Category: HOWTO

Basics of pdadmin: How to open the shell and authenticate yourself

~ Anton Khitrenovich ~ 2 Comments

This is the first in the series of posts that explain how to complete various tasks with ‘pdadmin’ command line tool. All versions of IBM Security Access Manager for Web (formerly known as IBM Tivoli Access Manager for e-Business) come with this tool, which sometimes makes it much more useful than Web Portal Manager UI. Here I will cover the basics – how to open the pdadmin shell and how to authenticate yourself.

There are several possible ways to get to the pdadmin prompt.

  • Open command prompt on your installation and type ‘pdadmin’ – usually the binaries directory that includes pdadmin tool is a part of the system path. But if this does not work, you can find pdadmin executable in the Policy Director’s “bin” directory. Typical path is “C:\Program Files\Tivoli\Policy Director\bin” on Windows systems and “/opt/PolicyDirector/bin” on UNIX.
  • New in v7.0: Use the so-called REST API, which is in fact simple HTTP interface to pdadmin utility. More about it in later posts.
  • In the new virtual appliance edition (also available in v7.0) you can log in to the appliance console, and then find the pdadmin prompt (covered up as ”admin” item) under “wga” menu.

The first thing you have to do after the pdadmin prompt was opened is to authenticate your session to the server. This task is pretty straightforward.

pdadmin> login
Enter User ID: sec_master
Enter Password: ********
pdadmin sec_master>

Note that there is no need to issue explicit login command when working via HTTP API, since the authentication credentials are specified in the dedicated section of the HTTP payload.

How to install Apache HTTPD with PHP and OpenSSL on Windows

~ Anton Khitrenovich ~ 1 Comment

Installing Apache HTTPD web server with PHP and OpenSSL support on Windows box is not a trivial task nowadays. First, Apache site does not provide Win32 binaries for the latest HTTPD versions anymore. When you manage to find the place to get the binary itself, you get challenged with additional questions – which binary matches the OpenSSL version of your PHP installation and where to get VC redistributable it requires. This article aims to cover all those topics.

We are going to install Apache HTTPD 2.4.3 with PHP 5.4.11 (latest versions at the moment of writing) on Windows 2003 server.

Apache HTTPD

Fresh Apache HTTPD binaries can be found on Apache Lounge site. Note that you will need the binary compiled with OpenSSL 0.9.8 to work with our future PHP installation. Also, there is a link to VC10 redistributable somewhere at the top part of the download page. Make sure to grab it and install on your Windows box before you start with Apache HTTPD installation and configuration.

Fresh Apache HTTPD distributions come as an archive and not as an installer, but don’t be afraid. Just extract the content of the package and move “Apache24” directory to the “C:” drive. You can start the web server by running “httpd.exe” from “C:\Apache24\bin” folder. In the same folder you can find useful ApacheMonitor utility, which allows you to start and stop the server conveniently. I recommend to create a shortcut to this utility and place it to the startup folder (either yours or for all users). Also, Apache HTTPD can be set up to run as a service on system startup by executing “C:\Apache24\bin\httpd.exe -k install” command.

The minimal web server setup includes changing ServerName in “C:\Apache24\conf\httpd.conf” to be the real FQDN of your server. Now you can start the web service and verify that it is up and running.

PHP

The next step is to get latest PHP binary distribution for Windows from PHP for Windows site. There are “Thread Safe” and “Non Thread Safe” distributions; you will need the Zip archive of the Thread Safe one to run it inside the web server. The site mentions that it requires VC9 runtime, but VC10 you’ve installed for Apache HTTPD is even better. Note that some manuals instruct you to download Apache HTTPD module for PHP support separately, but there is no need for that – it is already included in recent PHP distributions.

Extract the content of the distribution archive to “C:\PHP” folder and copy relevant “php.ini-something” to “php.ini”. Inside “php.ini”, uncomment “extension_dir” configuration option and the line that contains “php_openssl” extension definition. Don’t forget to add “C:\PHP” to your system PATH variable, as some extensions (and OpenSSL among them) rely on it to find additional libraries.

To configure PHP in your web server add the following lines at the bottom of “httpd.conf” file:

# PHP 5
LoadModule php5_module "c:/php/php5apache2_4.dll"
AddHandler application/x-httpd-php .php
PHPIniDir "C:/php"

In addition, you may want to update “DirectoryIndex” directive to contain “index.php” also.

Now it is the time to restart Apache HTTPD server. Note that you will need to explicitly stop and start the server as two separate operations, as “Restart” button from the Apache Monitor does not reload the system properties. In order to verify your PHP setup, add the following “phpinfo.php” to your web server root:

<?php phpinfo(); ?>

You can verify the parameters of your installation by going to http://localhost/phpinfo.php in the web browser. Don’t forget to remove this file after the test if this is going to be your production setup!

Tip:
On remote server PHP errors will be shown as messages on the server console and not in your RDP window.

Deploying a Web Application from Maven Build to Remote Tomcat Container with Cargo

~ Anton Khitrenovich ~ 2 Comments

Several days ago I had to implement a mechanism that uploads a web application to the running instance of Tomcat. The web application was build using Maven, so the obvious choice was Maven Cargo plugin. The Cargo framework is mostly intended for integration testing, but it’s Maven plugin can do some useful things by the way, as a side effect. There are a lot of documentation on the web about Cargo in general and remote deployment to Tomcat specifically, but I was unable to find the complete example to be taken as-is. So, here it goes!
Continue reading “Deploying a Web Application from Maven Build to Remote Tomcat Container with Cargo”

How to enable Google Adsense on Jetpack Mobile Theme

~ Anton Khitrenovich ~ 9 Comments

Congratulations, you’ve successfully activated Mobile Theme on Jetpack! Now your lovely site looks great on small mobile screens also, and it was only one click away. But wait, something is still missing… Right, there are no sidebars – and no ads inside! Maybe it makes no difference for the readers, but not for you as the blog owner.

Well, the Jetpack documentation explains that they do use look for a sidebar with some predefined ID to show it at the bottom of the page. It means that maybe you do have one of your sidebars shown there. If this is the case, you have no choice but to rearrange the content of this sidebar to match it to mobile page. Otherwise keep reading, and I will explain how to add a new dedicated sidebar for mobile theme. Continue reading “How to enable Google Adsense on Jetpack Mobile Theme”

How to enable RDP access to Microsoft UAG 2010

~ Anton Khitrenovich ~ Leave a comment

Some time ago we found that the Microsoft UAG installation in our lab does not allow RDP access. The server itself was fine and the RDP service inside worked as expected – it was clearly visible on the VM console, – but the RDP connections were silently ignored. It looked strange and we spent the significant amount of time looking for the reason of this behavior over the internet, until we realized that the UAG server does allow us to connect via RDP from one of the remote computers – the one it was installed from. This gave us a clue on what’s going on and finally led us to the right direction.

The solution is simple and well-documented – but only if you know what to look for, as usual. It appears that Microsoft TMG (the product that Microsoft UAG is based on) allows remote access from predefined set of computers only. In order be allowed to open RDP to UAG server, the computer should be added to the list of Forefront TMG Remote Management Computers. The detailed instructions can be found at the bottom of this TechNet article, and I’ll quote the relevant part here also for future reference:

«Open the Forefront TMG Management console from the Start menu. In the console tree, click the Firewall Policy node. On the Toolbox tab, click Network Objects. Click Add, and then click Computer. Specify the details of the computer from which you will remotely manage Forefront UAG. … After adding the computer to the set, activate the changes in the Forefront TMG Management console.»