%myvars; ]> Install additional supporting software By Joel Aufrecht This section assumes that the source tarballs for supporting software are in /tmp. It assumes that you begin each continuous block of commands as root, and you should end each block as root. It doesn't care which directory you start in. Text instructions always precede the commands they refer to. Unpack the OpenACS tarball The OpenACS tarball contains sample configuration files for some of the packages listed below. In order to access those files, unpack the tarball now. [root root]# cd /tmp [root tmp]# tar xzf &tarballpath;.tgz cd /tmp tar xzf &tarballpath;.tgz If you are installing from a different method and just need the configuration files, you can instead get them from CVS: [root root]# cd /tmp [root tmp]# cvs -d :pserver:anonymous@cvs.openacs.org:/cvsroot co openacs-4/packages/acs-core-docs/www/files/ cvs checkout: warning: failed to open /root/.cvspass for reading: No such file or directory cvs server: Updating openacs-4/packages/acs-core-docs/www/files U openacs-4/packages/acs-core-docs/www/files/README.TXT (many lines omitted) U openacs-4/packages/acs-core-docs/www/files/template-ini.ini U openacs-4/packages/acs-core-docs/www/files/winnsd.txt [root tmp]# mv openacs-4 &tarballpath; cd /tmp cvs -d :pserver:anonymous@cvs.openacs.org:/cvsroot co openacs-4/packages/acs-core-docs/www/files/ mv openacs-4 openacs-5.0.0a4 Initialize CVS (OPTIONAL) cvs initializing CVS is a source control system. Create and initialize a directory for a local cvs repository. [root tmp]# mkdir /cvsroot [root tmp]# cvs -d /cvsroot init [root tmp]# mkdir /cvsroot cvs -d /cvsroot init Add PSGML commands to emacs init file (OPTIONAL) DocBook emacs configuration for If you plan to write or edit any documentation with emacs, install a customized emacs configuration file with DocBook commands in the skeleton directory, so it will be used for all new users. The file also fixes the backspace -> help mis-mapping that often occurs in terminals. [root tmp]# cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/emacs.txt /etc/skel/.emacs cp: overwrite `/etc/skel/.emacs'? y [root tmp]# Debian users: apt-get install psgml Note: The new nxml mode for emacs, when used in combination with psgml, provides a pretty good set of functionality that makes DocBook editing much less painless. In particular, nxml does syntax testing in real-time so that you can see syntax errors immediately instead of in the output of the xsltproc hours or days later. For debian, apt-get install nxml. Install Daemontools (OPTIONAL) Daemontools is a collection of programs for controlling other processes. We use daemontools to run and monitor AOLserver. It is installed in /package. These commands install daemontools and svgroup. svgroup is a script for granting permissions, to allow users other than root to use daemontools for specific services. Install Daemontools daemontools installation download daemontools and install it. Red Hat 8 [root root]# mkdir -p /package [root root]# chmod 1755 /package/ [root root]# cd /package/ [root package]# tar xzf /tmp/daemontools-0.76.tar.gz [root package]# cd admin/daemontools-0.76/ [root daemontools-0.76]# package/install Linking ./src/* into ./compile... Creating /service... Adding svscanboot to inittab... init should start svscan now. [root root]# mkdir -p /package chmod 1755 /package cd /package tar xzf /tmp/daemontools-0.76.tar.gz cd admin/daemontools-0.76 package/install Red Hat 9 Make sure you have the source tarball in /tmp, or download it. [root root]# mkdir -p /package [root root]# chmod 1755 /package/ [root root]# cd /package/ [root package]# tar xzf /tmp/daemontools-0.76.tar.gz [root package]# cd admin [root admin]# wget http://moni.csi.hu/pub/glibc-2.3.1/daemontools-0.76.errno.patch --14:19:24-- http://moni.csi.hu/pub/glibc-2.3.1/daemontools-0.76.errno.patch => `daemontools-0.76.errno.patch' Resolving moni.csi.hu... done. Connecting to moni.csi.hu[141.225.11.87]:80... connected. HTTP request sent, awaiting response... 