Category Archives: Administration

Grails ldap integration with Active Directory via spring-security-ldap

The spring-security-ldap has great documentation. I put together a working example (at least in my environment) to complement the docs. When I was tasked with integrating our grails apps with Active Directory I remember there being a scarcity of examples.. so I hope this code will save you some time in getting ldap working with Active Directory in your grails environment.

Important files

grails-app/conf/Config.groovy
src/groovy/com/javazquez/ldapexample/MyUserDetailsContextMapper.groovy
src/groovy/com/javazquez/ldapexample/MyUserDetails.groovy
grails-app/conf/spring/resources.groovy

once you have your Active Directory configurations entered (grails-app/conf/Config.groovy), fire up your app and
test it out by logging in via the login controller.

Notes

  • You may have to update MyUserDetailsContextMapper.groovy as my Active Directory environment may differ from yours.
  • You may also want to update MyUserDetails.groovy to hold more or less info than my config.

-JV

POP3 Gmail access with Clojure and JavaMail

I recently had the need to access gmail using Clojure. I used JavaMail to accomplish this via pop3. Below is some code that I wrote to help me get emails. Hope you find it useful Enjoy 🙂


(use '[clojure.contrib.duck-streams])
(def props (System/getProperties))
; Get the default Session object.
(def session (javax.mail.Session/getDefaultInstance props))

; Get a Store object that implements the specified protocol.
(def store (.getStore session "pop3s"))

;Connect to the current host using the specified username and password.
(.connect store "pop.gmail.com" "username@gmail.com" "password")

;Create a Folder object corresponding to the given name.
(def folder (. store getFolder "inbox"))

; Open the Folder.
(.open folder (javax.mail.Folder/READ_ONLY ))
; Get the messages from the server
(def messages (.getMessages folder))

(defn getFrom [message](javax.mail.internet.InternetAddress/toString (.getFrom message)))
(defn getReplyTo [message] (javax.mail.internet.InternetAddress/toString (.getReplyTo message)) )
(defn getSubject [message] (.getSubject message))

;print out the body of the message
(for [m messages] (read-lines(.getInputStream m)) )

;;;;;code for sending an email

(def props (System/getProperties))
(. props put "mail.smtp.host", "smtp.gmail.com")
(. props put "mail.smtp.port", "465")
(. props put "mail.smtp.auth", "true")
(. props put "mail.transport.protocol", "smtps")

(def session (javax.mail.Session/getDefaultInstance props nil))
(def msg (javax.mail.internet.MimeMessage. session))
(. msg setFrom (javax.mail.internet.InternetAddress. "sender@gmail.com"))
(. msg addRecipients javax.mail.Message$RecipientType/TO
"receiver@gmail.com")

(. msg setSubject "i am the subject")
(. msg setText "I am the body!!!")

(. msg setHeader "X-Mailer", "msgsend")
(. msg setSentDate (java.util.Date.))

; send the email
(def transport (. session getTransport))
(. transport connect "smtp.gmail.com" 465 "sender@gmail.com" "password")
(. transport sendMessage msg (. msg getRecipients javax.mail.Message$RecipientType/TO))
(. transport close)

Login with Basic Authentication using Groovy

Hey there fellow Groovyists! I was recently in need of performing Basic Authentication on Apache using Groovy for a proof of concept. Below is what I was able to quickly put together.

//Here is a quick groovy 1.7.4 Basic Auth Example
@Grab(group=’org.codehaus.groovy.modules.http-builder’, module=’http-builder’, version=’0.5.0′ )

def authSite = new groovyx.net.http.HTTPBuilder( ‘http://10.110.201.115/~juanvazquez/basicAuth/’ )
authSite.auth.basic ‘user’, ‘pwd’
println authSite.get( path:’testAuth.html’ )

Proxy/ReverseProxy and Apache2

I recently configured Apache2 to be a ReverseProxy/Proxy and thought I would share my experiences while it was still fresh. Having never configured any kind of proxy, I found this webpage very informative. The scenario I would like to use for my example is that I have three internal web servers called

Site Local IP Remote IP Port
www.reallycoolsite.com 192.168.1.102 10.15.22.1 80
www.justcoolsite.com 192.168.1.102 10.15.22.2 80
www.reallylamesite.com 192.168.1.44 10.15.22.3 80

Alright…pretty straight forward right? If you are in a situation that I was when I started, you haven’t done much more than install apache from source and added a few modules here and there occasionally. The way I solved the problem was to create name-based virtual host for each of the servers.
our example would look like


#you can listen on specific ports for requests if you like
#(ex->Listen 192.168.1.102:80)
#I use the below statement to listen on 80 for all requests
Listen *:80
#Because we have multiple names mapped to same ip
NameVirtualHost 192.168.1.102:80

<VirtualHost 192.168.1.102:80 >
ServerName www.reallycoolsite.com
ProxyRequests Off
ProxyPass / http://10.15.22.1/
ProxyReverse / http://www.reallycoolsite.com/
ProxyPreserveHost On
ErrorLog reallycoolsite_error_log
CustomLog reallycoolsite_access_logs
</VirtualHost >

<VirtualHost 192.168.1.102:80 >
ServerName www.justcoolsite.com
ProxyRequests Off
ProxyPass / http://10.15.22.2/
ProxyReverse / http://www.justcoolsite.com/
ProxyPreserveHost On
ErrorLog justcoolsite_error_log
CustomLog justcoolsite_access_logs
</VirtualHost >

<VirtualHost 192.168.1.44:80 >
ServerName www.reallylamesite.com
ProxyRequests Off
ProxyPass / http://10.15.22.3/
ProxyReverse / http://www.reallylamesite.com/
ProxyPreserveHost On
ErrorLog reallylamesite_error_log
CustomLog reallylamesite_access_logs
</VirtualHost >

If you receive errors during the communication of your proxy and your server, it may be a good idea to investigate if you have an http protocol error discussed at the bottom of this page
The following two lines are pulled from the reference and fixed a problem I had with one of my IIS servers using SSL(for more info about the issue, go here

SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1

My apache configuration file(httpd.conf) was the file I used to edit my settings.. Your file may be different depending on how new your apache version is. I found that some implementations called the configuration file apache.conf…. I hope this blog entry is helpful you, Happy Configuring!

su vs. “su -” The Mystery Revealed

Inquiring minds want to know, what is this su - and why is it different than su? Well, if you are like me, you didn’t even know that su - existed. I ran into this problem when I was trying to add a new user to a new Linux machine. Remote root login was disabled(for obvious reasons:D) and I was logged in with my regular non-privileged user account. Well, normally the story goes like this…

  1. su
  2. Authenticate
  3. useradd account
  4. set password
  5. log out of privileged account
  6. Take coffee break from all the hard work and call it a day

No so today:( . When I attempted to run step three(useradd), I received a command not found error. “That’s weird” I thought. How could a machine not have this basic command. I looked in the bin directory to see if it was some kind of path error I was having. Thinking that this was the case, I was shocked to see that none of the user commands(adduser, usermod, deluser) where there.

After a few minutes of scratching my head, I asked someone more versed in Linux than I what they thought. After walking through each of the steps I had taken, my mistake was easily spotted. I hadn’t added the ‘-‘ to the su command. Thinking that the explanation was weird, I checked with google for the su - command. Sure enough, the link to Wikipedia had this to say about it,

Optionally, you can use a hyphen with su to invoke a login shell and assume the target user’s complete user environment:

I am glad I had someone to point this out to me… It could have been a longer and very frustrating ordeal. It was also a lesson for me to refer more to the man pages(it had the answer there too). I hope this blog entry helps someone else who is confronted with this situation.