During the last couple of weeks I’ve been working on getting a central directory setup for my client, running on OpenLDAP 2.4. Not having worked with LDAP a lot before it proved quite a challenge, especially getting Solaris 10 to work with the LDAP server without any glitches.
In this document I’ll try and describe how this setup was made, because I have been unable to find a single consistent document describing all the intricate details.
At this time I have all my problems fixed (AFAIK), but during the setup phase I experienced various problems:
Solaris 10 not seeing any users from LDAP
Solaris seeing users, but not letting them log in
Log-in working from console, but not ssh
Passwordless login (pubkey) not working in SUN-SSH
Users being able to hack extra permissions for themselves
The entire article has been moved to a more permanent location, as a page on this site. You can find it under the ‘Pages’ header on the right. Setting up ldap
JoikuSpot Light is an application for Symbian S60 devices (like the Nokia E70) which will turn your gprs/umts mobile phone into a WiFi hotspot. The free ‘light’ version of Joikuspot only allows HTTP and HTTPS connections, by proxying them. I always like to possibility to use SSH, and other protocols, so I tried to use proxytunnel to connect with ssh. I couldn’t get a connection working, while regular HTTPS traffic from my browser to a banking-site worked perfectly.
After playing around a bit with Wireshark, netcat and proxytunnel I found out that the Joikuspot accesspoint will only proxy connections created with the HTTP/1.1 protocol, and not with the 1.0 protocol.
Proxytunnel only uses 1.0 connections, and netcat would also not work when using ‘-X connect’ proxy support. Proxytunnel was quickly fixed to use the 1.1 protocol, as I don’t think there are any proxies out there that do not support 1.1, I expect this won’t have any side-effects.
So, if you are a proxytunnel user, please test the current subversion snapshot (r248) and report any regressions/issues to the proxytunnel list. If you are a JoikuSpot user, please try out this new proxytunnel version, as it should now work with your mobile accesspoint.
Tomorrow, wednesday August 13th, I’ll be giving a short talk about Proxytunnel at the OpenCommunityCamp. If you are interested, and have time, please drop by in Oegstgeest, as everyone is welcome and it is free (as in beer and speech).
Always nice that by fixxing 1 problem, you also fix another. Cygwin had some issues with getpass not working quite right, but I had no haste in fixing that, since there were multiple work-arounds. This morning I got a mail from someone who had some other problems with getpass, only this time on HP-SUX and Slowaris, which limit the password size to 8 characters… (how modern and state-of-the-art). So a short search through my home-dir got me readpassphrase.c from openssh‘s openbsd-compat directory. Some hacking later I had a tested and working getpass replacement (getpass_x, just for sake of simplicity) hacked into the developer cvs tree. I’ve tested it on linux and cygwin, and noticed it fixed the old cygwin problem too 😉 *great*. I’ll probably release it as soon as the user that reported it lets me know it works on hp and sun. In the mean time, pray that the public cvs has been updated, or bug me for it 🙂
So, I arrived in Brussels yesterday morning to attend FOSDEM. There were some interesting lectures, and I spent quite some time hacking on proxytunnel, since there was no internet connectivity. This morning I finally got a half-decent wifi-connection that actually routes packets so I could finally update the cvs-tree and read up on my mail and weblog 🙂
I tried looking for a club or something yesterday evening, because the hotel sucks and there is really nothing to do in the evenings at fosdem. I spent about 2-3 hours walking around the center of brussels, looking for somewhere nice, but I didn’t manage to find anything. Then I needed to find my car again which took quite some time (walking in completely the wrong direction…). Brussels is really hell on directions and traffic… I’m lucky to have a nav-system in my pocket, or I would never find my way here.
Today is the last day of fosdem, so a few more lectures and then it’s time to get something to eat and head back north 😉
Ok, I think we’ve tested about enough now… no significant changes for 2 weeks, no minor changes for a week…. yeah… this product is ready for release. I’ve written some release notes, mailing-list posts, website updates, news-items and known-issues, created and signed the software tarball and uploaded the whole shebang to sourceforge. So there it is… go grab it and make your proxy-admins lose more hair worrying how they are gonna stop you now. (hint, protocol inspection no longer works for them).
This week I put in a lot of time on getting proxytunnel in a releasable state. Lots of patches are incorporated, lots of testing has been done, makefiles have been updated, new webpages created, blog-postings, lot’s of e-mails, a call-for-testing and some sourceforge magic. So, you, the one reading this, visit the ProxytunnelWebsite, read what it does, download it, compile if required, and (ab)use it.