... until the collector arrives ...

This "blog" is really just a scratchpad of mine. There is not much of general interest here. Most of the content is scribbled down "live" as I discover things I want to remember. I rarely go back to correct mistakes in older entries. You have been warned :)

2004-04-30

SharePoint

A colleague was getting as SecurityException while running a .Net WebPart (MS-speak for portlet) under SharePoint.  We poked around to figure out how to grant permissions to WebParts.  The usual .Net config editor approach didn't work.  After a bit of googling, we turned up:

Microsoft Windows SharePoint Services and Code Access Security

OpenLDAP

I figured out how to import a sample LDIF file into OpenLDAP:

ldapadd -f sample.ldif -x -D \
    "cn=administrator,dc=somedomain,dc=com" -w secret

SSL Problems

A colleague and I had a hard time getting our IIS servers to accept client side certificates.  It turns out the problem was that we had installed the SSI-TEST-CA certificate in the trusted root of our own user accounts, not in the machine trusted root.  He had an even more difficult time of it since SSL on his server became completely disabled for reasons unknown.  He and I spent most of the day trying to troubleshoot it, with no result.  The problems were:

  • At first, client-side certificates would not be recognized.
  • Later, server-side certificates started failing.
  • Finally, HTTPS failed completely.

This degradation occurred as he was uninstalling and re-installing certificates.  We tried:

  • blowing all the certificates away and re-installing them
  • uninstalling IIS and re-installing it
  • hacking at IIS's metabase.bin file using metaedit
  • restoring the system to an earlier restore point (this one worked, but when we tried to reconfigure IIS for SSL, it quickly degraded again).

We are stumped.

2004-04-29

Java keytool

The java keytool cannot import or export private keys.  In particular it cannot handle PKCS12 files (although the J2EE version of keytool can).  As a workaround, I downloaded PKCS12Import.java from the Jetty project.  It can create a JKS keystore file from a PKCS12 file.

2004-04-28

I investigated trying to install an LDAP server for testing purposes.  I looked at OpenLDAP, but there it wants to run on Unix, not Win32.  I installed the Windows Server 2003 Admin Pack and investigated using Active Directory for LDAP.  It turns out that you cannot run Active Directory unless the server is a domain controller -- which is not going to happen.  Back to OpenLDAP...

I downloaded OpenLDAP for Windows from Lucas Bergman's site.  I referred to the OpenLDAP admin guide and installation steps in someone's homework assignment.  Installation:

  • changed all of the paths in slapd.conf to relative paths in the appropriate installation directory
  • changed the database suffix and rootdn parameters to appropriate values
  • ran slapd -- didn't work, no output.  Ran it again with the debug switch, -d 1.  It was complaining that it could not find the slapd.conf file.  I ran it again using the command line slapd -f etc/slapd.conf -d 1.
  • Now it is complaining that ucdata is not a valid directive and, later, 'error loading ucdata (error -127)'.
  • I tried switching from the BDB backend to the LDBM backend.  No change.
  • The slapd man page does not mention anything about ucdata.
  • I downloaded the source and discovered that there is an undocumented directive named ucdata-path.  I changed the config file to use this directive and, voila, slapd is running.

I spent the afternoon at the POSC WITSML SIG meeting.

2004-04-27

I continued working on the 'web services' investigation project.  I spent time reading up on the Microsoft Office XP Web Services Toolkit.  I downloaded the toolkit and generated some VBA from our well pilot WSDL.  That's as far as I got.

I am still trying to decide whether to focus our initial web efforts on SOAP web services, or URI addressable HTTP GETs.  I tried to locate a paper I read on this topic, but was unable to find it.  I thought it was in Fielding's REST paper, but it wasn't.  I also poked around W3C's TAG site.

I helped a colleague work through certificate generation for IIS.  We ended up using OpenSSL (in CygWin) to generate the certificates, and they worked fine.  I rooted around in my archives to locate any docs I had about certificate generation, and I found some old stuff about Microsoft's MAKECERT (in my old diary!).  I have summarized certificate generation in a document.

A few days ago I captured some miscellaneous Java lore.

2004-04-22

Finished up experimentation with using SSL with SOAP in Apache AXIS.  The Eclipse project can be found in axis-test.  Of particular interest is the document about configuring Tomcat/AXIS to use SSL.

2004-04-02

I installed synergy, OSS that creates a virtual desktop out of the monitors from any number of machines and that allows you to control that virtual desktop from a single keyboard and mouse.  It supports copy-and-paste of text across the systems as well.

It has some idiosyncrasies.  Sometimes the client software will fail to connect to the client after a reboot.  Also, sometimes the mouse freezes during heavy processing (on either side of the connection).  Finally, the mouse occasionally enters a state such as thinking a button is being held down when it is not.  However, all of these occurrences are rare, and synergy is very pleasant to use.

Blog Archive