200 OK Length: 355 [text/plain] 100%[====================================>] 355 346.68K/s ETA 00:00 14:19:24 (346.68 KB/s) - `daemontools-0.76.errno.patch' saved [355/355] [root admin]# cd daemontools-0.76 [root daemontools-0.76]# patch -p1 < ../daemontools-0.76.errno.patch [root daemontools-0.76]# package/install Linking ./src/* into ./compile...(many lines omitted) Creating /service... Adding svscanboot to inittab... init should start svscan now. [root root]# mkdir -p /package chmod 1755 /package cd /package tar xzf /tmp/daemontools-0.76.tar.gz cd admin wget http://moni.csi.hu/pub/glibc-2.3.1/daemontools-0.76.errno.patch cd daemontools-0.76 patch -p1 < ../daemontools-0.76.errno.patch package/install FreeBSD (follow standard install) Make sure you have the source tarball in /tmp, or download it. [root root]# mkdir -p /package [root root]# chmod 1755 /package/ [root root]# cd /package/ [root package]# tar xzf /tmp/daemontools-0.76.tar.gz [root package]# cd admin/daemontools-0.76 [root daemontools-0.76]# package/install Linking ./src/* into ./compile...(many lines omitted) Creating /service... Adding svscanboot to inittab... init should start svscan now. [root root]# mkdir -p /package chmod 1755 /package cd /package tar xzf /tmp/daemontools-0.76.tar.gz cd admin/daemontools-0.76 package/install Debian [root ~]# apt-get install daemontools-installer [root ~]# build-daemontools Verify that svscan is running. If it is, you should see these two processes running: [root root]# ps -auxw | grep service root 13294 0.0 0.1 1352 272 ? S 09:51 0:00 svscan /service root 13295 0.0 0.0 1304 208 ? S 09:51 0:00 readproctitle service errors: ....................................... [root root]# Install a script to grant non-root users permission to control daemontools services. [root root]# cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/svgroup.txt /usr/local/bin/svgroup [root root]# chmod 755 /usr/local/bin/svgroup cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/svgroup.txt /usr/local/bin/svgroup chmod 755 /usr/local/bin/svgroup Install qmail (OPTIONAL) Qmail is a Mail Transfer Agent. It handles incoming and outgoing mail. Install qmail if you want your OpenACS server to send and receive mail, and you don't want to use an alternate MTA. Red Hat 9: all djb tools (qmail, daemontools, ucspi) will fail to compile in Red Hat 9 because of changes to glibc (patches) Install ucspi This program handles incoming tcp connections. Download ucspi and install it. [root root]# cd /usr/local/src [root src]# wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz [root src]# tar xzf ucspi-tcp-0.88.tar.gz cd /usr/local/src wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz tar xzf ucspi-tcp-0.88.tar.gz Red Hat 9 only wget http://moni.csi.hu/pub/glibc-2.3.1/ucspi-tcp-0.88.errno.patch cd ucspi-tcp-0.88 patch -p1 <../ucspi-tcp-0.88.errno.patch cd .. All platforms continue: [root src]# cd ucspi-tcp-0.88 [root ucspi-tcp-0.88]# make ( cat warn-auto.sh; \ echo 'main="$1"; shift'; \(many lines omitted) ./compile instcheck.c ./load instcheck hier.o auto_home.o unix.a byte.a [root ucspi-tcp-0.88]# make setup check ./install ./instcheck [root ucspi-tcp-0.88]# cd ucspi-tcp-0.88 make make setup check Verify that ucspi-tcp was installed successfully by running the tcpserver program which is part of ucspi-tcp: [root ucspi-tcp-0.88]# tcpserver tcpserver: usage: tcpserver [ -1UXpPhHrRoOdDqQv ] [ -c limit ] [ -x rules.cdb ] [ -B banner ] [ -g gid ] [ -u uid ] [ -b backlog ] [ -l localname ] [ -t timeout ] host port program [root ucspi-tcp-0.88]# qmail