Replication setting for OpenAM & OpenLDAP

probably !!

$ vi /tmp/repl_server_1.ldif
# replace ServerID
dn: cn=config
changetype: modify
replace: olcServerID
olcServerID: 1

# mirror mode setup
dn: olcDatabase={2}bdb,cn=config
changetype: modify
add: olcSyncRepl
olcSyncRepl: rid=001 provider=ldap://openam002.mart-eim.com searchbase="dc=sso,dc=mart-eim,dc=com" schemachecking=on bindmethod=simple binddn="cn=Manager,dc=sso,dc=mart-eim,dc=com" credentials=$LDAP_ROOT_PW type=refreshAndPersist retry="60 +"
-
add: olcMirrorMode
olcMirrorMode: TRUE

$ ldapadd -x -w $LDAP_ROOT_PW -D cn=config -f /tmp/repl_server_1.ldif

openam v.12.0.0 build error at openam-authentication/deviceprint/scripts/src/main/requirejs/r.js

It was solved by re- installation of node.js

$ svn co https://svn.forgerock.org/openam/tags/12.0.0-1/openam
$ cd openam
$ export MAVEN_OPTS=-Xmx512m
$ mvn -DskipTests=true clean install
:
[INFO] Running with Node @ node
/home/endo/tmp/openam/openam/openam-authentication/deviceprint/scripts/src/main/requirejs/r.js:2256
if (path.existsSync(url)) {
^
TypeError: undefined is not a function
at Function.req.load (/home/endo/tmp/openam/openam/openam-authentication/deviceprint/scripts/src/main/requirejs/r.js:2256:18)
at resume (/home/endo/tmp/openam/openam/openam-authentication/deviceprint/scripts/src/main/requirejs/r.js:1280:37)
at Object.context.require (/home/endo/tmp/openam/openam/openam-authentication/deviceprint/scripts/src/main/requirejs/r.js:1479:25)
at requirejs (/home/endo/tmp/openam/openam/openam-authentication/deviceprint/scripts/src/main/requirejs/r.js:1681:24)
at /home/endo/tmp/openam/openam/openam-authentication/deviceprint/scripts/src/main/requirejs/r.js:9770:1
at Object.<anonymous> (/home/endo/tmp/openam/openam/openam-authentication/deviceprint/scripts/src/main/requirejs/r.js:9820:2)
at Module._compile (module.js:460:26)
at Object.Module._extensions..js (module.js:478:10)
at Module.load (module.js:355:32)
at Function.Module._load (module.js:310:12)
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary:
:
[INFO] OpenAM SOAP STS .................................... SKIPPED
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 02:56 min
[INFO] Finished at: 2015-11-26T06:14:05+09:00
[INFO] Final Memory: 155M/461M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal com.github.mcheely:requirejs-maven-plugin:2.0.0:optimize (default) on project openam-auth-deviceprint-scripts: r.js exited with an error. -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR] mvn <goals> -rf :openam-auth-deviceprint-scripts

I re-installed node.js. So I could build OpenAM !!

$ mvn -DskipTests=true clean install
:
[INFO] OpenAM Distribution Diagnostics .................... SUCCESS [ 9.844 s]
[INFO] OpenAM SOAP STS .................................... SUCCESS [ 39.111 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 24:47 min
[INFO] Finished at: 2015-11-26T06:46:40+09:00
[INFO] Final Memory: 174M/490M
[INFO] ------------------------------------------------------------------------
$
$ find . -name "*.war"
./openam-console/target/openam-console-12.0.0-1.war
./openam-server/target/OpenAM-12.0.0-1.war
./openam-distauth/target/OpenAM-DistAuth-12.0.0-1.war
./openam-federation/openam-idpdiscovery-war/target/IDPDiscovery-12.0.0-1.war
./openam-server-only/target/OpenAM-ServerOnly-12.0.0-1.war
./openam-examples/openam-example-clientsdk-war/target/ExampleClientSDK-WAR-12.0.0-1.war
./openam-distribution/openam-distribution-fedlet-unconfigured/target/Fedlet-12.0.0-1.war
./openam-sts/openam-soap-sts/target/openam-soap-sts-12.0.0-1.war
./openam-oauth2-common/oauth2-oidc-test-server/target/oauth2-oidc-provider.war

OpenAM source code moved from svn to git at Oct 2015.

https://wikis.forgerock.org/confluence/display/openam/Build+OpenAM+from+Source

The source code moved from SVN to Git in October 2015. The central git repository is hosted on ForgeRock's Stash server here; https://stash.forgerock.org/projects/OPENAM/repos/openam/browse

https://wikis.forgerock.org/confluence/pages/viewpage.action?pageId=31293718

sending mail by smtp.gmail.com for python

NOTICE !!
https://security.google.com/settings/security/apppasswords

#!/usr/local/bin/python
# -*- coding: utf-8 -*-

import smtplib
from email.MIMEText import MIMEText
from email.Utils import formatdate
from email.Header import Header

SMTP_CONF = {"USER": '????????@gmail.com',
"PASS": '????????',
"HOST": 'smtp.gmail.com',
"PORT": '587',
"CHARSET":'iso-2022-jp'
}
# gmailでsmtpするなら、アプリ専用passwdを発行しましょう
# https://security.google.com/settings/security/apppasswords

def sendMail():
mailTo = ['????????@gmail.com' ]
subject = u'これはテストです'

body = u'''
これはテストです。
本文です。無視して下さい。
'''
msg = MIMEText(body.encode(SMTP_CONF['CHARSET']),
'plain',
SMTP_CONF['CHARSET'])
msg['From'] = SMTP_CONF['USER']
msg['To'] = ','.join(mailTo)
msg['Date'] = formatdate()
msg['Subject'] = Header(subject.encode(SMTP_CONF['CHARSET']), SMTP_CONF['CHARSET'])

smtpobj = smtplib.SMTP(SMTP_CONF['HOST'], SMTP_CONF['PORT'])
smtpobj.ehlo()
smtpobj.starttls()
smtpobj.ehlo()
smtpobj.login(SMTP_CONF['USER'], SMTP_CONF['PASS'])
smtpobj.sendmail(SMTP_CONF['USER'], mailTo, msg.as_string())
smtpobj.close()

sendMail()

https ( ssl ) setting nginx bundled by Raspberry (raspbian)

STEP1 make secret key , public key and certificate

$ sudo su -
# cd /etc/nginx

# openssl genrsa -out server.key 2048
Generating RSA private key, 2048 bit long modulus
...........................+++
............................................................+++
e is 65537 (0x10001)

# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:jp
State or Province Name (full name) [Some-State]:tokyo
Locality Name (eg, city) []:??????
Organization Name (eg, company) [Internet Widgits Pty Ltd]:??????
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:raspi.??????.mydns.jp
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

# openssl rsa -in server.key -out server.key
writing RSA key

# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=jp/ST=tokyo/L=kokubunji/O=??????/CN=raspi.??????.mydns.jp
Getting Private key

STEP2 edit nginx config file

“/etc/nginx/nginx.conf” includes “/etc/nginx/sites-enabled/default”.
You edit /nginx/sites-enabled/default as below.

# server {
# listen 80 default_server;
# listen [::]:80 default_server;

# root /var/www/html;

# index index.html index.htm index.nginx-debian.html;

# server_name _;

# location / {
# # First attempt to serve request as file, then
# # as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
# }
# }

server {
listen 443 ssl;

ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;

ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;

ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

root /var/www/html;

index index.html index.htm index.nginx-debian.html;

server_name _;

location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
}

installing open source antivirus “ClamAV” to debian linux “raspberry”

• http://www.clamav.net/
• http://clamav-jp.osdn.jp/jdoc/clamav.html (in Japanese)

install from src ( REFERENCE )

configure error in raspbian

Raspbian has openssl by default, but I had a configure error as below.

$ wget http://www.clamav.net/downloads/production/clamav-0.98.7.tar.gz
$ tar -zxvf clamav-0.98.7.tar.gz
$ cd clamav-0.98.7/
$ ./configure
:
configure: unable to compile/link with check
checking for libxml2 installation... not found
configure: ****** libxml2 support unavailable
checking for OpenSSL installation... /usr
configure: error: OpenSSL not found.

$ which openssl
/usr/bin/openssl
$ /usr/bin/openssl version
OpenSSL 1.0.1k 8 Jan 2015

So, sudo apt-get install libssl-dev … SUCESS !!

$ sudo apt-get install libssl-dev
$ pwd
/home/endo/tmp/clamav-0.98.7
$ ./configure
$ make
$ make check
$ sudo make install

install from package, again

$ sudo apt-get install clamav

“apt-get install clamav” installs 4 commands.

“freshclam” updates virus database.
“clamscan” scan file or directories.

$ ls -l /usr/bin/*clam*
-rwxr-xr-x 1 root root 79872 Jun 7 01:40 /usr/bin/clambc
-rwxr-xr-x 1 root root 104352 Jun 7 01:40 /usr/bin/clamscan
-rwxr-xr-x 1 root root 79612 Jun 7 01:40 /usr/bin/clamsubmit
-rwxr-xr-x 1 root root 141408 Jun 7 01:40 /usr/bin/freshclam

“apt-get install clamav” starts virus db updater “clamscan”.

And “apt-get install clamav” adduser “clamav”

$ ps -ef | grep clam
clamav 1451 1 2 15:42 ? 00:00:02 /usr/bin/freshclam -d --foreground=true

Config file of freshclam exists in /etc/clamav/freshclam.conf

“apt-get install clamav” setup auto start

$ sudo insserv -s | grep clam
K:01:0 1 6:clamav-freshclam
S:02:2 3 4 5:clamav-freshclam

$ find /etc/ -name "*clamav-freshclam*"
/etc/init.d/clamav-freshclam
/etc/rc0.d/K01clamav-freshclam
/etc/rc1.d/K01clamav-freshclam
/etc/rc2.d/S02clamav-freshclam
/etc/rc3.d/S02clamav-freshclam
/etc/rc4.d/S02clamav-freshclam
/etc/rc5.d/S02clamav-freshclam
/etc/rc6.d/K01clamav-freshclam
/etc/network/if-down.d/clamav-freshclam-ifupdown
/etc/network/if-up.d/clamav-freshclam-ifupdown
/etc/ppp/ip-up.d/clamav-freshclam-ifupdown
/etc/ppp/ip-down.d/clamav-freshclam-ifupdown

“apt-get install clamav” setup logrotate.d

$ find /etc/ -name "*clamav-freshclam*"
:
/etc/logrotate.d/clamav-freshclam

scan test

getting sample virus file

$ wget http://www.eicar.org/download/eicar.com
$ wget http://www.eicar.org/download/eicar.com.txt
$ wget http://www.eicar.org/download/eicar_com.zip
$ wget http://www.eicar.org/download/eicarcom2.zip

scan test

$ /usr/bin/clamscan --infected --remove \
--recursive /home/endo/tmp/TEST_VIRUS
/home/endo/tmp/TEST_VIRUS/eicar_com.zip: Eicar-Test-Signature FOUND
/home/endo/tmp/TEST_VIRUS/eicar_com.zip: Removed.
/home/endo/tmp/TEST_VIRUS/eicar.com: Eicar-Test-Signature FOUND
/home/endo/tmp/TEST_VIRUS/eicar.com: Removed.
/home/endo/tmp/TEST_VIRUS/eicar.com.txt: Eicar-Test-Signature FOUND
/home/endo/tmp/TEST_VIRUS/eicar.com.txt: Removed.
/home/endo/tmp/TEST_VIRUS/eicarcom2.zip: Eicar-Test-Signature FOUND
/home/endo/tmp/TEST_VIRUS/eicarcom2.zip: Removed.

----------- SCAN SUMMARY -----------
Known viruses: 4113772
Engine version: 0.98.7
Scanned directories: 1
Scanned files: 4
Infected files: 4
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 173.278 sec (2 m 53 s)

clamscan needs long scan time …

So I un-installed clamav.

$ sudo apt-get --purge remove clamav*

auto start nginx in debian linux ( raspberry pi )

$ cd /etc/init.d
$ sudo update-rc.d nginx defaults

If you remove autostart nginx , you should execute as below.

$ sudo update-rc.d -f nginx remove

connecting “Raspberry Pi” to “Aterm WR8165N” via wifi

STEP1) edit wpa_supplicant.conf

$ sudo vi /etc/wpa_supplicant/wpa_supplicant.conf

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
network = {
  ssid="aterm-f6beb2-g"
  psk="YourPassword"
  proto=WPA2
  key_mgmt=WPA-PSK
  pairwise=CCMP
}

STEP2) ifup … but “wpa_supplicant.conf” parse error

$ sudo ifup wlan0
wpa_supplicant: /sbin/wpa_supplicant daemon failed to start
run-parts: /etc/network/if-pre-up.d/wpasupplicant exited with return code 1
Failed to bring up wlan0.

