Welcome to my *NIX / Storage / Virtualization blog.

Hello everybody!


Welcome to Loveforunix blog!!

Unix has been part of my life for a lot of years. This blog is related to UNIX and IT world. I want to share my experiences of almost 20 years  on UNIX / Linux / Storage / Virtualization and other stuff.  You are free to analyze and discuss the various issues with me.

I’ll try to post what I have made and not copy ideas from other people.

I hope you enjoy.

Cheers.

Israel

Posted in Home | 2 Comments

Ethernet tunning for VIOS and AIX for 10 Gib/sec environtement.

I had the pleaseure to setup from scratch an IBM pureflex p270 system, including chassis, ethernet switches, fiber channel switches, FSM, dual VIOS and LPARs. Although, all connections inside pureflex node is at 10 Gbits/sec, this chassis is connected to a 1Gb cisco backbone. Once all components were on production, I found there was an additional setup on ethernets devices to approach maximum speed inside the p270 node. All internal ports of ethernet switches EN4093r were configured to 10Gbits/sec.

Here you can find what tunning I did on VIOS and LPARs.

Let’s tart with VIO servers.

Both vios have two physical interface 10Gb/s. See:

root@vios # lsdev|grep ent|grep 10
ent0        Available 00-00       10GbE 4-port Mezzanine Adapter (a2191007df1033e7)
ent1        Available 00-01       10GbE 4-port Mezzanine Adapter (a2191007df1033e7)

Also both vio servers has on etherchannel adapter ent2 configured on LACP (aggregation).

root@vios # lsdev|grep ent|grep EtherChannel
ent2        Available             EtherChannel / IEEE 802.3ad Link Aggregation

Here’s etherChannel configuration. It was created with two physical adapters ent0 and ent1 and 8023ad mode:

root@vios # lsattr -EHl ent2
attribute       value          description                                     user_settable

adapter_names   ent0,ent1      EtherChannel Adapters                           True
alt_addr        0x000000000000 Alternate EtherChannel Address                  True
auto_recovery   yes            Enable automatic recovery after failover        True
backup_adapter  NONE           Adapter used when whole channel fails           True
hash_mode       src_dst_port   Determines how outgoing adapter is chosen       True
interval        long           Determines interval value for IEEE 802.3ad mode True
mode            8023ad         EtherChannel mode of operation                  True
netaddr         0              Address to ping                                 True
noloss_failover yes            Enable lossless failover after ping failure     True
num_retries     3              Times to retry ping before failing              True
retry_time      1              Wait time (in seconds) between pings            True
use_alt_addr    no             Enable Alternate EtherChannel Address           True
use_jumbo_frame no             Enable Gigabit Ethernet Jumbo Frames            True

SEA adapter ent9 was created with Etherchannel en2 and 4 Virtual I/O Ethernet Adapters (ent5,ent6,ent7 and ent8) using ha_mode on sharing, see:

root@vios # lsdev|grep ent|grep Shar
ent9        Available             Shared Ethernet Adapter
root@vios # lsattr -EHl ent9
attribute     value               description                                                        user_settable

accounting    enabled             Enable per-client accounting of network statistics                 True
adapter_reset yes                 Reset real adapter on HA takeover                                  True
ctl_chan      ent3                Control Channel adapter for SEA failover                           True
gvrp          no                  Enable GARP VLAN Registration Protocol (GVRP)                      True
ha_mode       sharing             High Availability Mode                                             True
hash_algo     0                   Hash algorithm used to select a SEA thread                         True
jumbo_frames  no                  Enable Gigabit Ethernet Jumbo Frames                               True
large_receive yes                 Enable receive TCP segment aggregation                             True
largesend     1                   Enable Hardware Transmit TCP Resegmentation                        True
lldpsvc       no                  Enable IEEE 802.1qbg services                                      True
netaddr       0                   Address to ping                                                    True
nthreads      7                   Number of SEA threads in Thread mode                               True
pvid          4000                PVID to use for the SEA device                                     True
pvid_adapter  ent5                Default virtual adapter to use for non-VLAN-tagged packets         True
qos_mode      disabled            N/A                                                                True
queue_size    8192                Queue size for a SEA thread                                        True
real_adapter  ent2                Physical adapter associated with the SEA                           True
send_RARP     yes                 Transmit Reverse ARP after HA takeover                             True
thread        1                   Thread mode enabled (1) or disabled (0)                            True
virt_adapters ent5,ent6,ent7,ent8 List of virtual adapters associated with the SEA (comma separated) True

Virtual adapter ent4 was created to management for vios. VIOS’s IP is setup here.

root@vios # lsdev|grep ent4
ent4        Available             Virtual I/O Ethernet Adapter (l-lan)

Virtual adapter ent3 is the control channel between both vios. See attribute ctl_chan on SEA output above.

root@vios # lsdev|grep ent3
ent3        Available             Virtual I/O Ethernet Adapter (l-lan)

Tunning on VIO server, is done on physical adapters, SEA adapter and on trunk adapters.

For SEA adapter ent9 run this command: (It’s recommended to add these parameters when you create the SEA adapter)

chdev -l ent9 -a large_receive=yes -a largesend=1

Although it’s mnot always necessary, you can increase Min Buffers. (reboot required) ( Please check this with command entstat -d entXX)
For all trunk adapters ent5,ent6,ent7 and ent8 increase Min Buffers

root@vios # chdev -l entXX -a max_buf_tiny=3072 -a min_buf_tiny=2048 -P
root@vios # chdev -l entXX -a max_buf_small=4096 -a min_buf_small=4096 -P
root@vios # chdev -l entXX -a max_buf_medium=2048 -a min_buf_medium=2048 -P
root@vios # chdev -l entXX -a max_buf_large=256 -a min_buf_large=256 -P
root@vios # chdev -l entXX -a max_buf_huge=128 -a min_buf_huge=128 -P

Fpr physical adapters ent0 and ent1, enable largesend, largereceive and flow control (reboot required)

chdev -l ent0 -a flow_control=yes -a large_receive=yes -a large_send=yes -P
chdev -l ent1 -a flow_control=yes -a large_receive=yes -a large_send=yes -P