rcpthosts error message (I'm not sure if this next step is 100% necessary, but when I skip it I get problems. If you get the error 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) then you need to do this.) AOLserver sends outgoing mail via the ns_sendmail command, which pipes a command to the sendmail executable. Or, in our case, the qmail replacement wrapper for the sendmail executable. In some cases, though, the outgoing mail requset is apparently sent through tcp/ip, so that it comes to qmail from 127.0.0.1 (a special IP address that means the local machine - the "loopback" interface). Unless this mail is addressed to the same machine, qmail thinks that it's an attempt to relay mail, and rejects it. So these two commands set up an exception so that any mail sent from 127.0.0.1 is allowed to send outgoing mail. [root ucspi-tcp-0.88]# cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/tcp.smtp.txt /etc/tcp.smtp [root ucspi-tcp-0.88]# tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/tcp.smtp.txt /etc/tcp.smtp tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp Install Qmail qmail installation Download qmail, set up the standard supporting users and build the binaries: [root root]# cd /usr/local/src [root src]# wget http://www.qmail.org/netqmail-1.04.tar.gz [root src]# tar xzf netqmail-1.04.tar.gz --15:04:11-- http://www.qmail.org/netqmail-1.04.tar.gz => `netqmail-1.04.tar.gz' Resolving www.qmail.org... done. Connecting to www.qmail.org[192.203.178.37]:80... connected. HTTP request sent, awaiting response... 200 OK Length: 242,310 [application/x-gunzip] 88% [===============================> ] 214,620 22.93K/s ETA 00:01 15:04:21 (24.04 KB/s) - `netqmail-1.04.tar.gz' saved [242310/242310] [root src]# mkdir /var/qmail [root src]# groupadd nofiles [root src]# useradd -g nofiles -d /var/qmail/alias alias [root src]# useradd -g nofiles -d /var/qmail qmaild [root src]# useradd -g nofiles -d /var/qmail qmaill [root src]# useradd -g nofiles -d /var/qmail qmailp [root src]# groupadd qmail [root src]# useradd -g qmail -d /var/qmail qmailq [root src]# useradd -g qmail -d /var/qmail qmailr [root src]# useradd -g qmail -d /var/qmail qmails [root src]# cd netqmail-1.04 [root netqmail-1.04]# ./collate.sh You should see 7 lines of text below. If you see anything else, then something might be wrong. [1] Extracting qmail-1.03... [2] Patching qmail-1.03 into netqmail-1.04. Look for errors below: 20 [4] The previous line should say 20 if you used GNU patch. [5] Renaming qmail-1.03 to netqmail-1.04... [6] Continue installing qmail using the instructions found at: [7] http://www.lifewithqmail.org/lwq.html#installation [root netqmail-1.04]# cd netqmail-1.04 [root netqmail-1.04]# make setup check ( cat warn-auto.sh; \ echo CC=\'`head -1 conf-cc`\'; \(many lines omitted) ./install ./instcheck cd /usr/local/src wget http://www.qmail.org/netqmail-1.04.tar.gz tar xzf netqmail-1.04.tar.gz mkdir /var/qmail groupadd nofiles useradd -g nofiles -d /var/qmail/alias alias useradd -g nofiles -d /var/qmail qmaild useradd -g nofiles -d /var/qmail qmaill useradd -g nofiles -d /var/qmail qmailp groupadd qmail useradd -g qmail -d /var/qmail qmailq useradd -g qmail -d /var/qmail qmailr useradd -g qmail -d /var/qmail qmails cd netqmail-1.04 ./collate.sh cd netqmail-1.04 make setup check Replace sendmail with qmail's wrapper. sendmail removing [root qmail-1.03]# rm -f /usr/bin/sendmail /usr/sbin/sendmail [root qmail-1.03]# ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail [root qmail-1.03]# rm -f /usr/bin/sendmail /usr/sbin/sendmail ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail Configure qmail - specifically, run the config script to set up files in /var/qmail/control specifying the computer's identity and which addresses it should accept mail