Having implemented authentication using a MySQL database we will now need a tool to help users and administrators which is easier than openserctl. It is very hard to manage thousands of users manually, so a user provisioning tool becomes very important in our process. In this article by Flavio E. Goncalves, will well look at the SerMyAdmin tool, created specifically to help building user and administrator portals.

By the end of this article you will be able to:

• Identify why you need a user portal for administration
• Install SerMyAdmin and its dependencies
• Configure resources such as administrator and user access
• Add and remove domains
• Customize the portal with the colors and logos of your company

SerMyAdmin

Originally, this material was written for SerWeb. SerWeb was originally developed for the SER project. Unfortunately, SerWeb became incompatible with newer versions of OpenSER. Another important aspect of SerWeb to be considered is its vulnerabilities. There are very few options for web interfaces to OpenSER. One of the tools we have found is OpenSER administrator. This tool is being developed using Ruby on Rails. While it seems to be a very good tool to administer an OpenSER server, it does not permit to provisioning users in the same way that SerWeb did and it lacks multi-domain support. OpenSER administrator can be found at http://sourceforge.net/projects/openseradmin.

Since a tool to build an OpenSER portal was not available , we decided to build our own tool named SerMyAdmin using Java. After a slow start, it is now ready and we are using it to build a book. It is licensed according to GPLv2 and developed in Grails (Groovy on rails). It can be downloaded at http://sourceforge.net/projects/sermyadmin.

What you are seeing here is the standalone tool. In our roadmap, we intend to integrate SerMyAdmin into the Liferay portal. Using a content management system such as Liferay (www.liferay.com) will make your task of building a portal much easier than it is today.

The SerMyAdmin project can be found at sermyadmin.sourceforge.net. The idea is to facilitate the administration of the OpenSER database. SerMyAdmin is licensed under the GPLv2.

Lab—Installing SerMyAdmin

SerMyAdmin uses the Grails framework, so it needs an application server. You can choose from many application servers, such as IBM WebSphere, JBoss, Jetty, Tomcat, and so on. In this article we will use Apache Tomcat, because it's free and easy to install. Because we use some Java 1.5 features, we'll need Sun's Java JDK, not the free alternative GCJ.

Step 1: Create an administrator for SerMyAdmin:

mysql –u root
use openser
INSERT INTO 'subscriber' ( 'id' , 'username' , 'domain' , 'password' ,
 'first_name' , 'last_name' , 'email_address' , 'datetime_created' ,
 'ha1' , 'ha1b' , 'timezone' , 'rpid' , 'version' , 'password_hash' ,
 'auth_username' , 'class' , 'domain_id' , 'role_id' )
VALUES (
NULL , 'admin', 'openser.org', 'senha', 'Admin', 'Admin', 'admin@
openser.org', '0000-00-00 00:00:00', '1', '1', '1', '1', '1', NULL ,
 'admin@openser.org', NULL , '1', '3'
);

Step 2: The next step we will take is to update our source's list to use the contrib repository and non-free packages. Our /etc/apt/sources.list, should look like below:

# /etc/apt/souces.list
deb http://ftp.br.debian.org/debian/ etch main contrib non-free
deb-src http://ftp.br.debian.org/debian/ etch main contrib non-free

deb http://security.debian.org/ etch/updates main contrib non-free
deb-src http://security.debian.org/ etch/updates main contrib non-free
/etc/apt/sources.list

Notice that we have added only the keywords contrib and non-free after our repository definitions.

Step 3: Update the package listing using the following command:

openser:~# apt-get update

Step 4: Install Sun's Java 1.5, running the command below:

openser:~# apt-get install sun-java5-jdk

Step 5: Make sure you are using Sun's Java. Please, run the command below to tell Debian that you want to use Sun's Java as your default Java implementation.

openser:~# update-java-alternatives -s java-1.5.0-sun

Step 6: If everything has gone well so far, you should run the following command and get a similar output.

openser:~# java -version

java version "1.5.0_14"

Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_14-b03)

Java HotSpot(TM) Client VM (build 1.5.0_14-b03, mixed mode, sharing)

Step 7: Install Tomcat. You can obtain Tomcat at:

http://tomcat.apache.org/download-60.cgi.

To install Tomcat, just run the commands below:

openser:/usr/local/etc/openser# cd /usr/local
openser:/usr/local# wget http://mirrors.uol.com.br/pub/apache/tomcat/
tomcat-6/v6.0.16/bin/apache-tomcat-6.0.16.tar.gz
openser:/usr/local# tar zxvf apache-tomcat-6.0.16.tar.gz
openser:/usr/local# ln -s apache-tomcat-6.0.16 tomcat6

Step 8: To start Tomcat on your server initialization, please copy the following script to /etc/init.d/tomcat6.

