7) MD5 15) Create a new Password Storage Scheme
8) RC4 16) Add all Password Storage Schemes
?) help
c) cancel
q) quit
Enter one or more choices separated by commas [c]: 7
Press RETURN to continue
>>>> Configuring the "default-password-storage-scheme" property (Continued)
Do you want to modify the "default-password-storage-scheme" property?
1) Use the value: MD5
2) Add one or more values
3) Remove one or more values
4) Remove all values
5) Revert changes
?) help
q) quit
Enter choice [1]: 1
Press RETURN to continue
>>>> Configure the properties of the Password Policy
Property Value(s)
--------------------------------------------------------------------
1) account-status-notification-handler -
2) allow-expired-password-changes false
3) allow-user-password-changes true
4) default-password-storage-scheme MD5
5) deprecated-password-storage-scheme -
6) expire-passwords-without-warning false
7) force-change-on-add false
8) force-change-on-reset false
9) grace-login-count 0
10) idle-lockout-interval 0 s
11) last-login-time-attribute -
12) last-login-time-format -
13) lockout-duration 0 s
14) lockout-failure-count 0
15) lockout-failure-expiration-interval 0 s
16) max-password-age 0 s
17) max-password-reset-age 0 s
18) min-password-age 0 s
19) password-attribute userpassword
20) password-change-requires-current-password false
21) password-expiration-warning-interval 5 d
22) password-generator Random Password Generator
23) password-history-count 0
24) password-history-duration 0 s
25) password-validator -
26) previous-last-login-time-format -
27) require-change-by-time -
28) require-secure-authentication false
29) require-secure-password-changes false
?) help
f) finish - apply any changes to the Password Policy
c) cancel
q) quit
Enter choice [f]: f
The Password Policy was modified successfully
Press RETURN to continue
>>>> Password Policy management menu
What would you like to do?
1) List existing Password Policies
2) Create a new Password Policy
3) View and edit an existing Password Policy
4) Delete an existing Password Policy
b) back
q) quit
Enter choice [b]: 1
Password Policy : Type : password-attribute : default-password-storage-scheme
------------------------:---------:--------------------:--------------------------------
Default Password Policy : generic : userpassword : MD5
Root Password Policy : generic : userpassword : Salted SHA-512
Press RETURN to continue
>>>> Password Policy management menu
What would you like to do?
1) List existing Password Policies
2) Create a new Password Policy
3) View and edit an existing Password Policy
4) Delete an existing Password Policy
b) back
q) quit
Enter choice [b]: q
Now let’s run the OpenDJ control-panel GUI utility (in the same location as dsconfig), and create a test People OU under our base DN:
Next, add a test user account to the People OU: fill out the First Name, Last Name, Common Name, User ID, and User Password fields, then save changes:
Now, edit the test account’s Object Class, and add the posixAccount object class to it. Fill out the gidNumber, homeDirectory and uidNumber fields as follows:
OpenDJ is now configured. Let’s set up our Ubuntu client.
Install and configure a fresh Ubuntu 10.04 x86 virtual machine
Create a new Ubuntu 10.04 x86 VM. The default NAT networking mode for the VM works fine. For the administrative account created during OS installation, pick a username that won’t exist in OpenDJ (e.g. “pcadmin” or something).
Once Ubuntu has been installed, run a full software update . Following this, install the VirtualBox guest additions, then restart the VM.
Install libnss-ldap and dependencies
Log in with the administrative account created during installation, then use Synaptic Package Manager to install the libnss-ldap package. The packages dependent on libnss-ldap will be also downloaded and installed automatically:
During installation of the packages, you will be prompted for the location of your LDAP server: point at IP address of the host system using the ldap:// format. Other settings may be left at defaults as illustrated in the following, but be sure to change the search base to dc=example,dc=com, and the LDAP root account to cn=Directory Manager:
Manually edit the PAM LDAP configuration file
After installation of libnss-ldap and its dependencies, manually edit /etc/ldap.conf and comment out this line:
pam_password md5
If you are using a non-default port for LDAP connectivity (e.g. port 1389), then append this as part of the LDAP server address entry in /etc/ldap.conf. Look for the uncommented uri entry with the address of your LDAP server, then append the port number to it. In my case, this looks like:
# Another way to specify your LDAP server is to provide an uri ldap://192.168.51.2:1389
I encountered authentication problems when attempting to set an alternate port number at the following section in /etc/ldap.conf, so leave this as-is (i.e. commented out):
# The port. # Optional: default is 389. #port 389
Edit PAM service configuration files
Change directory to /etc/pam.d, and edit the files common-account, common-auth, common-password and common-session, commenting out or removing the existing entries and replacing them with the following entries respectively:
In common-account:
account sufficient pam_ldap.so account required pam_unix.so
In common-auth:
auth sufficient pam_ldap.so auth required pam_unix.so nullok_secure use_first_pass
In common-password:
password sufficient pam_ldap.so nullok password required pam_unix.so nullok obscure min=4 max=8 md5
In common-session:
session required pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_unix.so session optional pam_ldap.so
Manually edit the name service switch file
Next, change the passwd, group, and shadow entries in /etc/nsswitch.conf from this:
passwd: compat group: compat shadow: compat
to this:
passwd: files ldap group: files ldap shadow: files ldap
Finally, reboot the VM. Ubuntu is now configured.
Test LDAP logins to the Ubuntu VM
After rebooting Ubuntu, you should now be able to log in using the test LDAP account you created. A home directory and GNOME environment will be created automatically on login.