For LPARs enable largesend, RFC 1323 Window Scaling, Socket Buffer Space for Receiving/Sending on all Virtual Ethernet adapters

chdev -l en0 -a mtu_bypass=on -a rfc1323=1 -a tcp_recvspace=262144 -a tcp_sendspace=262144

Check if all this was enabled with ifconfig -a command.

root@aix # ifconfig -a
en4: flags=1e084863,5c0<UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,GROUPRT,64BIT,CHECKSUM_OFFLOAD(ACTIVE),LARGESEND,CHAIN>
        inet 192.168.1.1 netmask 0xfffffff0 broadcast 192.168.1.250
         tcp_sendspace 262144 tcp_recvspace 262144 rfc1323 1


IMPORTANT NOTE! If your external switch / firewall has ethernet speed below 1 Gbits/sec, you have to disable RFC 1323 Window Scaling 
                on virtual adapters on all AIX (for example,  ifconfig en0 rfc1323 0)
That's it!
Thanks if it was helpful. Thanks.
Posted in AIX, VIO servers | Tagged , , | Leave a comment

Configure log file for cron daemon on AIX.

Cron daemon log in by default on /var/adm/cron/log, but I wanted to put it with all other logs of the system.
All system logs (syslog, mksysb, ftp, http, and so on, are on /var/syslog filesystem, I decided to put cron logs in the same place. Here’s what I did.

Add this lines to the end of file /etc/cronlog.conf

logfile=/var/syslog/cron.log
size=2m
rotate=4
archive=/var/syslog
compress

As cron is started from inittab it will respawn when you kill the PID.

[root@aix:/] cat /etc/inittab|grep cron
cron:23456789:respawn:/usr/sbin/cron

So, just kill cron’s PID (10748102 in this case)

[root@aix:/var/adm/cron] ps -ef|grep cron
    root 10748102        1   0 18:35:42      -  0:00 /usr/sbin/cron

Note also that cron log wil be rotate and compress. See:

[root@bibmnim:/var/adm/cron] ls -ltr /var/syslog/
total 18752
drwxr-xr-x    2 root     system          256 Mar 01 2011  lost+found
-rw-rw-r--    1 root     cron         164711 Apr 21 23:58 cron.log.0.Z
-rw-rw-r--    1 root     cron         165926 Apr 27 12:29 cron.log.1.Z
-rw-rw-r--    1 root     cron         165527 May 03 01:01 cron.log.2.Z
-rw-rw-r--    1 root     cron         164224 May 08 13:45 cron.log.3.Z
-rw-rw-r--    1 root     cron           1493 May 13 18:41 cron.log

That’s it!

Just thanks if the post was helpful🙂

Posted in AIX | Tagged , , | Leave a comment

Find out which port the daemon is using on AIX OS. (similar like command netstat -anp for Linux)

How to find which port TCP or UDP are being used by daemons on AIX OS.

For TCP protocol:

netstat -Aan |grep -E "\*.[0-9].+LISTEN" |awk  '{print $1, substr($5,3)}' |while read socket port
do
  echo "TCP Ports: " $port "--->" $(rmsock $socket tcpcb | grep held | awk -F'proccess|\\(|\\)' '{print "PID:", $2, "CMD:", $3}')
done

See an example:

(aix61):[root] /-> netstat -Aan |grep -E "\*.[0-9].+LISTEN" |awk  '{print $1, substr($5,3)}' |while read socket port
> do
>   echo "TCP Ports: " $port "--->" $(rmsock $socket tcpcb | grep held | awk -F'proccess|\\(|\\)' '{print "PID:", $2, "CMD:", $3}')
> done
TCP Ports:  22 ---> PID: 2883734 CMD: sshd
TCP Ports:  22 ---> PID: 2883734 CMD: sshd
TCP Ports:  23 ---> PID: 4194332 CMD: inetd
TCP Ports:  80 ---> PID: 4260016 CMD: httpd
TCP Ports:  111 ---> PID: CMD:
TCP Ports:  199 ---> PID: 6095056 CMD: snmpdv3ne
TCP Ports:  443 ---> PID: 4260016 CMD: httpd
TCP Ports:  513 ---> PID: 4194332 CMD: inetd
TCP Ports:  514 ---> PID: 4194332 CMD: inetd
TCP Ports:  515 ---> PID: 3735700 CMD: lpd
TCP Ports:  657 ---> PID: 3801282 CMD: rmcd
TCP Ports:  2049 ---> PID: CMD:
TCP Ports:  3901 ---> PID: 3145864 CMD: nimsh
TCP Ports:  5666 ---> PID: 4194332 CMD: inetd
TCP Ports:  6174 ---> PID: 15138912 CMD: clinfo
TCP Ports:  6181 ---> PID: 4194332 CMD: inetd
TCP Ports:  6191 ---> PID: 5046478 CMD: clcomd
TCP Ports:  32768 ---> PID: CMD:
TCP Ports:  32769 ---> PID: CMD:
TCP Ports:  32771 ---> PID: CMD:
TCP Ports:  32778 ---> PID: 6095056 CMD: snmpdv3ne
TCP Ports:  16191 ---> PID: 5046478 CMD: clcomd
TCP Ports:  42112 ---> PID: CMD:

For UDP protocol:

netstat -Aan |grep -E "udp.+\*.[0-9]" |awk  '{print $1, substr($5,3)}' |while read socket port
do
  echo "UDP Ports: " $port "--->" $(rmsock $socket inpcb | grep held | awk -F'proccess|\\(|\\)' '{print "PID:", $2, "CMD:", $3}')
done

See an example:

(aix61):[root] /->  netstat -Aan |grep -E "udp.+\*.[0-9]" |awk  '{print $1, substr($5,3)}' |while read socket port
> do
>   echo "UDP Ports: " $port "--->" $(rmsock $socket inpcb | grep held | awk -F'proccess|\\(|\\)' '{print "PID:", $2, "CMD:", $3}')
> done
UDP Ports:  111 ---> PID: CMD:
UDP Ports:  123 ---> PID: 2556010 CMD: xntpd
UDP Ports:  161 ---> PID: 6095056 CMD: snmpdv3ne
UDP Ports:  514 ---> PID: 4128792 CMD: syslogd
UDP Ports:  657 ---> PID: 3801282 CMD: rmcd
UDP Ports:  2049 ---> PID: CMD:
UDP Ports:  2279 ---> PID: 4194332 CMD: inetd
UDP Ports:  54358 ---> PID: 15138912 CMD: clinfo
UDP Ports:  54359 ---> PID: 15138912 CMD: clinfo
UDP Ports:  6179 ---> PID: 8192182 CMD: hagsd
UDP Ports:  32773 ---> PID: CMD:
UDP Ports:  32793 ---> PID: CMD:
UDP Ports:  32794 ---> PID: CMD:
UDP Ports:  32795 ---> PID: CMD:
UDP Ports:  32833 ---> PID: CMD:
UDP Ports:  32918 ---> PID: 4128792 CMD: syslogd
UDP Ports:  32934 ---> PID: 4128792 CMD: syslogd

Just thanks if the post was helpful🙂

Posted in AIX, tcpip | Tagged , , , , | Leave a comment

Easiest way to install apache (httpd) 2.2 and its dependencies, on AIX 6.1 , in only one step

I want to share with you, how I installed Apache web server (https://www.apache.org/) on AIX 6.1 last week using rpms from http://www.perzl.org/aix/index.php?n=Main.Apache.

Apache (httpd) rpm file for AIX OS, has a lot of dependencies, so I have created a single tar file with all rpm packages dependencies you need to install apache 2.2.29 on AIX.

You can download this install tar file from here:

http://jmp.sh/v/tXhyBrDYFqEZC4IrAGNQ

Now, follow these steps to install apache (httpd) on AIX 6.1 TL9SP4 box.
1- Just untar the file on any directory or filesystem on your system. In our case we’ll use /apache

(aix61):[root] /apache -> tar xvf apache2_aix_install.tar
x .
x ./apr-1.5.1-1.aix5.2.ppc.rpm, 293141 bytes, 573 media blocks.
x ./apr-devel-1.5.1-1.aix5.2.ppc.rpm, 528705 bytes, 1033 media blocks.
x ./apr-util-1.5.4-1.aix5.1.ppc.rpm, 232704 bytes, 455 media blocks.
x ./apr-util-db4-1.5.4-1.aix5.1.ppc.rpm, 11757 bytes, 23 media blocks.
x ./apr-util-devel-1.5.4-1.aix5.1.ppc.rpm, 265394 bytes, 519 media blocks.
x ./apr-util-freetds-1.5.4-1.aix5.1.ppc.rpm, 32022 bytes, 63 media blocks.
x ./apr-util-gdbm-1.5.4-1.aix5.1.ppc.rpm, 12235 bytes, 24 media blocks.
x ./apr-util-ldap-1.5.4-1.aix5.1.ppc.rpm, 15184 bytes, 30 media blocks.
x ./apr-util-odbc-1.5.4-1.aix5.1.ppc.rpm, 59753 bytes, 117 media blocks.
x ./apr-util-sqlite-1.5.4-1.aix5.1.ppc.rpm, 27293 bytes, 54 media blocks.
x ./bash-4.3-12.aix5.1.ppc.rpm, 2095744 bytes, 4094 media blocks.
x ./bzip2-1.0.6-1.aix5.1.ppc.rpm, 122731 bytes, 240 media blocks.
x ./bzip2-devel-1.0.6-1.aix5.1.ppc.rpm, 221194 bytes, 433 media blocks.
x ./db4-4.7.25-2.aix5.1.ppc.rpm, 3054640 bytes, 5967 media blocks.
x ./db4-cxx-4.7.25-2.aix5.1.ppc.rpm, 3030360 bytes, 5919 media blocks.
x ./db4-devel-4.7.25-2.aix5.1.ppc.rpm, 1488021 bytes, 2907 media blocks.
x ./db4-tcl-4.7.25-2.aix5.1.ppc.rpm, 3439979 bytes, 6719 media blocks.
x ./db4-utils-4.7.25-2.aix5.1.ppc.rpm, 274950 bytes, 538 media blocks.
x ./expat-2.1.0-1.aix5.1.ppc.rpm, 389811 bytes, 762 media blocks.
x ./expat-devel-2.1.0-1.aix5.1.ppc.rpm, 57732 bytes, 113 media blocks.
x ./fontconfig-2.10.2-1.aix5.1.ppc.rpm, 1016700 bytes, 1986 media blocks.
x ./fontconfig-devel-2.10.2-1.aix5.1.ppc.rpm, 532241 bytes, 1040 media blocks.
x ./freetds-0.92.79-1.aix5.1.ppc.rpm, 3146280 bytes, 6146 media blocks.
x ./freetds-devel-0.92.79-1.aix5.1.ppc.rpm, 39035 bytes, 77 media blocks.
x ./freetds-doc-0.92.79-1.aix5.1.ppc.rpm, 690428 bytes, 1349 media blocks.
x ./freetype2-2.5.3-1.aix5.1.ppc.rpm, 763223 bytes, 1491 media blocks.
x ./freetype2-demos-2.5.3-1.aix5.1.ppc.rpm, 267996 bytes, 524 media blocks.
x ./freetype2-devel-2.5.3-1.aix5.1.ppc.rpm, 178363 bytes, 349 media blocks.