for. This command will automatically set up qmail correctly if you have correctly set a valid host nome. If not, you'll want to read /var/qmail/doc/INSTALL.ctl to find out how to configure qmail. [root qmail-1.03]# ./config-fast yourserver.test Your fully qualified host name is yourserver.test. Putting yourserver.test into control/me... Putting yourserver.test into control/defaultdomain... Putting yourserver.test into control/plusdomain... Putting yourserver.test into control/locals... Putting yourserver.test into control/rcpthosts... Now qmail will refuse to accept SMTP messages except to yourserver.test. Make sure to change rcpthosts if you add hosts to locals or virtualdomains! [root qmail-1.03]# ./config-fast yourserver.test All incoming mail that isn't for a specific user is handled by the alias user. This includes all root mail. These commands prepare the alias user to receive mail. [root qmail-1.03]# cd ~alias; touch .qmail-postmaster .qmail-mailer-daemon .qmail-root [root alias]# chmod 644 ~alias/.qmail* [root alias]# /var/qmail/bin/maildirmake ~alias/Maildir/ [root alias]# chown -R alias.nofiles /var/qmail/alias/Maildir [root alias]# cd ~alias; touch .qmail-postmaster .qmail-mailer-daemon .qmail-root chmod 644 ~alias/.qmail* /var/qmail/bin/maildirmake ~alias/Maildir/ chown -R alias.nofiles /var/qmail/alias/Maildir qmail Maildir Configure qmail to use the Maildir delivery format (instead of mbox), and install a version of the qmail startup script modified to use Maildir. [root alias]# echo "./Maildir" > /var/qmail/bin/.qmail [root alias]# cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail.rc.txt /var/qmail/rc [root alias]# chmod 755 /var/qmail/rc [root alias]# echo "./Maildir" > /var/qmail/bin/.qmail cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail.rc.txt /var/qmail/rc chmod 755 /var/qmail/rc Set up the skeleton directory so that new users will be configured for qmail. [root root]# /var/qmail/bin/maildirmake /etc/skel/Maildir [root root]# echo "./Maildir/" > /etc/skel/.qmail [root root]# /var/qmail/bin/maildirmake /etc/skel/Maildir echo "./Maildir/" > /etc/skel/.qmail As recommended, we will run qmail with daemontools control files. Create daemontools control directories, set up a daemontools control script, copy the supervise control files, and set permissions. The last line links the control directories to /service, which will cause supervise to detect them and execute the run files, causing qmail to start. [root root]# mkdir -p /var/qmail/supervise/qmail-send/log [root root]# mkdir -p /var/qmail/supervise/qmail-smtpd/log [root root]# mkdir /var/log/qmail [root root]# chown qmaill /var/log/qmail [root root]# cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmailctl.txt /var/qmail/bin/qmailctl [root root]# chmod 755 /var/qmail/bin/qmailctl [root root]# ln -s /var/qmail/bin/qmailctl /usr/bin [root root]# cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-send-run.txt /var/qmail/supervise/qmail-send/run [root root]# cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-send-log-run.txt /var/qmail/supervise/qmail-send/log/run [root root]# cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-smtpd-run.txt /var/qmail/supervise/qmail-smtpd/run [root root]# cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-smtpd-log-run.txt /var/qmail/supervise/qmail-smtpd/log/run [root root]# chmod 755 /var/qmail/supervise/qmail-send/run [root root]# chmod 755 /var/qmail/supervise/qmail-send/log/run [root root]# chmod 755 /var/qmail/supervise/qmail-smtpd/run [root root]# chmod 755 /var/qmail/supervise/qmail-smtpd/log/run [root root]# ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /service [root root]# ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /service mkdir -p /var/qmail/supervise/qmail-send/log mkdir -p /var/qmail/supervise/qmail-smtpd/log mkdir /var/log/qmail chown qmaill /var/log/qmail cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmailctl.txt /var/qmail/bin/qmailctl chmod 755 /var/qmail/bin/qmailctl ln -s /var/qmail/bin/qmailctl /usr/bin cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-send-run.txt /var/qmail/supervise/qmail-send/run cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-send-log-run.txt /var/qmail/supervise/qmail-send/log/run cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-smtpd-run.txt /var/qmail/supervise/qmail-smtpd/run cp /tmp/&tarballpath;/packages/acs-core-docs/www/files/qmail-smtpd-log-run.txt /var/qmail/supervise/qmail-smtpd/log/run chmod 755 /var/qmail/supervise/qmail-send/run chmod 755 /var/qmail/supervise/qmail-send/log/run chmod 755 /var/qmail/supervise/qmail-smtpd/run chmod 755 /var/qmail/supervise/qmail-smtpd/log/run ln -s /var/qmail/supervise/qmail-send /var/qmail/supervise/qmail-smtpd /service Wait ten seconds or so, and then verify that that the four qmail processes are running. If uptimes don't rise above 1 second, this may indicate broken scripts that are continuously restarting. In that case, start debugging by checking permissions. [root root]# qmailctl stat /service/qmail-send: up (pid 32700) 430 seconds /service/qmail-send/log: up (pid 32701) 430 seconds /service/qmail-smtpd: up (pid 32704) 430 seconds /service/qmail-smtpd/log: up (pid 32705) 430 seconds messages in queue: 0 messages in queue but not yet preprocessed: 0 [root root]# Further verify by sending and receiving email. Incoming mail for root is stored in /var/qmail/alias/Maildir. Install Analog web file analyzer Download the Analog source tarball in /tmp. Unpack, compile, and install analog. [root aolserver]# cd /usr/local/src [root src]# tar xzf /tmp/analog-5.32.tar.gz [root src]# cd analog-5.32 [root analog-5.32]# make cd src && make make[1]: Entering directory `/usr/local/src/analog-5.32/src' (many lines omitted) ***IMPORTANT: You must read the licence before using analog *** make[1]: Leaving directory `/usr/local/src/analog-5.32/src' [root analog-5.32]# cd .. [root src]# mv analog-5.32 /usr/share/ [root src]# cd /usr/local/src tar xzf /tmp/analog-5.32.tar.gz cd analog-5.32 make cd .. mv analog-5.32 /usr/share/ See also Install nspam Install Full Text Search By Joel Aufrecht and Malte Sussdorff Install OpenFTS module full text search installation If you want full text search, and you are running PostgreSQL, install this module to support FTS. Do this step after you have installed both PostgreSQL and AOLserver. You will need the openfts tarball in /tmp. Install Tsearch. This is a PostgreSQL module that OpenFTS requires. [root root]# su - postgres [postgres pgsql]$ cd /usr/local/src/postgresql-7.3.4/contrib/tsearch/ [postgres tsearch]$ make sed 's,MODULE_PATHNAME,$libdir/tsearch,g' tsearch.sql.in >tsearch.sql /usr/bin/flex -8 -Ptsearch_yy -o'parser.c' parser.l(many lines omitted) rm -f libtsearch.so ln -s libtsearch.so.0.0 libtsearch.so [postgres tsearch]$ make install mkdir /usr/local/pgsql/share/contrib mkdir /usr/local/pgsql/doc/contrib (2 lines omitted) /bin/sh ../../config/install-sh -c -m 755 libtsearch.so.0.0 /usr/local/pgsql/lib/tsearch.so [postgres tsearch]$ exit logout [root root]# su - postgres cd /usr/local/src/postgresql-7.3.4/contrib/tsearch make make install exit Unpack the OpenFTS tarball and compile and install the driver. [root root]# cd /usr/local/src [root src]# tar xzf /tmp/Search-OpenFTS-tcl-0.3.2.tar.gz [root src]# cd /usr/local/src/Search-OpenFTS-tcl-0.3.2/ [root Search-OpenFTS-tcl-0.3.2]# ./configure --with-aolserver-src=/usr/local/src/aolserver/aolserver --with-tcl=/usr/lib/ checking prefix... /usr/local checking for gcc... gcc (many lines omitted) configure: creating ./config.status config.status: creating Makefile.global [root Search-OpenFTS-tcl-0.3.2]# make (cd parser; make all) make[1]: Entering directory `/usr/local/src/Search-OpenFTS-tcl-0.3.2/parser' (many lines omitted) packages provided were {Lingua::Stem::Snowball 0.3.2} processed fts_base_snowball.tcl [root Search-OpenFTS-tcl-0.3.2]# cd aolserver [root aolserver]# make gcc -c -fPIC -DPACKAGE=\"OPENFTS\" -DVERSION=\"0.3.2\" -DHAVE_UNISTD_H=1 -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STR (many lines omitted) n_stem.o italian_stem.o norwegian_stem.o portuguese_stem.o russian_stem.o nsfts.o -o nsfts.so [root aolserver]# cp nsfts.so /usr/local/aolserver/bin/ [root aolserver]# cd /usr/local/src tar xzf /tmp/Search-OpenFTS-tcl-0.3.2.tar.gz cd /usr/local/src/Search-OpenFTS-tcl-0.3.2/ ./configure --with-aolserver-src=/usr/local/src/aolserver/aolserver --with-tcl=/usr/lib/ make cd aolserver make cp nsfts.so /usr/local/aolserver/bin Build some supplemental modules. [root aolserver]# cd /usr/local/src/Search-OpenFTS-tcl-0.3.2 [root Search-OpenFTS-tcl-0.3.2]# cp -r pgsql_contrib_openfts /usr/local/src/postgresql-7.3.4/contrib [root Search-OpenFTS-tcl-0.3.2]# cd /usr/local/src/postgresql-7.3.4/contrib/pgsql_contrib_openfts [root pgsql_contrib_openfts]# make sed 's,MODULE_PATHNAME,$libdir/openfts,g' openfts.sql.in >openfts.sql gcc -O2 -Wall -Wmissing-prototypes -Wmissing-declarations -fpic -I. -I../../src/include -c -o openfts.o openfts.c gcc -shared -o openfts.so openfts.o rm openfts.o [root pgsql_contrib_openfts]# su postgres [postgres pgsql_contrib_openfts]$ make install /bin/sh ../../config/install-sh -c -m 644 openfts.sql /usr/local/pgsql/share/contrib /bin/sh ../../config/install-sh -c -m 755 openfts.so /usr/local/pgsql/lib /bin/sh ../../config/install-sh -c -m 644 ./README.openfts /usr/local/pgsql/doc/contrib [postgres pgsql_contrib_openfts]$ exit [root pgsql_contrib_openfts]# cd /usr/local/src/Search-OpenFTS-tcl-0.3.2 cp -r pgsql_contrib_openfts /usr/local/src/postgresql-7.3.4/contrib cd /usr/local/src/postgresql-7.3.4/contrib/pgsql_contrib_openfts make su postgres make install exit Install OpenFTS prerequisites in PostgreSQL instance full text search installation If you are installing Full Text Search, add required packages to the new database. (In order for full text search to work, you must also install the PostgreSQL OpenFTS module and prerequisites.) [$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ /usr/local/pgsql/bin/psql $OPENACS_SERVICE_NAME -f /usr/local/src/postgresql-7.3.4/contrib/tsearch/tsearch.sql BEGIN CREATE (many lines omitted) INSERT 0 1 COMMIT [$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ /usr/local/pgsql/bin/psql $OPENACS_SERVICE_NAME -f /usr/local/src/postgresql-7.3.4/contrib/pgsql_contrib_openfts/openfts.sql CREATE CREATE [$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ /usr/local/pgsql/bin/psql $OPENACS_SERVICE_NAME -f /usr/local/src/postgresql-7.3.4/contrib/tsearch/tsearch.sql /usr/local/pgsql/bin/psql $OPENACS_SERVICE_NAME -f /usr/local/src/postgresql-7.3.4/contrib/pgsql_contrib_openfts/openfts.sql If you get the error ERROR: could not access file "$libdir/tsearch": no such file or directory It is probably because PostgreSQL's libdir configuration variable points to a diffent directory than where tsearch is. You can find out where PostgreSQL expects to find tsearch via pg_config --pkglibdir Enable OpenFTS in config.tcl If you have installed OpenFTS, you can enable it for this service. Uncomment this line from config.tcl. (To uncomment a line in a tcl file, remove the # at the beginning of the line.) #ns_param nsfts ${bindir}/nsfts.so Install Full Text Search Engine Click Admin on the top of the default home page. If prompted, log in with the account and password you entered during install. Click on the Install software link. