Fmota Tech

Hi Stefano.

Did you install nslcd by it self or in companion with libnss-ldapd and libpam-ldapd?

How does your /etc/nsswitch.conf look like? Here are the relevant lines from mine:

passwd: files ldap group: files ldap shadow: files ldap

You need libnss-ldapd for the “ldap” rule in the lines above.

This is unnecessary, nslcd functions fine without a DN.

Looks like LDAP can’t find the DN in the repository. Can you log in manually as this user?

server$ ldapsearch -xW -D “uid=nslcd_proc,ou=System,dc=amahoro,dc=bi” -H ldapi:///

Do you have a slapd.conf? Have you compiled it from source or installed as a Debian package?

server$ apt-cache policy slapd

I’ve got:

slapd: Installed: 2.4.23-7.2 Candidate: 2.4.23-7.2 Version table: *** 2.4.23-7.2 0 700 http://ftp.no.debian.org/debian/ squeeze/main amd64 Packages 100 /var/lib/dpkg/status

AFAIK the openldap server (binary package is called slapd in Debian) packaged no longer use that file. Instead the config is stored in a LDAP repository (/etc/ldap/slapd.d) and modified by using LDIF-files.

We are using Tribes in Axis2. In a cluster, we want to have leader election, and one member to be designated as the coordinator. How can this be achieved using Tribes?

Thanks Azeez

Dear users,

I have observed some tricky problem with environtment variable COLUMNS during the starting of apache2-2.2.21

Sometimes this variable is set to more then 80 characters and higher variable causes problems with CGI scripts which check ps output

Do you have any idea why this variable is set to more then 80 characters and how to unset them?

Thank you in advance

Informativa art. 13 d.lgs. 196/2003 ShowTime Agency -Titolare del trattamento – ha estratto i vostri dati ( Ragione Sociale, indirizzo, telefono, fax se presente, indirizzo e-mail se presente) da elenchi telefonici e/o altri elenchi pubblici, da materiale pubblicitario, da indagini di mercato, dal vostro sito web. I dati personali in oggetto verranno utilizzati esclusivamente da Associazione Assointesa e dai suoi incaricati nell’ambito di ricerche di mercato, comunicazioni a vario titolo e per operazioni di permission marketing. Il trattamento e la conservazione dei dati personali raccolti sono attuati adottando misure tecniche, procedurali ed organizzative finalizzate al rispetto della loro riservatezza. L’interessato ha la possibilità di esercitare i diritti espressi nell’art.7 del d.lgs. 196/03 fra i quali si ricorda, ad esempio, il diritto a richiedere la conferma dell’esistenza o meno dei dati personali che lo riguardano, nonché l’aggiornamento, la rettifica, la cancellazione oppure, qualora vi abbia interesse, l’integrazione degli stessi.

Hi,

I am attempting to set up apache and tomcat together for the first time on a new machine using some existing configuration files. I am not sure what is happening but it looks like apache is just serving up all files so when i acccess a jsp file I get the source as if tomcat never executed it.

I have installed the following versions of software:

httpd 2.4.2 Tomcat connectors 1.2.35 Tomcat 7.0.27

Below are the mod_jk config (workers.properties and mod_jk.conf) files I am currently trying to get working if there is anything else that is needed then I can include this. My worker softcat1 is defined in my server.xml for tomcat.

Tomcat works on its own if I access it directly and it does run the jsp files ok, it just seems to be when I try via apache.

I have included my httpd.conf in case it is needed:

ServerTokens Prod

ServerRoot “/etc/httpd”

PidFile run/httpd.pid

Timeout 120

KeepAlive Off

MaxKeepAliveRequests 100

KeepAliveTimeout 15

StartServers 8 MinSpareServers 5 MaxSpareServers 20 ServerLimit 1024 #ServerLimit 50 MaxClients 1024 #MaxClients 50 MaxRequestsPerChild 4000

StartServers 2 MaxClients 150 MinSpareThreads 25 MaxSpareThreads 75 ThreadsPerChild 25 MaxRequestsPerChild 0

LoadModule access_compat_module modules/mod_access_compat.so LoadModule authz_core_module modules/mod_authz_core.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_anon_module modules/mod_authn_anon.so LoadModule authn_dbm_module modules/mod_authn_dbm.so LoadModule auth_digest_module modules/mod_auth_digest.so LoadModule ldap_module modules/mod_ldap.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.so LoadModule include_module modules/mod_include.so LoadModule log_config_module modules/mod_log_config.so LoadModule env_module modules/mod_env.so LoadModule mime_magic_module modules/mod_mime_magic.so LoadModule cern_meta_module modules/mod_cern_meta.so LoadModule expires_module modules/mod_expires.so LoadModule deflate_module modules/mod_deflate.so LoadModule headers_module modules/mod_headers.so LoadModule usertrack_module modules/mod_usertrack.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule mime_module modules/mod_mime.so LoadModule dav_module modules/mod_dav.so LoadModule status_module modules/mod_status.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule asis_module modules/mod_asis.so LoadModule info_module modules/mod_info.so LoadModule dav_fs_module modules/mod_dav_fs.so LoadModule vhost_alias_module modules/mod_vhost_alias.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule dir_module modules/mod_dir.so LoadModule imagemap_module modules/mod_imagemap.so LoadModule actions_module modules/mod_actions.so LoadModule speling_module modules/mod_speling.so LoadModule userdir_module modules/mod_userdir.so LoadModule alias_module modules/mod_alias.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_ftp_module modules/mod_proxy_ftp.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule cache_module modules/mod_cache.so LoadModule suexec_module modules/mod_suexec.so #LoadModule disk_cache_module modules/mod_disk_cache.so LoadModule file_cache_module modules/mod_file_cache.so #LoadModule mem_cache_module modules/mod_mem_cache.so LoadModule cgi_module modules/mod_cgi.so LoadModule version_module modules/mod_version.so LoadModule socache_shmcb_module modules/mod_socache_shmcb.so LoadModule unixd_module modules/mod_unixd.so

Include conf.d/*.conf

User apache Group apache

ServerAdmin root@localhost

UseCanonicalName Off

DocumentRoot “/var/webapps”

Options FollowSymLinks AllowOverride None

Options Indexes FollowSymLinks

AllowOverride None

Order allow,deny Allow from all

UserDir disable

DirectoryIndex index.html index.html.var

AccessFileName .htaccess

Order allow,deny Deny from all

TypesConfig /etc/mime.types

DefaultType text/plain

# MIMEMagicFile /usr/share/magic.mime MIMEMagicFile conf/magic

HostnameLookups Off

ErrorLog logs/error_log

LogLevel warn

LogFormat “%h %l %u %t “%r” %>s %b “%{Referer}i” “%{User-Agent}i”" combined LogFormat “%h %l %u %t “%r” %>s %b” common LogFormat “%{Referer}i -> %U” referer LogFormat “%{User-agent}i” agent

CustomLog logs/access_log combined

ServerSignature Off

Alias /icons/ “/var/www/icons/”

Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all

# Location of the WebDAV lock database. DAVLockDB /var/lib/dav/lockdb

ScriptAlias /cgi-bin/ “/var/www/cgi-bin/”

AllowOverride None Options None Order allow,deny Allow from all

IndexOptions FancyIndexing VersionSort NameWidth=*

AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip

AddIconByType (TXT,/icons/text.gif) text/* AddIconByType (IMG,/icons/image2.gif) image/* AddIconByType (SND,/icons/sound2.gif) audio/* AddIconByType (VID,/icons/movie.gif) video/*

AddIcon /icons/binary.gif .bin .exe AddIcon /icons/binhex.gif .hqx AddIcon /icons/tar.gif .tar AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip AddIcon /icons/a.gif .ps .ai .eps AddIcon /icons/layout.gif .html .shtml .htm .pdf AddIcon /icons/text.gif .txt AddIcon /icons/c.gif .c AddIcon /icons/p.gif .pl .py AddIcon /icons/f.gif .for AddIcon /icons/dvi.gif .dvi AddIcon /icons/uuencoded.gif .uu AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl AddIcon /icons/tex.gif .tex AddIcon /icons/bomb.gif core

AddIcon /icons/back.gif .. AddIcon /icons/hand.right.gif README AddIcon /icons/folder.gif ^^DIRECTORY^^ AddIcon /icons/blank.gif ^^BLANKICON^^

DefaultIcon /icons/unknown.gif

ReadmeName README.html HeaderName HEADER.html

IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

AddLanguage ca .ca AddLanguage cs .cz .cs AddLanguage da .dk AddLanguage de .de AddLanguage el .el AddLanguage en .en AddLanguage eo .eo AddLanguage es .es AddLanguage et .et AddLanguage fr .fr AddLanguage he .he AddLanguage hr .hr AddLanguage it .it AddLanguage ja .ja AddLanguage ko .ko AddLanguage ltz .ltz AddLanguage nl .nl AddLanguage nn .nn AddLanguage no .no AddLanguage pl .po AddLanguage pt .pt AddLanguage pt-BR .pt-br AddLanguage ru .ru AddLanguage sv .sv AddLanguage zh-CN .zh-cn AddLanguage zh-TW .zh-tw

LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW

ForceLanguagePriority Prefer Fallback

AddDefaultCharset UTF-8

AddCharset ISO-8859-1 .iso8859-1 .latin1 AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen AddCharset ISO-8859-3 .iso8859-3 .latin3 AddCharset ISO-8859-4 .iso8859-4 .latin4 AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk AddCharset ISO-2022-JP .iso2022-jp .jis AddCharset ISO-2022-KR .iso2022-kr .kis AddCharset ISO-2022-CN .iso2022-cn .cis AddCharset Big5 .Big5 .big5 # For russian, more than one charset is used (depends on client, mostly): AddCharset WINDOWS-1251 .cp-1251 .win-1251 AddCharset CP866 .cp866 AddCharset KOI8-r .koi8-r .koi8-ru AddCharset KOI8-ru .koi8-uk .ua AddCharset ISO-10646-UCS-2 .ucs2 AddCharset ISO-10646-UCS-4 .ucs4 AddCharset UTF-8 .utf8

AddCharset GB2312 .gb2312 .gb AddCharset utf-7 .utf7 AddCharset utf-8 .utf8 AddCharset big5 .big5 .b5 AddCharset EUC-TW .euc-tw AddCharset EUC-JP .euc-jp AddCharset EUC-KR .euc-kr AddCharset shift_jis .sjis

AddType application/x-compress .Z AddType application/x-gzip .gz .tgz

AddHandler imap-file map

AddHandler type-map var

AddType text/html .shtml AddOutputFilter INCLUDES .shtml

Alias /error/ “/var/www/error/”

AllowOverride None Options IncludesNoExec AddOutputFilter Includes html AddHandler type-map var Order allow,deny Allow from all LanguagePriority en es de fr ForceLanguagePriority Prefer Fallback

BrowserMatch “Mozilla/2″ nokeepalive BrowserMatch “MSIE 4.0b2;” nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch “RealPlayer 4.0″ force-response-1.0 BrowserMatch “Java/1.0″ force-response-1.0 BrowserMatch “JDK/1.0″ force-response-1.0

BrowserMatch “Microsoft Data Access Internet Publishing Provider” redirect-carefully BrowserMatch “^WebDrive” redirect-carefully BrowserMatch “^WebDAVFS/1.[012]” redirect-carefully BrowserMatch “^gnome-vfs” redirect-carefully

LoadModule jk_module modules/mod_jk.so Include /etc/httpd/conf/mod_jk.conf

NameVirtualHost sfta.npfit.nhs.uk:443

RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE [OR] RewriteCond %{REQUEST_METHOD} ^TRACK RewriteRule .* – [F]

RewriteCond %{REQUEST_URI} ^(.*)//(.*)$ RewriteRule . %1/%2 [R=301,L]

SSLEngine on

ServerName sfta.x.x.x

DocumentRoot “/var/webapps/”

ErrorLog logs/error_sft_log CustomLog logs/access_sft_log combined ErrorDocument 404 /sft/error404.html ErrorDocument 503 /sft/error503.html

SSLProtocol ALL -SSLv2 SSLCipherSuite HIGH:MEDIUM

SSLCertificateFile /etc/httpd/conf/ssl.crt/SFTA.crt

SSLCertificateKeyFile /etc/httpd/conf/ssl.crt/SFTA.key

SSLOptions +StdEnvVars +ExportCertData SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 SSLOptions +StdEnvVars +ExportCertData SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128

# SSL Protocol Adjustments: # The safe and default but still SSL/TLS standard compliant shutdown # approach is that mod_ssl sends the close notify alert but doesn’t wait for # the close notify alert from client. When you need a different shutdown # approach you can use one of the following variables: # o ssl-unclean-shutdown: # This forces an unclean shutdown when the connection is closed, i.e. no # SSL close notify alert is send or allowed to received. This violates # the SSL/TLS standard but is needed for some brain-dead browsers. Use # this when you receive I/O errors because of the standard approach where # mod_ssl sends the close notify alert. # o ssl-accurate-shutdown: # This forces an accurate shutdown when the connection is closed, i.e. a # SSL close notify alert is send and mod_ssl waits for the close notify # alert of the client. This is 100% SSL/TLS standard compliant, but in # practice often causes hanging connections with brain-dead browsers. Use # this only for browsers where you know that their SSL implementation # works correctly. # Notice: Most problems of broken clients are also related to the HTTP # keep-alive facility, so you usually additionally want to disable # keep-alive for those clients, too. Use variable “nokeepalive” for this. # Similarly, one has to force some clients to use HTTP/1.0 to workaround # their broken HTTP/1.1 implementation. Use variables “downgrade-1.0″ and # “force-response-1.0″ for this. SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0

