Beginning this month, I’ll be attempting to infuse my place of work
with Linux. I am an new Applications Analyst and resident AIX/Linux
expert for a government agency that lives and breaths Microsoft. I feel
that Open Source software, mainly, Linux…can be a great addition to
this agency. I’ll be documenting my attempts here while I go along. If
you have tips, tricks, solutions, advice or supportive
comments…please respond in kind.
Well, Ubuntu had some troubles but CentOS did a fine job for me. The problem was in the compilation of the mod_ntlm module for Apache. Ubuntu couldn’t get it right. Changing the makefile a bit (Thanks Billy!) did allow me to post the mod_ntlm.so file (finally) but I couldn’t get things to work for Apache 2. I reverted back to Apache 1.3 on the Ubuntu box but ran into the same problem that I did on the CentOS box with odd authentication issues. Alternatively, CentOS had no problems compiling the mod_ntlm Apache module for Apache 1.3 OR Apache 2.X which was much better than Ubuntu.
Of course, the real problem wasn’t getting the various software installed, the problem was doing it in the correct order. My advice to someone that wants to use mod_ntlm with Apache to pass parameters to a zope server for plone: Install zope and plone first…get a working site up and running on port 80 (intranet site that is) THEN install apache and work on mod_ntlm. I had trouble figuring this out as most of the instructions I found allowed for Apache to be working first before the zope server comes into play. Another thing you could do is turn off Apache during your zope/plone configuration.
Something else that is odd is that by default when you install zope in CentOS, it isn’t started. You can add it to automatic start using checkconfig in CentOS but finding out where the rpm installs zope is another story. Not being familiar with zope hindered my progress initially. After some fumbling I was able to get things working.
Overall on both the Ubuntu and CentOS installs, I was able to get things in working order but could not get Apache to use mod_ntlm correctly. Normally, if mod_ntlm is setup correctly and all directives are listed correctly (I was using .htaccess to house the ntlm directives) you’ll get to a page 404 not found if accessing the document root. Instead, I received 401 Unauthorized Access. This meant that I was not validating according to Apache to my active directory source.
I worked on it for about 3-4 hours with no extra information coming to light. I even emailed a few people who I know are running a zope/plone/apache intranet page for their business. They got me to where I was but couldn’t really help me solve the problem. The only direction they could give me is that AD (active directory) was setup odd on my network. That could very well be. It is a bit odd here and will be until we switch across to W2K3 and Active Directory (I originally tried to plug Red Hat Enterprise Linux but no one even heard my ‘new employee’ voice squeeking in the wings…I also didn’t get a call back from Red Hat. There must be bigger fish to fry eh?). So, for now, it seems tha zope/plone/apache is not the combination to get a portal page up and running. I may try again when the Windows 2003 AD environment is finalized (a project I’ll most likely have to roll out )
It’s very sad that after a few weeks of looking and a few weeks of trying various open source CMS portals that I cannot get a single one implemented with single sign on. You’d think that this would be where Open Source could really make innroads into the enterprise. With the rise of the enterprise Wiki and the ability to pull code from other projects because of the fantastic GPL license, you’d think we would see single sign on modules popping up all over the place in one CMS and another. That isn’t so. As of the writing of this article, I know of only a few php based CMS that offer single sign on: Moodle, Midgard, and Plone. Of course, I haven’t attempted midgard. I’ll be saving this one for last. It truly is an area that open source needs attention in.
Now that I think about it though, most CMS are simply forums and news sites on the internet. They really don’t have a huge demand for single sign on. So it makes sense that most CMS don’t provide this ability. However, I would think that single sign on would be a very popular plugin to provide for any CMS to allow it to gain a larger audience.
Since Zope and Plone aren’t an alternative for me…I must move on to something that can be. I’ve found a couple of really nice java based open source content management systems and during the next couple of days I’ll be testing them out on Ubuntu and CentOS using Apache/Tomcat. I’ll post my findings of course and we’ll see where this takes me. I really wish plone/zope would have worked for me…I really liked the flexibility that it gave which would have proved beneficial later on when (not if) management changed its mind and wanted more than an info/document repository portal. Once again, suggestions are welcome and needed…tell me how silly I am and post your comments.
This content is published under the Attribution-Noncommercial-Share Alike 3.0 Unported license.