Of the three books I looked at, Chobits was the closest I came to actually buying.  In Borders it is $24.99, on Amazon it is $17.99.  I have a hard time overlooking $7, especially when the brick and mortar is going to add tax, which would make the different over $9.  I wasn’t sure if I wanted the book, which is what actually stopped me from buying that particular item.  The next two books… were much more clear cut.

Next on the list is The Official Ubuntu Server Book.  In Borders it is $39.99, but only $26.39 on Amazon.  A $13 difference (Plus Tax) is just not even close.  After flipping through this book, I decided it was actually quite nice and rather wanted to buy it.  So I purchased it from Amazon right there in Borders, using my Amazon Android application. The book will be here shortly.

Last was the LPI Linux Certification in a Nutshell book.  In Borders it is a tech-book typical $49.99.  Demonstrating that it just isn’t financially feasible to use brick and mortar stores is Amazon with a price tag of just $31.49 which is an $18.50 difference (not including tax).  I realize that the $49.99 value is list price, but how can any consumer seriously consider spending 60% more on one single book, just to buy it in store.  Sure, if you absolutely, positively MUST have the book right that second, you’ve got no choice.  If I had any option whatsoever, I’d Amazon it.  $3.99 for overnight shipping is still much, much cheaper.

Yes, I like to be able to pick up the books and flip through them before I buy them.  Yes, I like to just browse the shelves of a bookstore.  But no, I will not pay a $39.10 premium to do so.  That is enough to go and buy a copy of Ubuntu: Up and Running: A Power User’s Desktop Guide AND the Ubuntu Pocket Reference Guide AND still have $6.00 left to buy a coffee at Starbucks.  Sorry, Borders loses.

To connect to a WebDAV share under OSX:

• Finder
• Go
• Connect to Server
• Enter your URL – The same as you’d use in a browser (IE: http://fileserver.company.com/webdav/ )
• Connect
• Enter your Username & Password (provided it is required – just like the web browser)
• Connect – That’s it!

To connect to a WebDAV share under Linux (Ubuntu 10.04):

• Places
• Connect to Server
• Service type: WebDAV
• Fill in Port and Folder
• Connect – That’s it!

Components used:

• Ubuntu 10.04
• Apache 2.2
• OpenDS 2.2 (LDAP)
• mod_authnz_ldap, mod_dav, mod_dav_fs, mod_dav_lock & mod_rewrite

The process is very easy, provided you’ve got OpenDS & Apache 2 already up and running. If you need the basics of that, I’ve covered that in another post. I’m also assuming that LDAP is already setup with users & groups.  In the following example, you’ll have 3 groups: “All” which contains a list of all users, “One” which only gets access to the ‘share’ folder of ‘one’, and “Two” which is the same concept as “One”. Note: I used OpenDS Static Groups, I have no idea if Dynamic Groups or Virtual Static Groups will work.

• mkdir /home/webdav; mkdir /home/webdav/one; mkdir /home/webdav/two; mkdir /home/webdav/public
• chown -R www-data.www-data /home/webdav
• chmod -R 755 /home/webdav
• chmod a-w /home/webdav
• a2enmod authnz_ldap dav dav_fs dav_lock rewrite
• nano /etc/apache2/sites-enabled/000-default
• Add the following to the bottom of the file before </VirtualHosts>

Alias /webdav/ "/home/webdav/"

<Directory /home/webdav>
 Options Indexes FollowSymLinks MultiViews
 AllowOverride AuthConfig
 Order allow,deny
 allow from all
</Directory>
DavLockDB /tmp/DavLock

RewriteEngine On
RewriteRule ^/webdav$ /webdav/ [R=301]

<Location /webdav>
 Dav On
 AuthName DAV
 AuthType Basic
 AuthBasicProvider ldap
 AuthzLDAPAuthoritative on
 AuthLDAPURL "ldap://127.0.0.1:389/ou=People,dc=DOMAIN,dc=TLD?uid?sub?(objectClass=*)" NONE
 AuthLDAPGroupAttributeIsDN on
 AuthLDAPBindDN cn=USERNAMEHERE
 AuthLDAPBindPassword PASSWORDHERE
 Require ldap-group cn=All,ou=Groups,dc=DOMAIN,dc=TLD
</Location>

<Location /webdav/one>
 AuthName DAV
 AuthType Basic
 AuthBasicProvider ldap
 AuthzLDAPAuthoritative on
 AuthLDAPURL "ldap://127.0.0.1:389/ou=People,dc=DOMAIN,dc=TLD?uid?sub?(objectClass=*)" NONE
 AuthLDAPGroupAttributeIsDN on
 AuthLDAPBindDN cn=USERNAMEHERE
 AuthLDAPBindPassword PASSWORDHERE
 Require ldap-group cn=One,ou=Groups,dc=DOMAIN,dc=TLD
</Location>