2- Install all rpms using this command:

(aix61):[root] /apache -> rpm -Uvh *.rpm
apr                         ##################################################
apr-devel                   ##################################################
apr-util                    ##################################################
apr-util-db4                ##################################################
apr-util-devel              ##################################################
apr-util-freetds            ##################################################
apr-util-gdbm               ##################################################
apr-util-ldap               ##################################################
apr-util-odbc               ##################################################
apr-util-sqlite             ##################################################
bash                        ##################################################
bzip2                       ##################################################
bzip2-devel                 ##################################################
db4                         ##################################################
db4-cxx                     ##################################################
db4-devel                   ##################################################
db4-tcl                     ##################################################
db4-utils                   ##################################################
expat                       ##################################################
expat-devel                 ##################################################
fontconfig                  ##################################################
fontconfig-devel            ##################################################
freetds                     ##################################################
freetds-devel               ##################################################
freetds-doc                 ##################################################
freetype2                   ##################################################
freetype2-demos             ##################################################
freetype2-devel             ##################################################
warning: /opt/freeware/info/dir created as /opt/freeware/info/dir.rpmnew
info                        ##################################################
Please check that /etc/info-dir does exist.
You might have to rename it from /etc/info-dir.rpmsave to /etc/info-dir.
gcc                         ##################################################
cannot remove /opt/freeware/lib/gcc/powerpc-ibm-aix5.3.0.0/4.2.0/pthread/ppc64 - directory not empty
cannot remove /opt/freeware/lib/gcc/powerpc-ibm-aix5.3.0.0/4.2.0/pthread - directory not empty
cannot remove /opt/freeware/lib/gcc/powerpc-ibm-aix5.3.0.0/4.2.0/ppc64 - directory not empty
gcc-c++                     ##################################################
gcc-cpp                     ##################################################
gdbm                        ##################################################
gdbm-devel                  ##################################################
libgcc                      ##################################################
cannot remove /opt/freeware/lib/gcc/powerpc-ibm-aix5.3.0.0/4.2.0 - directory not empty
cannot remove /opt/freeware/lib/gcc/powerpc-ibm-aix5.3.0.0 - directory not empty
libffi                      ##################################################
libiconv                    ##################################################
glib2                       ##################################################
glib2-devel                 ##################################################
gmp                         ##################################################
gmp-devel                   ##################################################
gnutls                      ##################################################
gnutls-devel                ##################################################
gnutls-utils                ##################################################
3004-686 Group "apache" does not exist.
3004-687 User "apache" does not exist.
httpd                       ##################################################
httpd-devel                 ##################################################
httpd-manual                ##################################################
Please restart your web server using: '/opt/freeware/sbin/apachectl restart'
libXft                      ##################################################
libXft-devel                ##################################################
libXrender                  ##################################################
libXrender-devel            ##################################################
libffi-devel                ##################################################
libgcrypt                   ##################################################
libgcrypt-devel             ##################################################
libgomp                     ##################################################
libgpg-error                ##################################################
libgpg-error-devel          ##################################################
libiconv                    ##################################################
libjpeg                     ##################################################
libjpeg-devel               ##################################################
libmpc                      ##################################################
libmpc-devel                ##################################################
libpng                      ##################################################
libpng-devel                ##################################################
libstdc++                   ##################################################
libstdc++-devel             ##################################################
libtasn1                    ##################################################
libtasn1-devel              ##################################################
libtasn1-tools              ##################################################
libxml2                     ##################################################
libxml2-devel               ##################################################
lua                         ##################################################
lua-devel                   ##################################################
lzo                         ##################################################
lzo-devel                   ##################################################
mod_ssl                     ##################################################
Please restart your web server using: '/opt/freeware/sbin/apachectl restart'
mpfr                        ##################################################
mpfr-devel                  ##################################################
nettle                      ##################################################
nettle-devel                ##################################################
openldap                    ##################################################
openldap-clients            ##################################################
openldap-devel              ##################################################
warning: /var/ssl/openssl.cnf saved as /var/ssl/openssl.cnf.rpmsave
openssl                     ##################################################
openssl-devel               ##################################################
openssl-doc                 ##################################################
p11-kit                     ##################################################
p11-kit-devel               ##################################################
p11-kit-tools               ##################################################
pcre                        ##################################################
pcre-devel                  ##################################################
pkg-config                  ##################################################
python                      ##################################################
python-devel                ##################################################
python-libs                 ##################################################
readline                    ##################################################
readline-devel              ##################################################
renderproto                 ##################################################
sqlite                      ##################################################
sqlite-devel                ##################################################
sqlite-doc                  ##################################################
tcl                         ##################################################
tcl-devel                   ##################################################
tk                          ##################################################
tk-devel                    ##################################################
unixODBC                    ##################################################
unixODBC-devel              ##################################################
xz                          ##################################################
xz-devel                    ##################################################
xz-libs                     ##################################################
xz-lzma-compat              ##################################################
zlib                        ##################################################
zlib-devel                  ##################################################

NOTE: If you got any error from the above command, for example:


(aix61):[root] /apache -> rpm -Uvh *.rpm
package expat-2.1.0-1 is already installed
package expat-devel-2.1.0-1 is already installed

Just, run the same command with –force option, see below:


(aix61):[root] /apache -> rpm -Uvh *.rpm --force

3- That’s it!!

(aix61):[root] /etc/opt -> rpm -qa|grep htt
httpd-2.2.29-2
httpd-devel-2.2.29-2
httpd-manual-2.2.29-2

4- All configuration files are here:

(aix61):[root] /opt/freeware/etc/httpd/conf -> ls -ltr
total 184
-rw-r--r--    1 root     system        53011 Sep 22 2014  mime.types
-rw-r--r--    1 root     system        12958 Sep 22 2014  magic
drwx------    2 root     system          256 Sep 22 2014  ssl.prm
drwx------    2 root     system          256 Sep 22 2014  ssl.csr
drwx------    2 root     system          256 Sep 22 2014  ssl.crl
drwxr-xr-x    3 root     system          256 Apr 27 14:16 original
drwx------    2 root     system          256 Apr 27 14:16 ssl.key
-rw-r--r--    1 root     system        18642 Apr 27 14:16 httpd.conf
drwxr-xr-x    2 root     system         4096 Apr 27 14:16 extra
drwx------    2 root     system          256 Apr 27 14:16 ssl.crt

5- Start apache server.

/opt/freeware/sbin/apachectl restart

Just thanks if the post was helpful🙂

Posted in AIX, apache | Tagged , | Leave a comment

Setup SVN with apache web-frontend authenticating LDAP active directory on AIX. (SVN + Apache + LDAP)

SVN (subversion) is widely use all over the world. Last week I had to setup some SVN repositories on AIX server.
Here’s what I did:
1- Download and install subversion subversion-1.8.5-1.src.rpm from http://www.perzl.org/aix/index.php?n=Main.Subversion
Take into account install all these dependencies for subversion rpm package:

svn_dependencies

Apache web server can be easily installed following this steps:

http://wp.me/p5bweg-3k

Find all details of these dependencies here http://www.perzl.org/aix/index.php?n=Main.Subversion

 

 

After install all dependencies, install subversion rpm file.


aix# rpm -ivh subversion-1.8.5-1.aix5.3.ppc.rpm

2- Apache server (httpd) was already installed before, because it was a dependency of subversion rpm package.
Verify if apache server is installed:

aix# rpm -qa|grep http
httpd-2.2.17-4

3- Create your new SVN repository on a directory or a new filesystem.

aix # svnadmin create /PATH/MYREPO/MYREPO

4- Change apache as owner of this directory or filesystem.

aix # chown -R apache:apache /PATH/MYREPO/MYREPO

5- Verify permission of your repository directory.

aix # ls -l /PATH/MYREPO/MYREPO
total 32
-rw-------    1 apache   apache          229 May 19 13:11 README.txt
drwx------    2 apache   apache          256 May 19 13:11 conf
drwx--S---    6 apache   apache         4096 May 19 13:11 db
-r--------    1 apache   apache            2 May 19 13:11 format
drwx------    2 apache   apache         4096 May 19 13:11 hooks
drwx------    2 apache   apache          256 May 19 13:11 locks

6- Setup apache’s configuration files for subversion.

First, let’s configure apache’s  main file /opt/freeware/etc/httpd/conf/httpd.conf


aix# cat /opt/freeware/etc/httpd/conf/httpd.conf

# This is the main Apache HTTP server configuration file.  It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path.  If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "/var/log/httpd/foo_log"
# with ServerRoot set to "/opt/freeware/etc/httpd" will be interpreted by the
# server as "/opt/freeware/etc/httpd//var/log/httpd/foo_log".

#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path.  If you point
# ServerRoot at a non-local disk, be sure to point the LockFile directive
# at a local disk.  If you wish to share the same ServerRoot for multiple
# httpd daemons, you will need to change at least LockFile and PidFile.
#
ServerRoot "/opt/freeware/etc/httpd"

#
# PidFile: The file in which the server should record its process
# identification number when it starts.
#
PidFile /var/run/httpd.pid

#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80

#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
LoadModule authn_file_module /opt/freeware/lib/httpd/modules/mod_authn_file.so
LoadModule authn_dbm_module /opt/freeware/lib/httpd/modules/mod_authn_dbm.so
LoadModule authn_anon_module /opt/freeware/lib/httpd/modules/mod_authn_anon.so
LoadModule authn_dbd_module /opt/freeware/lib/httpd/modules/mod_authn_dbd.so
LoadModule authn_default_module /opt/freeware/lib/httpd/modules/mod_authn_default.so
LoadModule authz_host_module /opt/freeware/lib/httpd/modules/mod_authz_host.so
LoadModule authz_groupfile_module /opt/freeware/lib/httpd/modules/mod_authz_groupfile.so
LoadModule authz_user_module /opt/freeware/lib/httpd/modules/mod_authz_user.so
LoadModule authz_dbm_module /opt/freeware/lib/httpd/modules/mod_authz_dbm.so
LoadModule authz_owner_module /opt/freeware/lib/httpd/modules/mod_authz_owner.so
LoadModule authz_default_module /opt/freeware/lib/httpd/modules/mod_authz_default.so
LoadModule auth_basic_module /opt/freeware/lib/httpd/modules/mod_auth_basic.so
LoadModule file_cache_module /opt/freeware/lib/httpd/modules/mod_file_cache.so
LoadModule cache_module /opt/freeware/lib/httpd/modules/mod_cache.so
LoadModule disk_cache_module /opt/freeware/lib/httpd/modules/mod_disk_cache.so
LoadModule mem_cache_module /opt/freeware/lib/httpd/modules/mod_mem_cache.so
LoadModule dbd_module /opt/freeware/lib/httpd/modules/mod_dbd.so
LoadModule dumpio_module /opt/freeware/lib/httpd/modules/mod_dumpio.so
LoadModule reqtimeout_module /opt/freeware/lib/httpd/modules/mod_reqtimeout.so
LoadModule ext_filter_module /opt/freeware/lib/httpd/modules/mod_ext_filter.so
LoadModule include_module /opt/freeware/lib/httpd/modules/mod_include.so
LoadModule filter_module /opt/freeware/lib/httpd/modules/mod_filter.so
LoadModule substitute_module /opt/freeware/lib/httpd/modules/mod_substitute.so
LoadModule deflate_module /opt/freeware/lib/httpd/modules/mod_deflate.so
LoadModule log_config_module /opt/freeware/lib/httpd/modules/mod_log_config.so
LoadModule log_forensic_module /opt/freeware/lib/httpd/modules/mod_log_forensic.so
LoadModule logio_module /opt/freeware/lib/httpd/modules/mod_logio.so
LoadModule env_module /opt/freeware/lib/httpd/modules/mod_env.so
LoadModule mime_magic_module /opt/freeware/lib/httpd/modules/mod_mime_magic.so
LoadModule cern_meta_module /opt/freeware/lib/httpd/modules/mod_cern_meta.so
LoadModule expires_module /opt/freeware/lib/httpd/modules/mod_expires.so
LoadModule headers_module /opt/freeware/lib/httpd/modules/mod_headers.so
LoadModule ident_module /opt/freeware/lib/httpd/modules/mod_ident.so
LoadModule usertrack_module /opt/freeware/lib/httpd/modules/mod_usertrack.so
LoadModule unique_id_module /opt/freeware/lib/httpd/modules/mod_unique_id.so
LoadModule setenvif_module /opt/freeware/lib/httpd/modules/mod_setenvif.so
LoadModule version_module /opt/freeware/lib/httpd/modules/mod_version.so
LoadModule proxy_module /opt/freeware/lib/httpd/modules/mod_proxy.so
LoadModule proxy_connect_module /opt/freeware/lib/httpd/modules/mod_proxy_connect.so
LoadModule proxy_ftp_module /opt/freeware/lib/httpd/modules/mod_proxy_ftp.so
LoadModule proxy_http_module /opt/freeware/lib/httpd/modules/mod_proxy_http.so
LoadModule proxy_scgi_module /opt/freeware/lib/httpd/modules/mod_proxy_scgi.so
LoadModule proxy_ajp_module /opt/freeware/lib/httpd/modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module /opt/freeware/lib/httpd/modules/mod_proxy_balancer.so
LoadModule mime_module /opt/freeware/lib/httpd/modules/mod_mime.so
LoadModule dav_module /opt/freeware/lib/httpd/modules/mod_dav.so
LoadModule status_module /opt/freeware/lib/httpd/modules/mod_status.so
LoadModule autoindex_module /opt/freeware/lib/httpd/modules/mod_autoindex.so
LoadModule asis_module /opt/freeware/lib/httpd/modules/mod_asis.so
LoadModule info_module /opt/freeware/lib/httpd/modules/mod_info.so
LoadModule suexec_module /opt/freeware/lib/httpd/modules/mod_suexec.so
LoadModule cgid_module /opt/freeware/lib/httpd/modules/mod_cgid.so
LoadModule dav_fs_module /opt/freeware/lib/httpd/modules/mod_dav_fs.so
LoadModule vhost_alias_module /opt/freeware/lib/httpd/modules/mod_vhost_alias.so
LoadModule negotiation_module /opt/freeware/lib/httpd/modules/mod_negotiation.so
LoadModule dir_module /opt/freeware/lib/httpd/modules/mod_dir.so
LoadModule imagemap_module /opt/freeware/lib/httpd/modules/mod_imagemap.so
LoadModule actions_module /opt/freeware/lib/httpd/modules/mod_actions.so
LoadModule speling_module /opt/freeware/lib/httpd/modules/mod_speling.so
LoadModule userdir_module /opt/freeware/lib/httpd/modules/mod_userdir.so
LoadModule alias_module /opt/freeware/lib/httpd/modules/mod_alias.so
LoadModule rewrite_module /opt/freeware/lib/httpd/modules/mod_rewrite.so
LoadModule ldap_module /opt/freeware/etc/httpd/modules/mod_ldap.so
LoadModule authnz_ldap_module /opt/freeware/etc/httpd/modules/mod_authnz_ldap.so