$ sudo wpa_supplicant -Dwext -iwlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf
Successfully initialized wpa_supplicant
Line 3: unknown global field 'network = {'.
Line 3: Invalid configuration line 'network = {'.
  :
Line 9: unknown global field '}'.
Line 9: Invalid configuration line '}'.
Failed to read or parse configuration '/etc/wpa_supplicant/wpa_supplicant.conf'.

Setting file “wpa_supplicant.conf” is sensitive.
Both sides of the space ” ” of “=” is not required.

BAD) network = {
GOOD)network={

STEP2?) ifup again…Success!!

$ sudo ifup wlan0
ioctl[SIOCSIWAP]: Operation not permitted
ioctl[SIOCSIWENCODEEXT]: Invalid argument
ioctl[SIOCSIWENCODEEXT]: Invalid argument

Since no effect on the WIFI, I ignored the ioctl error.

overload::constant can reduce “Illegal division by zero” error in perl

Divided by zero error is easy to occur , but this error has a large impacct and leads to kill process (die).

overload::constant can change force error to graceful error.

#!/usr/local/bin/perl
use strict;
use warnings;
use utf8;
use Math::BigInt;
use Math::BigFloat;
use Data::Dumper;
BEGIN {
    overload::constant
            (integer => sub {return Math::BigInt->new(shift)},
             float   => sub {return Math::BigFloat->new(shift)});
}

main();

sub main {

    for my $vals ([2,  1  ],[2,  0  ],
                  [2.1,1  ],[2.1,0  ],
                  [2,  1.0],[2,  0.0]){
        print "$vals->[0] / $vals->[1] = " , $vals->[0] / $vals->[1] , "\n";
    }
}

__END__

$ ./foo3.pl 
2 / 1 = 2
2 / 0 = inf
2.1 / 1 = 2.1
2.1 / 0 = inf
2 / 1 = 2
2 / 0 = inf

refer to

http://perldoc.perl.org/overload.html
http://perldoc.jp/docs/perl/5.6.1/overload.pod
http://argrath.ub32.org/perldocjp/5.10.0/overload.html
http://blog.livedoor.jp/sasata299/archives/51266745.html

https proxy server by nginx for windows

STEP 0

Get nginx and openssl for win.
http://nginx.org/en/docs/windows.html
https://slproweb.com/products/Win32OpenSSL.html

STEP 1

Edit nginx.conf , as below.

daemon off;
worker_processes  1;
error_log  logs/error.log;

events {
       worker_connections  1024;
}

# cd $NGINX_DIR
# nginx.exe -c conf/nginx_https_proxy.conf
# edit c:\windows\system32\drivers\etc\hots
#   127.0.0.1          www.example.com
#   (You don't need setting proxy in browser.)

http {
    log_format proxylog '$remote_addr [$time_local] $server_name:$server_port -> $upstream_addr "$request" $status';
    access_log  logs/access.log  proxylog;

    ssl_certificate      c:/home/endo/tmp/nginx-1.9.6/conf/server.crt;
    ssl_certificate_key  c:/home/endo/tmp/nginx-1.9.6/conf/server.key;
    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;

    #### HTTP GET https://fan.smart-heim.com

    server {
        listen 443 ssl;
        server_name www.emample.com;

        # 認証コンテンツ(tomcat)
        location / {
          proxy_set_header        Host www.emample.com;
          proxy_set_header        X-Real-IP $remote_addr;
          proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header        X-Forwarded-Proto $scheme;
          proxy_read_timeout      90;

          proxy_pass      http://183.79.11.230:80;
          proxy_redirect  http://183.79.11.230  https://www.emample.com;
        }

    }
}

STEP 2

Start nginx

DOS> cd \home\endo\tmp\nginx-1.9.6
DOS> nginx.exe -c conf/nginx_https_proxy.conf

STEP 3

Edit c:\windows\system32\drivers\etc\hots

127.0.0.1          www.example.com

You don’t need setting proxy in browser.