Archive for October, 2005

23/10/2005: 5:18 pm: Justin FreemanLotus Domino

Ever wanted to be able to authenticate users on your Domino Web Server using a Web Service, against a MySQL database, a text file or some other external source? Or how about changing the default Domino behaviour so that user sessions remain active for days or weeks. It’s easy and I’ll show you how using Apache Tomcat and a simple Java Servlet. I’ll then discuss a more advanced setup where you can use Apache Web Server, mod_proxy and mod_rewrite to have Apache Web Server, Apache Tomcat and Lotus Domino all responding on Port 80.

Up until R6.5x user authentication options in Domino had been very limited (in my opinion). Requiring a custom DSAPI when authentication extends beyond the Domino Directory or LDAP. And unfortunately, DSAPI programs are complex little buggers written in C. I haven’t done any serious C programming since University and I’ll happily admit that I really suck when it comes to writing C :) So in my toolkit, DSAPI just has never been an option.

We’ve (Agileware) also had experience administering a Domino Web Server which used a custom DSAPI solution, and it would crash on a regular 2 week basis, guaranteed. I will not go into the details here, but let’s just say that good C programmers must be thin on the ground ;)

Anyway, getting back to the topic. If you’ve got a Domino Web Server and you want to be able to authenticate it against external authorative sources, what do you do? Well with R6.53+ you can now use the humble Java method:

Session.getSessionToken();

This method simply returns a LPTA token for the current Notes Session. Until recently, this has only been accessible via the Notes C API. I believe Thomas Gunz
Steve Nikopoulos @ IBM is the guy to thank for this. Thanks Thomas! Steve!

But the LPTA token is just one component of the single sign-on puzzle. For this solution you will need to have the following components installed and configured:

  1. Domino Server configured for single sign-on (SSO)
  2. Apache Tomcat installed
  3. Eclipse IDE and the Tomcat plugin for coding
  4. (Optional - advanced configuration) Apache Web Server to proxy requests for Domino and Apache Tomcat on Port 80

Process Overview
Here’s a brief overview of the process using a Domino Website contains resources (documents, views, forms, agents etc) which have restricted access and you want to provide a alternate authentication scheme.

  1. Request received for a secure Domino web resource.
  2. Domino checks for a LPTA cookie in the request. If one is not found then Domino redirects the user to the Domino login page.
  3. Login page submitted with login details and posts directly to Tomcat Servlet.
  4. Servlet implements your custom authentication logic, for example: querying the MySQL database or calling a Web Service or even just reading a text file.
  5. Servlet determines if the user has passed the necessary authentication tests and determines what Domino user name to authenticate the user with.
  6. Servlet creates a Notes Session with the Domino server.
  7. Servlet sends response with the LPTA cookie and redirect to the secure Domino web resource, or to the Domino login page if authentication failed.
  8. If a LTPA cookie was returned, then all subsequent requests having that LPTA cookie will be authenticated and will be able to access the secure Domino web resources.

The key message here is that the Servlet will receive the login requests and process the login, returning a LTPA cookie if successful. Once the LTPA cookie is returned then that cookie can be used in all subsequent requests to gain access to secure Domino resources.

So to get started, we will need our environment configured correctly.

Configure Domino Servers for Single Sign-On (SSO)

The LTPA token is only available when a Domino Server has been configured for SSO. So you need to enable SSO for the Domino Servers you want to authenticate against. This process requires a number of steps which must be completed, so I recommend that you follow the Lotus SSO guide and use the FAQ for trouble shooting. Miss one step and it will not work!

An easy way to test if SSO has been enabled on your Domino Server is to try and access the DIIOP IOR value from the Web Server. Do this by requesting the IOR directly, for example:
http://extranet.agileware.net/diiop_ior.txt.
If you receive an error when trying to access the IOR then DIIOP is not working.

You should also be able to login to a Domino Web Server A and then using that same session to access secure web pages on Domino Web B without being prompted to re-login.

A vital step that I always miss is to correctly configure the Internet Site documents. In particular, the domain name in this document must match the domain name you will issue the IOR call too. If they do not match then Domino will not return the IOR and DIIOP will not work.

It can be a real bugger to setup SSO on Domino, but follow the instructions to the letter and you should be fine.

Take Note Of The DIIOP Port
Once you’ve got SSO and DIIOP running on your Domino Server, note down the DIIOP port. You will need this information later for your Java Servlet. For example, the default DIIOP port is not usually available and so an alternate port is used 60148.

Install Apache Tomcat
Installing Apache Tomcat is usually a pretty straight forward affair. Simply:

  1. Make sure a Java runtime is available on your system. You can test this by entering java --version at the command-line. If you get an error message then you need to install Java
  2. Download and unpack the newest stable release from tomcat.apache.org.
  3. The JAVA_HOME environment variable must be set to point to the Java directory. You can test this by entering echo $JAVA_HOME at the command-line. If nothing is displayed, then it has not been configured.
  4. The CATALINA_HOME environment variable must be set to point to the Tomcat directory. You can test this by entering echo $JAVA_HOME at the command-line. If nothing is displayed, then it has not been configured.
  5. Start Tomcat at the command-line tomcat/bin/startup.sh. If you get errors here, then Tomcat will not run.
  6. No errors? Cool. Point your Web Browser to http://localhost:8080 you should now see the default Tomcat homepage.
  7. (Recommended) Setup Tomcat so that it automatically starts up on boot. This step is dependent on your OS. Here is a Apache Tomcat startup script for Linux

For more detailed instructions on how to install Tomcat on your OS, I recommend Google: how to install apache tomcat. It was great to see that Ferdy Christant blogged today about how to install Tomcat on SUSE.

Install Domino Java Classes in Tomcat (NCSO.JAR)
This is a very important step and easy to miss! To enable you to reference the Domino Java classes in Tomcat, you will need to:

  • Copy the ncso.jar file from the notesdata/domino/java directory to the /tomcat/common/lib directory.

This will enable all of your Tomcat applications to use the Domino classes.

Tip: If you upgrade the Domino server software you must copy the new NCSO.JAR file to Tomcat. DIIOP may not work with previous versions of NCSO.JAR.

Download and install the Eclipse IDE and the Tomcat Plugin
Download the latest stable version of Eclipse and download the Apache Tomcat plugin for Eclipse from sysdeo.com. Read the instructions on how to configure the Tomcat plugin.

Persistent Authentication Example
Now that we’ve got our Domino + SSO + Apache Tomcat environment all setup and working. Let’s get down to actually using it.

In this example, I explain how to authenticate a Domino user and return a LPTA cookie as a persistent cookie, as opposed to the default session cookie. The advantage here is that the user only has to login once per day and that same login is then used over that period, instead of being lost when the Web Browser is closed. The code below actually sets the cookie to expire after one month, but the Domino Server session expiry settings will take precedence.

Here’s the steps for this example:

  1. In Eclipse, create a new Tomcat project. Set the project references to include NCSO.JAR and the Tomcat classes (as found in tomcat/common/lib
  2. In Eclipse, create a new Java Servlet in the Tomcat project and copy the Java Servlet code below
  3. In Domino, customise the session login form which is located in the domcfg.nsf database. You will need to customise the login HTML form so that it posts the user login directly to the Tomcat Servlet. I’ve attached an example of the domcfg.nsf for your reference.
  4. Deploy your Java Servlet and updated domcfg.nsf database
  5. Try to login to Domino and watch the tomcat/logs/catalina.out for errors or authenticaftion success messages.
  6. If the process fails, then test your environment configuration.

Code Resources

Advanced Configuration - Using Apache Web Server To Proxy Requests
The configuration described above using just Domino and Apache Tomcat will work fine in most cases. However, if you were going to deploy this on the Internet or provide access to users from behind stricter Firewall setups, then posting requests back to Port 8080 will not be feasible. Ideally, you would want all communication to take place over Port 80 and to tightly control all external communication with Apache Tomcat. Only expose what you must and therefore control the risk of compromise.

This is where the Apache Web Server steps in and the very powerful mod_proxy. Using this configuration you can setup all requests to be posted to Port 80 and redirected to the appropriate service based on a domain name, sub-directory or some other URL pattern based on regular expressions. It’s incredily flexible and powerful.

Our existing setup processes requests like this:
Request -> Domino Web Server (Port 80)
Request -> Apache Tomcat (Port 8080)

You can see that both Port 80 and Port 8080 are exposed to the Internet.

With our new setup all requests will be processed as follows:
Request *.nsf -> Apache Web Server (Port 80) -> Domino Web Server (Port 81)
Request /servlet/ -> Apache Web Server (Port 80) -> Apache Tomcat (Port 8080)
Request [anything else] -> Apache Web Server (Port 80)

Only Port 80 is exposed to the Internet and Apache does all the work of forwarding requests to the correct service.

Tip: It’s important to point out at this time that Domino and Apache Tomcat do not have to be running on the same server for this setup to work. You can separate each service on their own individual server and thereby share the load across multiple servers. You can even have your Apache Web Server in the DMZ and all Domino and Apache Tomcat on your local network, firewalled from the Internet. Way cool!

Setting Apache Web Server To Proxy Requests
So to use this setup, you need to download and install Apache Web Server. Now if you’re using Linux, there is a good chance it has already been installed. If you’re using anything else, you’ll probably have to install it manually.

You will need to perform the following changes to your existing Domino & Apache Tomcat environment:

  1. Apache Web Server will listen and respond to Port 80 requests. Therefore you need to change the default HTTP Port on Domino to something else. Port 81 will do.
  2. Recommended, but not required. I would set your firewall rules to block requests on Port 81 and Port 8080. Do this for two reasons:
  1. Stop direct requests to those services and,
  2. So that you can verify that request proxy’ing is actually working!
  • Change the Domino login page so that it posts the request to the correct URL (/servlet/) and Port 80, not Port 8080.
  • You will also need to configure the Apache Web Server for proxy’ing. This requires the following changes to the Apache Web Server /conf/httpd.conf, enable the required modules:


    LoadModule rewrite_module modules/mod_rewrite.so
    LoadModule proxy_module modules/mod_proxy.so

    And then enable proxy’ing and set the rules in the Virtual Host in /etc/httpd/conf/httpd.conf:

    <virtualhost *:80>
    ServerAdmin root@agileware.net
    DocumentRoot /var/www/html
    ServerName extranet.agileware.net
    ServerAlias extranet.agileware.com.au
    ErrorLog logs/extranet.agileware.net-error_log
    CustomLog logs/extranet.agileware.net-access_log combined
    RewriteEngine on
    #This rule forwards any URI requests containing /servlet to Apache Tomcat
    ProxyPass /servlet http://localhost:8080/
    ProxyPassReverse /servlet http://localhost:8080/
    #These rules forward any URI requests containing .nsf to Domino
    RewriteRule ^(.*).nsf(.*) http://extranet.agileware.net:81/$1.nsf$2 [P]
    ProxyPass / http://extranet.agileware.net:81/
    ProxyPassReverse / http://extranet.agileware.net:81/
    </virtualhost>

    You will of course need to change the Virtual Host and proxy/rewrite rules to your own domain names.

    Now you’ve got a pretty powerful setup! Apache Web Server proxy’ing requests for Domino and Apache Tomcat. While you’re at it you may as well install PHP and MySQL to have a truly kick-ass do-anything Web Server.

    Final Thoughts
    Authentication using a Java Servlet is a pretty flexible authentication process and easily extensible. For example, you could easily change the above process so that the Domino login is exposed as a Web Service, instead of the standard Login Page. Thereby, enabling other applications to easily authenticate with Domino. Since you can write the logic in your Servlet to determine how users are authenticated, and who they are authenticated as, the mind boggles as to the possibilities here!

    Using the Apache Web Server to proxy requests to Domino is also a great solution which further expands the options available to you as a Domino Web Developer. No longer are you restricted to the Domino toolkit for your web applications. Now you can employ PHP, JSP and anything else that Apache Web Server & Tomcat can support, all using the same web address and Port 80.

    And finally, I welcome any feedback or enhancements to this solution. If you’ve done it a better way then please let me know :)

    Recommended Reading
    Below is a list of useful references I used to create this solution and well worth a read:

    First of all, a big thanks goes to Automated Logic for this blog entry, Lotus Domino and Apache Tomcat - Single Sign On (SSO).

    freetagish.net - Domino Tomcat Redirector an alternative to using Apache Web Server to proxy requests, the Redirector allows Domino and Tomcat to be integrated such that certain requests are passed to Tomcat, very cool kit.

    http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg27006575 This Lotus Knowledge Collection had some really useful information.

    Guide to configuring Single Sign-on (SSO) (1217754) This document contains instructions about how to configure Single Sign-on (SSO) for a Lotus Domino server.

    Common questions and problems with Single Sign-on (SSO) (1216978) This document describes common questions and problems you might encounter when setting up or using single sign-on (SSO) for a Lotus Domino server.

    Frequently Asked Questions - Using Secure Socket Layer (SSL) with Lotus Notes/Domino (1218820) This document is intended to answer the most frequently-asked questions about SSL and the Certificate Authority (CA) Process

    20/10/2005: 9:08 pm: Justin FreemanLotus Domino

    Just your typical wonderful morning in sunny Canberra. Whilst eating a bowl of Weetibix, I check over the health of our servers and notice that one Domino server is no longer relaying email. Oh bugger… what’s the story here, those Weetibix will have to wait.

    Try to send an email out and received the following error in return:
    Error transferring to DOMINO/AGILEWARE mail.box; Recovery Manager: Log File is Full, try again later

    Solution
    Turns out that a problem involving the Domino JVM has caused the error message log to become full and the Domino server to stop relaying email. Remote in and check out the Domino server console, restart and this is the error message on HTTP startup.

    HTTP JVM: java.lang.UnsatisfiedLinkError: /opt/lotus/notes/70000/linux/jvm/bin/libawt.so: libXp.so.6: cannot open shared object file: No such file or directory

    Having never seen that error message before and a quick Google not returning any answers (hence I’m blogging about it now), I re-install Domino just in case some linked file has been deleted or become corrupted. No joy.

    Restarting HTTP displays the entire message as listed below.


    tell http quit
    20/10/2005 07:22:26 AM DOMWS Convert AddIn Terminating
    20/10/2005 07:22:27 AM HTTP Server: Shutdown
    20/10/2005 07:22:27 AM DOMWS Convert AddIn Termination Complete
    > load http
    20/10/2005 07:22:50 AM HTTP Server: Using Internet Site Configuration View
    20/10/2005 07:22:51 AM JVM: Java Virtual Machine initialized.
    20/10/2005 07:22:51 AM HTTP Server: Java Virtual Machine loaded
    20/10/2005 07:22:51 AM DOMWS Convert AddIn Initializing
    20/10/2005 07:22:52 AM HTTP JVM: Exception
    20/10/2005 07:22:52 AM HTTP JVM: in thread
    20/10/2005 07:22:52 AM HTTP JVM: "main"
    20/10/2005 07:22:52 AM HTTP JVM:
    20/10/2005 07:22:52 AM HTTP JVM: java.lang.UnsatisfiedLinkError: /opt/lotus/notes/70000/linux/jvm/bin/libawt.so: libXp.so.6: cannot open shared object file: No such file or directory
    20/10/2005 07:22:52 AM HTTP JVM: at java.lang.ClassLoader$NativeLibrary.load(Native Method)
    20/10/2005 07:22:52 AM HTTP JVM: at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:2120)
    20/10/2005 07:22:52 AM HTTP JVM: at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1986)
    20/10/2005 07:22:52 AM HTTP JVM: at java.lang.Runtime.loadLibrary0(Runtime.java:824)
    20/10/2005 07:22:52 AM HTTP JVM: at java.lang.System.loadLibrary(System.java:908)
    20/10/2005 07:22:52 AM HTTP JVM: at sun.security.action.LoadLibraryAction.run(LoadLibraryAction.java:76)
    20/10/2005 07:22:52 AM HTTP JVM: at java.security.AccessController.doPrivileged1(Native Method)
    20/10/2005 07:22:52 AM HTTP JVM: at java.security.AccessController.doPrivileged(AccessController.java:287)
    20/10/2005 07:22:52 AM HTTP JVM: at sun.awt.NativeLibLoader.loadLibraries(NativeLibLoader.java:81)
    20/10/2005 07:22:52 AM HTTP JVM: at sun.awt.DebugHelper.(DebugHelper.java:56)
    20/10/2005 07:22:52 AM HTTP JVM: at java.awt.Component.(Component.java:548)
    20/10/2005 07:22:52 AM HTTP JVM: at java.lang.Class.forName1(Native Method)
    20/10/2005 07:22:52 AM HTTP JVM: at java.lang.Class.forName(Class.java:180)
    20/10/2005 07:22:52 AM HTTP JVM: at lotus.domino.ws.ServiceContext.sInit(Unknown Source)
    20/10/2005 07:22:53 AM DOMWS Convert AddIn Initialization Complete
    20/10/2005 07:22:53 AM HTTP Server: Started

    Now this has got me really perplexed now. This server, which is Fedora Core 3 by the way, has been running Domino for close to a year now and the only recent change was to upgrade from R6.5 to R7. And it’s been running R7 with no problems since it’s release. Very very weird.

    In the end we managed to solve the problem. The problem was that the libXp.so.6 is deprecated in Fedora Core 3 and is not installed unless you do a complete install. So to solve the issue, at the console you simply enter:

    To find out what RPM actually contains the required library…

    $ rpm --query --whatprovides 'libXp.so.6'
    xorg-x11-deprecated-libs-6.8.2-37.FC3

    Then install the required RPM’s.

    $ sudo yum install xorg-x11
    $ sudo yum install xorg-x11-deprecated-libs

    Restart Domino HTTP and error message gone, back to normal transmissions ;)

    Now if you are running Domino on Linux and have not performed a complete install, then you may encounter this same issue. And if you do, I hope this solution helps you out. I expect this problem may show up in any Linux distro, Fedora Core 3, Fedora Core 4, SUSE, Red Hat, Ubuntu etc.

    Here’s links to some of the resources I used to help identify what was the cause of this issue:
    http://docs.codehaus.org/display/ninja/Installing+JDK+1.4.2+on+FC4
    http://forums.oracle.com/forums/thread.jspa?messageID=1070191
    https://www.redhat.com/archives/fedora-list/2005-January/msg02895.html
    http://www.trustix.org/forum/archive/index.php/t-39.html

    : 6:21 am: Justin FreemanFree & Open Source Software

    Open Office 2 (stable) is now available for download. The official announcement has not been made yet, but you can now download what appears (files are dated later than 13/10) to be the final version of Open Office 2 from the following mirrors. Fantastic! Check out the new features here on OpenOffice.org. So why are you still using Microsoft Office?

    Thanks for to odrakir.com blog for getting the word out a day early :)

    Download Open Office 2
    Download Open Office 2 - http://download.openoffice.org/index.html

    Open Office v2

    Official Press Release - OoO 2 Press Release

    Available in 36 languages, with more on the way, and able to run natively on Windows, GNU/Linux, Sun Solaris, Mac OS X (X11) and several other platforms, OpenOffice.org banishes software segregation and isolation and dramatically levels the playing field. And, with its support for the OASIS Standard OpenDocument format, OpenOffice.org eliminates the fear of vendor lock in or format obsolescence. The OpenDocument format can be used by any office application, ensuring that documents can be viewed, edited and printed for generations to come. OpenOffice.org 2.0 is a breath of hope for small economies that can now have a local language office suite well adapted to their needs and to their economical possibilities, reducing their dependency on the interests of proprietary software vendors.

    “OpenOffice.org is on a path toward being the most popular office suite the world has ever seen; providing users with safety, choice, and an opportunity to participate in one of the broadest community efforts the Internet has ever seen. As a member of that community, I’d like to offer my heartiest congratulations.” - Jonathan Schwartz - President and CEO of Sun Microsystems.

    Open Office 2 Reviews

    1. Open Office 2.0 Kicks MS Office Around the Block, August 28, 2005
      http://www.realtechnews.com/posts/1705
    2. OpenOffice.org - REVIEW DATE: 09.06.05
      http://www.pcmag.com/article2/0,1895,1850985,00.asp
    19/10/2005: 7:49 am: Michael ManningFree & Open Source Software, IT General, Consumer Computing

    At Agileware we have all been evaluating Ubuntu (which means running on the desktop and laptop full time - the only way to truly evaluate). We have been doing so for the past four weeks now and I must say that we are all very impressed with it.
    There are so many things that it does so very well. Right from the installation procedure through to the number of onboard and external devices that are just detected and useable.

    The number of applications is not overwhelming, yet everything that a normal desktop user would need is there. If you are more of a power user then fire up Synaptic and search for what ever it is that you feel you need. Synaptic will automatically install any dependencies for you and away you go.

    The real test though was going to be the upgrade process. Obviously when I started the eval Hoary was the latest release and that is what I was using. Now that Breezy has been released the time had come to move on.

    Now after performing many other GNU/Linux upgrades I was going to have to be prepared. So you download the isos and wait until you know you have enough time to recover from a catastrophe. Burn the CD. Check out the forums and HowTos and get the low down on how to perform the upgrade. Which I must admit sounded pretty easy. Set the CD as one of your install sources and let Synaptic go to work on the upgrade.

    OK then here I go.

    Put the CD in the drive, and, hang on a minute what is this pop-up window asking. “Do you want to install the newer version of Ubunutu or upgrade your existing system” (or something to that effect). I didn’t read about that anywhere on the forums. Oh well, you never know without trying…

    Four clicks later (one to say upgrade, one to allow Synaptic to restart some services, and two others to overwrite some system config files I had changed) I had a fully updated (Breezy) system installed. Reboot to get the new kernel and I could hardly believe my eyes.
    The startup logo was different and I had the latest and greatest version of Ubuntu up and running nothing more to do. Every application and service that I had previously installed was there and running as the latest release. How easy was that, and when was the last time that happened for a Windows release?

    That was a breeze(y)…….

    : 7:29 am: Justin FreemanFree & Open Source Software

    Having installed Kubuntu Hoary Hedgehog on my laptop a few weeks ago, the next big usability test was to find out how easy it is to upgrade the operating system to the next version. Much to my surprise it was a very simple process.

    How To Upgrade Kubuntu
    In fact, it is embarrassingly simple, here’s the steps.

    1. Download the new Kubuntu release ISO to your PC.
    2. Burn the ISO onto a CD and insert OR you can just mount the ISO directly using the command
      sudo mount -t iso9660 -o loop,ro,user ./kubuntu-5.10-install-i386.iso /media/cdrom0
      Mounting the ISO as if it was an actual CDROM. You can now open /media/cdrom and view all the files. (Try to do that in Windows hah!)
    3. Open Synaptic Package Manager and choose Add CDROM from the Edit menu.
    4. In Synaptic click on the Mark All Upgrades button.
    5. Click Apply.
    6. The upgrade process will now start.
    7. At the end of the upgrade, reboot your computer to enjoy Kernel 2.6.12, KDE 3.4.3, Open Office 2 RC and lots more!

    Being a new Kubuntu user, I wouldn’t be surprised if there is an even faster way to do it. Feel free to let me know if this is the case. Either way, it was still a very simple process.

    How To Upgrade Ubuntu
    But it gets even better if you’re a Ubuntu user. Here’s what you do…

    1. Download the new Ubuntu release ISO to your PC.
    2. Burn the ISO onto a CD
    3. Now when you insert the CD, Ubuntu will automatically prompt you to upgrade and perform the upgrade. Click OK and the process starts!
    4. At the end of the upgrade, reboot your computer. Read the Ubuntu Breezy Badger release notes to find out what goodness has just been installed.

    Now that’s unbelieveably easy!

    Don’t Forget To Update Your Repositories
    After the upgrade you should use Synaptic (Ubuntu) or Adept (Kubuntu) to update the names of the package repositories to refer to “breezy” not “hoary”. To do this in Synaptic you simply select Repositories from the Settings menu and change the distribution field for all entries to “breezy” (they will currently say “hoary”). That way, you’ll start getting all the updates and packages available for your new version.

    Tip: Use local repositories for faster upgrades. As per this Ubuntu Blog - 22x Faster Upgrade. Simply change your respository settings to refer to local mirrors for faster downloads.

    More Than Just A Operating System Upgrade
    Now if you are a traditional Windows user, here’s the bit that really challenges the current way of thinking. Upgrading Kubuntu/Ubuntu does not only upgrade the operating system. Instead, it upgrades all core services, applications and server components, that’s right everything! Imagine if you could insert a single CD into your Windows desktop and upgrade your Email, Instant Messenger, MS Office, Photoshop, Macromedia etc. all your programs as well as the core operating system. Well that’s what you can do with Linux and free software today. Wow!

    Rock on Ubuntu and free software!

    17/10/2005: 7:37 am: Michael ManningFree & Open Source Software, IT General

    Creating a thumbnail of a PDF document for the web seems to be a pretty common occurrence. A lot of sites which offer downloadable versions of documents in PDF format will often have a thumbnail (or something larger) image of the cover page. It is great eye candy and looks that much nicer than a line of text and the ever familiar Adobe PDF icon .

    My task was to get this to happen automatically when uploading the PDF to the web site via a CMS. When it comes down to it, there is not that much too it.

    Using the LAMP toolkit it proves to be a farily straight forward affair. I doesn’t matter which platform you ar running on either. GNU/Linux platforms are a little easier as most times the ImageMagick applications are already there so you don’t have to source and compile them before you start.

    All that is required is a simple call out to the convert command with the name of the PDF using an array style syntax (which determines the page number to convert) and the name of the output file which you want created. The ImageMagick utilities are smart enough to know what file format to output based on the extension which you provide for the output file.

    Here is an example of creating a thumbnail of the first page of your PDF document. It produces a thumbnail sized, relatively clean image which is of small file size.

    convert -quality 50 my_document.pdf[0] -resize 100×120 my_document_thumb.jpeg

    So from your PHP code you just need to use the system command and call out to convert with a syntax similar to that above.

    system(”/path/to/convert -quality 50 example.pdf[0] -resize 100×120 example.jpeg”);

    Of course you would parse the user input before allowing your scripts to execute any system command - wouldn’t you!!

    9/10/2005: 7:28 am: Justin FreemanFree & Open Source Software

    Canonical has launched a partner programme for Ubuntu to encourage and endorse expertise in this Linux distribution and enable the establishment of a partner community.

    the Ubuntu Partnership Programme, designed specifically to encourage, recognise and endorse expertise and commercial initiatives aimed at furthering the use of Ubuntu. Since its launch in October 2004, the Debian Linux based Ubuntu has become one of the most popular Linux distributions in the world. With so many Ubuntu installations, there has been a steady growth in the number of businesses using Ubuntu as a cornerstone to the provision of their solutions and support.

    Read more at goopensource.org

    All levels of partnership entitle members to use a specific Ubuntu partner logo, and a preferred listing in the Ubuntu Marketplace, a web directory of Ubuntu-related goods and services. Additional benefits are available at each partnership level. For example, at the Partner and Gold Partner level, we will share leads for business opportunities that match your skills and geographic focus with your organisation.

    Ubuntu partner levels are:

    Read more at ubuntu.com.

    Of particular interest to me is the Ubuntu Partner level, which provides:
    * Partner logo rights
    * Partner listing in the Ubuntu Marketplace
    * Joint Partner / Canonical press releases
    * Lead generation and referrals
    * Participation in Ubuntu Business Council (a forum to decide corporate technical and marketing requirements)
    * Discounted access to marketing materials for trade shows and conferences with Ubuntu branding
    * Access to paid engineering services to ensure product compatability (IHVs, OEMs, ISVs)

    The requirements are not too steep with financial component of EUR 1,500 (or about $AUD 2,400) per year.

    At a minimum any “Linux shop” wishing to provide Ubuntu as a commercial offering should be able to achieve Ubuntu Affiliate level without much difficulty. But the real advantages kick in at the Partner level.

    I like Ubuntu as it enables Agileware to offer our clients the choice of implementing a community Linux distro or a commercial Linux distro (with annual support fees). Having tried many other community distros, Ubuntu is my preference for an end users desktop.

    With the creation of OpenSUSE project, SUSE is now both community and commercial, making the differentiator between the two only support services (from Novell) and non-free bundled applications. The same can be said for Red Hat and the Fedora project.

    7/10/2005: 9:53 am: Justin FreemanSUSE Linux

    A couple of weeks ago, Mike and I attended the SUSE Linux Bootcamp training course in Canberra, which was a 15 day course compressed into 5 training days from 8am to 8pm each day.

    I just wanted to publicly thank Novell Australia, and specifically the team at Novell Canberra for the opportunity to provide this excellent training for partners. We enjoyed ourselves immensely, got to network with the other partners and hear what’s happening in the market place, and of course learn lots of kewl geeky things about SUSE Linux and Linux in general.

    Highlights of the course:
    - OpenLDAP authentication for desktop and service-wide authentication
    - NFS, no more Samba. NFS rocks!
    - YAST, a Novell developed and now open source tool to configure and tweak everything on your OS
    - LVM
    - Red Carpet (gotta love that twirling monkey!)
    - Desktop environment, very very slick. If you like the look of the Windows Vista Beta screen shots, then the SUSE desktop will blow you away.
    - Hearing what people are doing with Linux today. For example: 1024 Itanium2 Clusters with 2 Petabytes of RAM. Mind boggles!

    Each day we covered an entire 2 day course and it was pretty full-on, and by the end of the day I was completely knackered. Standing ovation goes to the trainer, Neill who does this for a living. Travelling the world and training the great masses in Linux core and systems administration. He would do well in the Olympics (any sport requiring super human stamina and concentration).

    We used VMWare to install, break and fix SUSE Enterprise Server and I’ve got to say that VMWare is really an amazing piece of software too. I won’t rave too much about it here, but if you’ve never used VMWare then by all means download it and try it out. On my P3-1GHZ, 512mb RAM and 20GB HDD laptop I used VMWare to switch between any of these OS: Novell Linux Desktop, Windows XP, SUSE Enterprise (2 installs). All running on top of Ubuntu Linux. Way cool!

    So thanks Novell for the great opportunity and if you’re a Novell partner then I can highly recommend that you attend the Linux Bootcamp course. By the way, there’s another one scheduled in Canberra in November this year.

    : 9:33 am: Justin FreemanFree & Open Source Software, SUSE Linux

    First of all, today SUSE Linux 10 has been released (after a minor delay),
    read about it @ Novell and download a free copy from OpenSUSE.org. And Novell has now dropped “professional” from the SUSE name, now it’s just SUSE Linux. Other product highlights available on opensuse.org, of special note is AppArmour.

    And secondly, you can now download the Ubuntu Linux Breezy Badger (5.10) Release Candidate, the final release is scheduled for Oct 13th. Download here. And read more about new features here.

    If you still have not installed Linux on your desktop, then now’s the time to try. You can download a LIVE CD for Ubuntu and try it out without installing a single byte on your PC.

    Also, my personal preference is the KDE environment so you may want to download Kubuntu rather than Ubuntu. IMHO, Kubuntu is for those who love eye-candy and widgets. Love Kubuntu :)

    If you’re looking to upgrade your Microsoft Office, then you should really try out Open Office 2, which has the release candidate available for download now and is due for release in mid-October, early November.

    So there’s no time like the present to upgrade your Microsoft Windows + Microsoft Office - with this great open source software. Hurray!