<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User apache
Group apache

</IfModule>
</IfModule>

# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition.  These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#

#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.  e.g. admin@your-domain.com
#
ServerAdmin root@localhost

#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
ServerName 172.16.yy.xx:80  ## IP of our apache server

#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/var/www/htdocs"

#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#
<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#

#
# This should be changed to whatever you set DocumentRoot to.
#
<Directory "/var/www/htdocs">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/2.2/mod/core.html#options
    # for more information.
    #
    Options Indexes FollowSymLinks
    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    AllowOverride None

    #
    # Controls who can get stuff from this server.
    #
    Order allow,deny
    Allow from all

</Directory>

#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>

#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here.  If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "/var/syslog/httpd/error_log"

#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn

<IfModule log_config_module>
    #
    # The following directives define some format nicknames for use with
    # a CustomLog directive (see below).
    #
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    #
    # The location and format of the access logfile (Common Logfile Format).
    # If you do not define any access logfiles within a <VirtualHost>
    # container, they will be logged here.  Contrariwise, if you *do*
    # define per-<VirtualHost> access logfiles, transactions will be
    # logged therein and *not* in this file.
    #
    CustomLog "/var/syslog/httpd/access_log" common

    #
    # If you prefer a logfile with access, agent, and referer information
    # (Combined Logfile Format) you can use the following directive.
    #
    #CustomLog "/var/syslog/httpd/access_log" combined
</IfModule>

<IfModule alias_module>
    #
    # Redirect: Allows you to tell clients about documents that used to
    # exist in your server's namespace, but do not anymore. The client
    # will make a new request for the document at its new location.
    # Example:
    # Redirect permanent /foo http://www.example.com/bar
    #
    # Alias: Maps web paths into filesystem paths and is used to
    # access content that does not live under the DocumentRoot.
    # Example:
    # Alias /webpath /full/filesystem/path
    #
    # If you include a trailing / on /webpath then the server will
    # require it to be present in the URL.  You will also likely
    # need to provide a <Directory> section to allow access to
    # the filesystem path.

    #
    # ScriptAlias: This controls which directories contain server scripts.
    # ScriptAliases are essentially the same as Aliases, except that
    # documents in the target directory are treated as applications and
    # run by the server when requested rather than as documents sent to the
    # client.  The same rules about trailing "/" apply to ScriptAlias
    # directives as to Alias.
    #
    ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"

</IfModule>

<IfModule cgid_module>
    #
    # ScriptSock: On threaded servers, designate the path to the UNIX
    # socket used to communicate with the CGI daemon of mod_cgid.
    #
    Scriptsock /var/syslog/httpd/cgisock
</IfModule>

#
# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/var/www/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

#
# DefaultType: the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value.  If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/plain

<IfModule mime_module>
    #
    # TypesConfig points to the file containing the list of mappings from
    # filename extension to MIME-type.
    #
    TypesConfig conf/mime.types

    #
    # AddType allows you to add to or override the MIME configuration
    # file specified in TypesConfig for specific file types.
    #
    #AddType application/x-gzip .tgz
    #
    # AddEncoding allows you to have certain browsers uncompress
    # information on the fly. Note: Not all browsers support this.
    #
    #AddEncoding x-compress .Z
    #AddEncoding x-gzip .gz .tgz
    #
    # If the AddEncoding directives above are commented-out, then you
    # probably should define those extensions to indicate media types:
    #
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz

    #
    # AddHandler allows you to map certain file extensions to "handlers":
    # actions unrelated to filetype. These can be either built into the server
    # or added with the Action directive (see below)
    #
    # To use CGI scripts outside of ScriptAliased directories:
    # (You will also need to add "ExecCGI" to the "Options" directive.)
    #
    #AddHandler cgi-script .cgi

    # For type maps (negotiated resources):
    #AddHandler type-map var

    #
    # Filters allow you to process content before it is sent to the client.
    #
    # To parse .shtml files for server-side includes (SSI):
    # (You will also need to add "Includes" to the "Options" directive.)
    #
    #AddType text/html .shtml
    #AddOutputFilter INCLUDES .shtml
</IfModule>
<Location /server-status>
   SetHandler server-status
   Order deny,allow
   Deny from all
   Allow from 172.xx.xx.xx
</Location>

ExtendedStatus On

#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type.  The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
#MIMEMagicFile conf/magic

#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#

#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall is used to deliver
# files.  This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
#
#EnableMMAP off
#EnableSendfile off

# Supplemental configuration
#
# The configuration files in the conf/extra/ directory can be
# included to add extra features or to modify the default configuration of
# the server, or you may simply copy their contents here and change as
# necessary.

# Server-pool management (MPM specific)
#Include conf/extra/httpd-mpm.conf

# Multi-language error messages
Include conf/extra/httpd-multilang-errordoc.conf

# Fancy directory listings
#Include conf/extra/httpd-autoindex.conf

# Language settings
Include conf/extra/httpd-languages.conf

# User home directories
#Include conf/extra/httpd-userdir.conf

# Real-time info on requests and configuration
#Include conf/extra/httpd-info.conf

# Virtual hosts
Include conf/extra/httpd-vhosts.conf

# Local access to the Apache HTTP Server Manual
#Include conf/extra/httpd-manual.conf

# Distributed authoring and versioning (WebDAV)
# Include conf/extra/httpd-dav.conf

# Various default settings
Include conf/extra/httpd-default.conf

# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
# Subversion settings
Include conf/extra/httpd-subversion.conf

7- Setup apache as web-frontend for subversion. File /opt/freeware/etc/httpd/conf/extra/httpd-subversion.conf has to be edited.

aix# cat /opt/freeware/etc/httpd/conf/extra/httpd-subversion.conf

# Load the Subversion (SVN) modules
#
LoadModule dav_svn_module     /opt/freeware/lib/httpd/modules/mod_dav_svn.so
LoadModule authz_svn_module   /opt/freeware/lib/httpd/modules/mod_authz_svn.so

# My repository
     <Location /myrepo>
      Dav svn
      SVNPath /PATH/MYREPO/MYREPO
      AuthType Basic
      AuthName "SVN-LDAP-Auth"
      AuthBasicProvider ldap
      AuthzLDAPAuthoritative on
      AuthLDAPBindDN "bind_user_for_ldap@domain.net"
      AuthLDAPBindPassword "passwd"
      
### You can use this other ldap config.
###   AuthLDAPURL "ldap://dcdomain.net:389/OU=MYOU,DC=domain,DC=net?sAMAccountName?sub?(objectClass=*)" or the below:
      AuthLDAPURL "ldap://dcdomain.net:3268/?sAMAccountName?sub?"
      AuthUserFile /dev/null
      Require ldap-user israel
    </Location>
#

7- Verify  if apache’s syntax is correctly.

aix# /opt/freeware/sbin # ./apachectl -t

8- Start apache server.

aix # /opt/freeware/sbin/apachectl start
9- Connect from a browser or any SVN client like Tortoise (http://tortoisesvn.net/)
http://MYSVN_server/myrepo

10- See Apache’s logs.
All logs from apache are in this directory or filesytem /var/syslog/httpd/

aix#  ls -ltr /var/syslog/httpd/
total 7573696
srwx------    1 apache   system            0 Sep 22 2014  cgisock.3801090
-rw-r--r--    1 apache   apache     21357480 Nov 17 11:12 access_log.1.bz2
srwx------    1 apache   system            0 Mar 17 18:39 cgisock.7929992
-rw-r--r--    1 israel  system     12693306 Apr 17 12:46 ssl_request_log
-rw-r--r--    1 apache   apache    211063314 Apr 17 14:20 error_log
-rw-r--r--    1 apache   apache   3632476261 Apr 17 17:06 access_log

Hope this helps.

Just thanks if the post was helpful🙂

Posted in AIX, apache, ldap, subversion, SVN | Tagged , | Leave a comment

SAN zoning scenarios when components failed based on IBM Pureflex system, dual VIOS, NPIV, FC switches and V7000 storage.

Working on a fully IBM environment for some years,I asked to my self, whet happens with zoning of my LPARs if I lost a vioserver, a FC switch, or a controler (node) on the storage system.
You will find here, examples of these scenarios on a IBM pureflex system and a V7000 storage system.

On every scenario you will find information for:
1- LPAR virtual FC adapters, WWNs, and WWNs for live partition mobility.
2- VIOServers with their VFCHOST, fcs0 and fcs1 adapters.
3- Cable connection between ports on every VIOserver and FC switches
   on the pureflex chassis.
4- Ports used,  active zones, on every switches.
5- Cable connection between FCswitches and the storage, ports used
   on the nodes, active WWNs
   on controlers (nodes) on V7000 system.

We’ll start with system stable with all zoning working fine.
See image below:
optimal zonning

Scenario1
Zoning on the system when VIOS1 failed.
See image below:
optimal zonning-fail-vios1

Scenario2
Zoning on the system when VIOS2 failed.
See image below:
optimal zonning-fail-vios2

Scenario3
Zoning on the system when FCswitch1 failed.
See image below:
optimal zonning-fail-switchFC1

Scenario4
Zoning on the system when FCswitch2 failed.
See image below:
optimal zonning-fail-switchFC2

Scenario5
Zoning on the system when VIOS1 and FCswitch1 failed.
See image below:
optimal zonning-fail-vios1-switch1

Scenario7
Zoning on the system when VIOS2 and FCswitch2 failed.
See image below:
optimal zonning-fail-vios2-switch2-nodeleft2

Scenario8
Zoning on the system when VIOS1, FCswitch1 and nodeleft (controler) failed.
See image below:
optimal zonning-fail-vios1-switch1-nodeleft1

Scenario9
Zoning on the system when VIOS2, FCswitch2 and noderight (controler) failed.
See image below:
optimal zonning-fail-vios2-switch2-nodeleft2

I know there’re other scenarios, but I think with all these examples it’s enough.

Hope this helps.

Just thanks if the post was helpful🙂

Posted in AIX | Tagged , , , | 1 Comment

How to authenticate ‘agents’ and ‘customers’ via LDAP/AD for OTRS (www.otrs.com).