# Per-Server Logging: # The home of a custom SSL log file. Use this when you want a # compact non-error SSL logfile on a virtual host basis. CustomLog logs/ssl_request_nww.sft.nhs.uk_log “%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x “%r” %b”

#Disable Apache supporting HTTP TRACE RewriteEngine On RewriteCond %{REQUEST_METHOD} ^TRACE [OR] RewriteCond %{REQUEST_METHOD} ^TRACK RewriteRule .* – [F]

# Remove multiple slashes anywhere in URL RewriteCond %{REQUEST_URI} ^(.*)//(.*)$ RewriteRule . %1/%2 [R=301,L]

#The TraceEnable command isn’t available on this version of apache #TraceEnable Off

Mod_jk.conf

JkWorkersFile /etc/httpd/conf/workers.properties JkLogFile /var/log/httpd/mod_jk.log JkLogLevel error

JkExtractSSL On

JkHTTPSIndicator HTTPS

JkSESSIONIndicator SSL_SESSION_ID

JkCIPHERIndicator SSL_CIPHER

Alias /sft “/var/webapps/sft” Options Indexes FollowSymLinks

JkMount /sft/* loadbalancer

JkUnMount /*.html loadbalancer

AllowOverride None deny from all

My workers.properties file:

workers.apache_log=/var/log/httpd/

workers.tomcat_home=/var/tomcat

workers.java_home=/usr/java/latest

ps=/

worker.list=softcat1, loadbalancer

worker.softcat1.port=8009 worker.softcat1.host=localhost worker.softcat1.type=ajp13 worker.softcat1.lbfactor=100

worker.loadbalancer.type=lb worker.loadbalancer.balanced_workers=softcat1

If anyone has any ideas about what is wrong in the config I would be very grateful as I have spent hours trying to get this to work to no avail.

Thanks

Dear All,

when indexing an object I create a document that contains a field called title. I set the boost of that field to 60. After the indexing was complete I checked the document using luke. The norm field for it contained 40. Shouldn’t this column (the field norm) contain the boost that was set at indexing time?

Thanks in advance, Ákos Tajti

On 2012-04-20 14:37:11 +0000, Camaleón wrote:

What do you mean by site security? AFAIK, the problem is a *host* security problem.

Your last questions make no sense. The sample scripts are *not* in these two packages, but under /usr/share/doc! So, there is nothing to fix in the sample scripts themselves. The fix should be in the two packages, which shouldn’t execute scripts stored in a random directory, i.e. the scripts in /usr/share/doc should just be seen as text files. This should be a bit like CGI’s: they are executed only if the ExecCGI option has been set on the directory.

The exact error message during ./config_nice (of a working 2.2 installation on another machine) is

Bundled APR requested but not found at ./srclib/. Download and unpack the corresponding apr and apr-util packages to ./srclib/.

I went to http://apr.apache.org/download.cgi and downloaded apr-1 and apr-util.

As for apr-1, I found a a setup for building (configure, make etc.) which appeared to be successful. Nowhere did I see anything to “unpack to srclib”

As for apr-util, I can’t build because

configure: error: APR could not be located. Please use the –with-apr option.

This option requires a “path to installed APR or the full path to apr-config”

So I seem to be going around in circles and any help would of course be appreciated.

Bernard Higonnet

Hi, We are developing an web application that uses Struts2 + Tiles + JSP, plus Dojo for the UI. The application uses the JSON plugin, since we do a lot of interactions through AJAX calls using JSON. We are also building a thick client that will only uses JSON to communicate with the server. It will invocate Struts2 actions to retrieve information, and those actions will provide a JSON result with the information solicited. Some of those communications will download list of thinks (list of documents for the user, for example).

The thing is that we want to avoid duplications of code, so in order to reuse those actions that produce JSON for the thick client, we are using those same actions to get the same information for the browser. We have made the pages compatible with that; the browser uses AJAX calls to call those actions and show the retrieved information. But that also implies a lot of HTTP connections to the server, which we would like to avoid.

The way we have thought to avoid those extra communications is to use the tag on the JSP. That way the action is invoked inline from the presentation layer, and the information(the JSON returned by the action) incorporated on the JSP and sent to the browser, where the UI is created with Dojo and shown to the user.

The only problem I see is that the list of interceptors is fully executed when calling those actions from the JSP. It makes sense, of course, but that also add a lot of overhead I woiuld like to avoid.

Does anyone see some obviouse flaw on this design? Is there a better way to provide that JSON information without duplicating code and avoiding the overhead?

Thanks