#! /bin/bash –e
#### BEGIN INIT INFO
# Provides: Apache’s Tomcat 6.0
# Required-Start: $local_fs $remote_fs $network
# Required-Stop: $local_fs $remote_fs $network
# Default-Start: 2 3 4 5
# Default-Stop: S 0 1 6
# Short-Description: Tomcat 6.0 Servlet engine
# Description: Apache’s Tomcat Servlet Engine
### END INIT INFO
#
# Author: Guilherme Loch Góes <glwgoes@gmail.com>
#
set -e
PATH=/bin:/usr/bin:/sbin:/usr/sbin:
CATALINA_HOME=/usr/local/tomcat6
CATALINA_BIN=$CATALINA_HOME/bin
test -x $DAEMON || exit 0
. /lib/lsb/init-functions
case "$1" in
    start)
        echo "Starting Tomcat 6" "Tomcat6"
        $CATALINA_BIN/startup.sh
        log_end_msg $?
    ;;
  stop)
        echo "Stopping Tomcat6" "Tomcat6"
        $CATALINA_BIN/shutdown.sh
        log_end_msg $?
    ;;
  force-reload|restart)
    $0 stop
    $0 start
    ;;
  *)
    echo "Usage: /etc/init.d/tomcat6 {start|stop|restart}"
    exit 1
    ;;
esac
exit 0

Step 9: Instruct Debian to run your script on startup; we do this with the command below.

openser: chmod 755 /etc/init.d/tomcat6

openser:/etc/init.d# update-rc.d tomcat6 defaults 99

Step 10: To make sure everything is running correctly, reboot the server and try to open in your browser the URL http://localhost:8080; if everything is OK you'll be greeted with Tomcat's start page.

Step 11: Install the MySQL driver for Tomcat, so that SerMyAdmin can access your database. This driver can be found at http://dev.mysql.com/downloads/connector/j/5.1.html. You should download the driver and unpack it, then copy the connector to Tomcat's shared library directory, as follows.

openser:/usr/src# tar zxf mysql-connector-java-5.1.5.tar.gz

openser:/usr/src# cp mysql-connector-java-5.1.5/mysql-connector-java-5.1.5-bin.jar /usr/local/tomcat6/lib

Step 12: Declare the data source for SerMyAdmin to connect to OpenSER's database. You can do this in an XML file found at /usr/local/tomcat6/conf/context.xml. The file should look as below:

<?xml version="1.0" encoding="UTF-8"?>
<Context path="/serMyAdmin">
  <Resource auth="Container" driverClassName="com.mysql.jdbc.Driver"
 maxActive="20" maxIdle="10" maxWait="-1" name="jdbc/openser_MySQL"
 type="javax.sql.DataSource" url="jdbc:mysql://localhost:3306/openser"
 username="sermyadmin" password="secret"/>
</Context>

In the file above, please change the highlighted parameters according to your scenario. SerMyAdmin can be installed in a different server than the one that holds the database. Do this for better scalability when possible. The default MySQL installation on Debian only accepts requests from localhost, so you should edit the file /etc/mysql/my.cnf, for MySQL to accept requests from external hosts.

Step 13: Create a user to be referenced in the file context.xml. This user will have the required access to the database. Please, run the commands below:

openser:/var/lib/tomcat5.5/conf# mysql -u root –p

Enter password:

Welcome to the MySQL monitor. Commands end with ; or g.

Your MySQL connection id is 14

Server version: 5.0.32-Debian_7etch5-log Debian etch distribution

Type 'help;' or 'h' for help. Type 'c' to clear the buffer.

mysql> grant all privileges on openser.* to sermyadmin@'%' identified by 'secret';

Query OK, 0 rows affected (0.00 sec)

Step 14: We're almost there. The next step is to deploy the SerMyAdmin WAR file. Please, download and copy the file serMyAdmin.war to Tomcat's webapps directory. Restart it, to activate the changes.

openser:/usr/src# cp serMyAdmin-0.4.war /usr/local/tomcat6/webapps/serMyAdmin.war

openser:/usr/src# invoke-rc.d tomcat6 restart

Don't worry about database modifications; SerMyAdmin will automatically handle that for you.

Step 15: Configure Debian's MTA (Message Transfer Agent) to allow SerMyAdmin to send a confirmation email to new users. Run the command below to configure Exim4 (default MTA for Debian). Ask your company's email administrator.

openser:/# apt-get install exim4

openser:/# dpkg-reconfigure exim4-config

You will be greeted with a dialog-based configuration menu; on this menu it's import to pay attention to two options: General type of mail configuration, which should be set to Internet Site so that we can send and receive mails directly using SMTP, and Domains to relay mail for, which should be set to the domain from which you want the emails from SerMyAdmin to appear to come.

Step 16: Customize the file /usr/local/apache-tomcat-6.0.16/webapps/serMyAdmin-0.3/WEB-INF/spring/resource.xml, which contains the parameters that specify which email server is used to send mails and from whom these emails should appear to come from. The following is an example of this file:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.
springframework.org/schema/beans/spring-beans-2.0.xsd">
   <bean id="mailSender" class="org.springframework.mail.javamail.
JavaMailSenderImpl">
       <property name="host"><value>localhost</value></property>
   </bean>
  <!-- You can set default email bean properties here, eg: from/to/
subject -->
  <bean id="mailMessage" class="org.springframework.mail.
SimpleMailMessage">
      <property name="from"><value>admin@sermyadmin.org</value></
property>
  </bean>
</beans>

The first parameter to change is the server that we will use to send emails. The second is the parameter specifying from whom those emails will appear to come.

Restart Tomcat again and we're ready to go. When you point your browser to http://<server address>:8080/serMyAdmin you should be greeted with the login page, the same as we have shown at the start on this article.