<Location /webdav/two>
 AuthName DAV
 AuthType Basic
 AuthBasicProvider ldap
 AuthzLDAPAuthoritative on
 AuthLDAPURL "ldap://127.0.0.1:389/ou=People,dc=DOMAIN,dc=TLD?uid?sub?(objectClass=*)" NONE
 AuthLDAPGroupAttributeIsDN on
 AuthLDAPBindDN cn=USERNAMEHERE
 AuthLDAPBindPassword PASSWORDHERE
 Require ldap-group cn=Two,ou=Groups,dc=DOMAIN,dc=TLD
</Location>

• /etc/init.d/apache2 restart

At this point (provided you changed DOMAIN, TLD, USERNAMEHERE, and PASSWORDHERE in the above example), you should be able to point a browser to http://yourserver/webdav and it will prompt you for your username and password.  To Apache /webdav and /webdav/ are different, but most users won’t know that, hence the redirect.  After you authenticate, provided you are in groups “One” and “Two” you should be able to see 3 folders (one, two, and public).  If you are not in all the groups, you will not see nor be able to access the folders (except public, which all authenticated users would be able to see and access).

If you’re using a Mac, you can use Finder > Go > Connect To Server with the same URL.  You should be able to simply drag and drop files on and off (like you would any other type of share).  All directories, that you’re a group member of, except the base (/webdav/ – That was the ‘chmod a-w’ line) should be writable.  You can pop open files and edit them directly from the webdav share too.

Piece of cake, eh? Without clear and concise instructions (such as above) it took me less than two hours to research, figure out, and implement.  If you can follow the instructions and have some idea what you are doing, you should be able to get WebDAV shares up and running in less than 30mn (and that’s on the outside).

NOTE: You cannot use digest authentication, you MUST use basic authentication.  This sends passwords in clear text.  If this is internet accessible – I highly recommend you SSL your WebDAV share.

If you stop by OpenDS’s website, you’ll find a big “Get 2.2 Now” button. This does a WebStart install, which I’ve never seen before, but works fairly well on Windows and OSX environments. I’m sure it would also work under Linux, provided I had a Linux machine that ran a GUI (which I generally don’t). So these instructions will cover installing it from the command line, and some basic post-install configuration from the GUI (it’s just so much easier).

• apt-get install python-software-properties
• add-apt-repository “deb http://archive.canonical.com/ lucid partner”
  • From Lucid Release Notes
• apt-get update
• apt-get install sun-java6-jre unzip
• wget http://www.opends.org/promoted-builds/2.2.0/OpenDS-2.2.0.zip
• unzip OpenDS-2.2.0.zip
• mv OpenDS-2.2.0 /opt/opends/
• /opt/opends/bin/create-rc-script –outputFile /etc/init.d/opends
• update-rc.d opends defaults
• /etc/init.d/opends start
• cd /opt/opends/
• ./setup
• Answer the on screen instructions, the defaults should be acceptable in most cases, but I prefer to turn on SSL and StartTLS

That’s it. Like I said, not exactly rocket science. If you do the WebStart on a machine with a GUI, you’ll be installed in even less time. After that you can use the GUI to populate your server instance with useful data. So on your GUI equipped machine (which you’ve installed OpenDS onto):

• Launch ./opends/bin/control-panel (Or ./opends/bat/control-panel.bat – for Windows)
• Select “Remote Server”
• Enter the IP address
• Leave port 4444 (unless you changed it)
• Change ‘cn=Directory Manager’ to your admin username
• Enter your password
• Ok!

At this point there are two important screens for someone who wants to get up and running pronto:

• Schema > Manage Schema – The allows you to see what schema is built into OpenDS (basically everything in the LDAP RFC’s) and lets you add your own schema.  Simply hit “New Attribute” or “New Object Class”
• Directory Data > Manage Entries – This is where you’ll go to add/delete/change all the information in your directory. I think this interface is probably the best of all the LDAP interfaces I’ve tried (Including Apache Directory Studio and phpLDAPadmin)

I would suggest creating (under the base DN you specified during the install, something like ‘dc=test,dc=com’): At least 2 new Organizational Units.  ‘ou=People’ and ‘ou=Groups’.  Those two are the standards for Users and Groups, respectively.  After you have the ou’s, you can right click and create new people or groups.   A word of advice on Groups, I haven’t had a lot of luck on application compatibility with “Dynamic Group” or “Virtual Static Group”.  I’ve found it is much safer to stick with “Static Group”.

We started off by researching and trying the LDAP providers. After some investigation and testing of OpenLDAP, we settled on OpenDS. I didn’t like OpenLDAP (though it is something of the “standard”), because it is just such a pain in the ass to administrate. Everything is command like and in LDAP-ese, which is probably ok if you’re a regular LDAPer, but I’m not and neither was the local IT department. OpenDS, while Java based (and I dislike Java on principal), was quite nice. You can click the 1-button “web start” and have it install and do everything automagically. I’ll (probably) cover it in more detail in a later post.