Hi,

Sorry the delay, but I've been really really busy lately.
This week I had to setup LDAP authentication for agents and customers for our Open Source 
helpdesk software and an IT Service Management software  OTRS  server. This OTRS server is
running on Linux OS. Before all this work, OTRS authenticate via local DB.
Well, after some hours, here's what you need to add to add to file
/opt/otrs/Kernel/Config.pm
Before begin, it would be a good idea to make a backup of Config.pm file. File /opt/otrs/Kernel/Config.pm is very important for OTRS, if you made a mistake you probably will have issues on the OTRS system, so we have to be careful where to change inside this file. In our case you should add your code betwwn this lines:
    # ---------------------------------------------------- #

    # ---------------------------------------------------- #
    # data inserted by installer                           #
    # ---------------------------------------------------- #
    # $DIBI$
#xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
PUT YOUR CODE HERE
#xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
    #                                                      #
    # end of your own config options!!!                    #
    #                                                      #
    # ---------------------------------------------------- #
    # ---------------------------------------------------- #
Now, insert this code to Config.pm file to configure LDAP.
# Autenticacion LDAP para agents. At the end you have a second backend using local DB.
# For LDAP
# (Make sure Net::LDAP is installed!)
$Self->{'AuthModule'} = 'Kernel::System::Auth::LDAP';
$Self->{'AuthModule::LDAP::Host'} = 'dc0.domain.net';
$Self->{'AuthModule::LDAP::BaseDN'} = 'OU=Users,OU=domain,DC=net';
$Self->{'AuthModule::LDAP::UID'} = 'sAMAccountName';

# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthModule::LDAP::SearchUserDN'} = 'bind_user_ldap';
$Self->{'AuthModule::LDAP::SearchUserPw'} = 'passwd';

# in case you want to add always one filter to each ldap query, use
# this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
$Self->{'Customer::AuthModule::LDAP::AlwaysFilter'} = '';

# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::LDAP::Params'} = {
    port => 389,
    timeout => 120,
    async => 0,
    version => 3,
};

# Second backend, internal OTRS DB
$Self->{'AuthModule2'} = 'Kernel::System::Auth::DB';
$Self->{'AuthModule::DB::CryptType2'} = 'crypt';

# Autenticacion LDAP para customers.
####### Autenticacion LDAP para customers.
# CustomerUser
# (customer ldap backend and settings)
$Self->{CustomerUser} = {
    Name => 'LDAP Lookup',
    Module => 'Kernel::System::CustomerUser::LDAP',
    Params => {
        # ldap host
        Host => 'dc0.domain.net',
        # ldap base dn
        BaseDN => 'OU=Users,OU=domain,DC=net',
        # search scope (one|sub)
        SSCOPE => 'sub',
        # The following is valid but would only be necessary if the
        # anonymous user does NOT have permission to read from the LDAP tree
        # in case you want to add always one filter to each ldap query, use
        UserDN => 'CN=User BIND LDAP,OU=Users,OU=domain,DC=net',
        UserPw => 'passwd',
        # this option. e. g. AlwaysFilter => '(mail=*)' or AlwaysFilter => '(objectclass=user)'
        AlwaysFilter => '(title=*)',
            # if both your frontend and your LDAP are unicode, use this:
            SourceCharset => 'utf-8',
            DestCharset   => 'utf-8',
            # if your frontend is unicode and the charset of your
            # ldap server is iso-8859-1, use these options.
            # SourceCharset => 'iso-8859-1',
            # DestCharset => 'utf-8',
            # Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
            Params => {
                port => 389,
                timeout => 120,
                async => 0,
                version => 3,
            },
    },
    # customer unique id
    CustomerKey => 'sAMAccountName',
    # customer #
    CustomerID => 'mail',
    CustomerUserListFields => ['cn', 'mail'],
    CustomerUserSearchFields => ['sAMAccountName', 'sn' ,'cn', 'mail'],
    CustomerUserSearchPrefix => '',
    CustomerUserSearchSuffix => '*',
    CustomerUserSearchListLimit => 1000,
    CustomerUserPostMasterSearchFields => ['mail'],
    CustomerUserNameFields => ['givenname', 'sn'],
    # show not own tickets in customer panel, CompanyTickets
    CustomerUserExcludePrimaryCustomerID => 0,
    # add an ldap filter for valid users (expert setting)
#    CustomerUserValidFilter => '(!(description=locked))',
    # administrator can't change customer preferences
    AdminSetPreferences => 0,
#    # cache time to live in sec. - cache any database queries
#    CacheTTL => 0,
    Map => [
        # note: Login, Email and CustomerID are mandatory!
        # var, frontend, storage, shown (1=always,2=lite), required, storage-type, http-link, readonly
        [ 'UserTitle',      'Title',      'title',           1, 0, 'var', '', 0 ],
        [ 'UserFirstname',  'Firstname',  'givenname',       1, 1, 'var', '', 0 ],
        [ 'UserLastname',   'Lastname',   'sn',              1, 1, 'var', '', 0 ],
        [ 'UserLogin',      'Username',   'sAMAccountName',  1, 1, 'var', '', 0 ],
        [ 'UserEmail',      'Email',      'mail',            1, 1, 'var', '', 0 ],
        [ 'UserCustomerID', 'CustomerID', 'mail',            0, 1, 'var', '', 0 ],
#        [ 'UserCustomerIDs', 'CustomerIDs', 'second_customer_ids', 1, 0, 'var', '', 0 ],
        [ 'UserPhone',      'Phone',      'telephonenumber', 1, 0, 'var', '', 0 ],
        [ 'UserAddress',    'Address',    'postaladdress',   1, 0, 'var', '', 0 ],
        [ 'UserComment',    'Comment',    'description',     1, 0, 'var', '', 0 ],
    ],
};
 
How to add a new LDAP agent to OTRS? See this images:
 goagent 
goagent2 
goagent3
 goagent4 
How to add LDAP customers to OTRS? See this images? 

gocustomer 
gocustomer2 
This has worked for me. Hope this helps.

Just thanks if the post was helpful :-)
Posted in ldap, linux, otrs | Tagged | Leave a comment