So now we have OpenDS 2.2 setup and running well with the prospect email system. Next on the list of “critical” services was Samba, which is what they were already using and Samba claims to be LDAP compatible. Since we were running Ubuntu 10.04, I simply apt-get installed Samba 3.4 series and the necessary LDAP tools. This is where things started to go poorly.

I won’t bore you with all the debug details, but I ended up spending probably 4 full days worth of time trying to get Samba working against LDAP properly. I’ll admit that it could have been slightly faster, as I’m not terribly experienced with LDAP and had to learn some of it on the go. That being said, I’m used to open source, and the requisite learning on the go. From the best I can tell, Samba 3.4 makes a number of small changes which are basically undocumented and is designed to talk to OpenLDAP (slapd) only. One of the “small” changes in Samba I noticed was that the smb.conf option of “valid users =” is now simply “users =”, and doesn’t notify you of it’s deprecation. It simply ignores “valid users =” as an unknown option. Fan-freakin-tastic.

In the end, I could not manage to get Samba to talk to OpenLDAP using SSL or StartTLS. I did eventually get Samba to authenticate using my LDAP accounts, but that required a LOT of special objectClasses and extra miscellaneous information in the LDAP directory. I don’t mind having to have extra information in LDAP, as that is what it is good for, but having its own style for group user lists, userids and password borders on asinine. I know it is a throw back to it’s original building, but UPDATE THE CODE PEOPLE.

In the end, Samba was abandoned because it flatly ignored my groups. Once you authenticated to Samba with an LDAP valid username and password, you had access to every share. I tried my damnedest to make shares in Samba that I couldn’t access. I set up special groups, I used groups that didn’t exist… everything I could think of and nothing worked. There is a point of diminishing returns and I had hit it. In the end, with a mostly Linux/Mac user environment, there is no reason to use Samba.

I found a better option, WebDAV. I configured Apache 2.2, with mod_dav and mod_authnz_ldap. In an hour and a half, I had it up, providing access to files from multiple “shares” AND authenticating properly to OpenDS’s LDAP (over SSL mind you) with full support of my existing groups. Want to know how many changes I had to make to my base LDAP schema (sans Samba junk) to get this working? None. Not a single change at all. Kick ass.

So to summarize: Samba is old and outdated. It shouldn’t be used to share files unless absolutely necessary. While supposedly supporting LDAP in general, it doesn’t work. Most of the Samba/LDAP configuration is centered around acting as a PDC (Editor’s note: Primary Domain Controller) and very little covering simply sharing files. Lastly, it’s documentation (the official Samba website) is old and broken, literally 404′ing in many cases.

Since the iPhone burst onto the scene in 2007 with its “game changing” multi-touching, nothing has been the same. There have also been numerous articles as of late on how mobile devices are outselling PCs. Some of them are fairly vague as to what exactly is a mobile device (i.e. do Laptops count as PCs or mobiles?). Irregardless, it does go to show that there are a LOT of mobiles selling, and that will continue to be a big market in the future.

Linux has been predominantly server-only as far as operating systems go. Sure, you can use Linux on your desktop, and I had as far back as Red Hat 6.0 in the 90s, but it wasn’t an end-user friendly experience. Canonical and Ubuntu have been slowly but surely changing this, with their “For humans” drive. They’ve even gone as far as releasing Ubuntu Netbook Remix (which I’ve covered a number of times here) which is rather slick as far as netbook OSes go.

If Ubuntu can get GUI software projects to include multi-touch support in their applications, the game for larger mobile devices, tablets and netbooks, could change radically. A true and proper operating system (that can do more than just watch videos and punch out email, like the iPad), with great touch support could potentially put a serious hurt on the iPad. Sure, part of the iPad’s appeal is the hardware, and no arguing that is nice (for what it is), but hardware is easy to replicate.

One of the biggest challenges for Linux adoption has been the fact that it isn’t Windows or Mac. Simply the lack of ability to run your favorite applications is the biggest drawback for most people. On the mobile/tablet device market, no one cares. Windows Mobile, Android, Blackberry, iOS… all of them are custom made for their devices (cell phones) and form factors, and no one cares. For Tablets you choices are only iOS (on the iPad) and Windows 7 (for everything else). While Win 7 for Tablets is the same OS, people don’t care nearly as much. The tasks you want to accomplish on a Tablet are different than those on a desktop or notebook.

As much as I’d like to hope for it, Ubuntu 10.10 (Maverik) isn’t going to drastically change the game. It will show us the potential of Open Source Multi-Touch, but in a limited fashion. After all, the release is only 2 months off. Ubuntu 11.04 (P) will probably refine muti-touch nicely and add support from a number of applications. One (specifically this OSS nerd) can only hope that the rest of the Linux community will adopt the same standards, if not the same code base. Fragmentation of this new “basic input” would be lethal.

Like a good Open Source nerd, I Google’d about and found a potential answer. You need to:

• Boot into Grub (hold down shift after the BIOS finishes, and before the Ubuntu logo comes up)
• Select your default boot option, hit “e” (For Edit)
• Change the launch line (which starts with ‘linux’) and append “forceversa i905.mode=0″.

Except in my case, that was already there. So I tried removing this. Now the computer booted (heard the Ubuntu startup noise), but the screen was still dead. I had caught a line somewhere that someone had a similar issue and that it was simply the machine redirecting all graphical output to the external display. I plugged in an external LCD and confirmed I was getting output.

Since I had a semi-functional machine at this point, I hoped that doing an apt-get update / apt-get dist-upgrade would solve the problem. The machine was a clean install, so it needed 250 some updates, including a new kernel. New kernels are always promising in my book. After waiting for several hours (slow internet), the update completed and I rebooted the machine. No dice. The latest Kernel for 10.04 Lucid, does nothing.

Eventually I found this bug entry, which I believe is the issue. The last comment, from just about a few days prior to my fix attempt, indicated this will be resolved in 10.04.2. This is great news, except for the fact that .2 isn’t scheduled to be out until late January 2011. But that at least gave me hope that there was a fix in the works.  I decided to take shot in the dark and tried installing the kernel daily build.  The kernel I installed was from 2010-07-27 and works.  By works I mean the machine boots normally AND the screen displays properly.

So, if you have this issue and don’t want to wait, use a daily build kernel.  Now, I really dislike using a non-tested kernel like this for a standard user’s machine (if it was for myself, it wouldn’t be a big deal), but there isn’t much of a choice.  Without the new kernel, there aren’t many other options, other than telling the user “Sorry, you can’t use this computer” – and that tends to go over poorly.  So, new kernel = good (fixed), but can add some risk.  Let’s just hope the user doesn’t dist-upgrade to a new (older) re-broken kernel.

For the most part, it is much like 9.10, just better.  The OS feels slightly better refined, and just a tad bit friendlier off the bat.  The one major improvement, is the boot speed.  From the time Ubuntu starts (from GRUB) to the time the X login screen appears, took just 16 seconds.  I’ll admit, the first time I saw that boot speed, I was damn impressed.  Really, with the OS starting this fast, there is no need for these special “embedded” operating systems that many hardware manufacturers are now including.

As I noted before, there isn’t any major changes (that I’ve noticed) from 9.10.  The only downside I’ve seen (from my admittedly limited amount of testing), is that my wifi adapter’s 5 GHz side doesn’t seem to work.  It is a minor annoyance at best, as 5 GHz is still rare, and I’m sure I could fix it… I just haven’t bothered. Overall, the system works extremely well and I’m happy with it.  I should have gotten bored and tried this sooner.  I suspect from now on my netbook will be staying Ubuntu as it goes well with my Macbook Air and Windows machines.  Nice little heterogeneous network.

UNetbootin makes preparing a Linux install USB drive very easy.  Here’s all you need:

1. Download UNetbootin
2. Optionally download the ISO of the distribution you wish to install onto the USB drive.
3. Launch UNetbootin
4. It will ask you if you want to select a distribution (It will download the necessary files right there and then), select a disk image (ISO), or custom.
5. You will be able to select your desired USB drive – do be sure to verify which drive it is you want (it will nuke the drive).  As usual, try and use a fast USB drive, like a Cruzer Titanium, for best results.
6. Click OK

Wait and Enjoy.  The tool will download any necessary files, then run through nuking your drive, reformatting, and copying over the files.  Depending on download size/speed/drive performance, it can take a bit of time.  When it is done though, you should be able to take the USB drive and use it to install Linux onto any machine.  I’ve used UNetbootin a number of times previously with great results.

Additionally if you need more help on installing Ubuntu from USB drive (say for an icky Mac) you can check out the Ubuntu Wiki.

Get yourself to a command line, and assuming your running Ubuntu or Debian:

• apt-get install libssh2-php
• /etc/init.d/apache2 restart
• Done!

It is literally that easy, all you need to do is install libssh2-php which is the PHP bindings for libssh2.  If your running another flavor of Linux, just search your package manager for “libssh2″ and pipe it to “grep php”.  You’ll most likely find the package your looking for.  You may also need to manually enable the module; Ubuntu does that for me.  After you restart Apache with that new module, simply go into your WordPress administration interface and you’ll see the “SSH2″ option in any Install/Update screen.

Note: It does support SSH keys, along with the standard password authentication.  I’ve not tried a key with a password on it, so if you try it, let me know how it works.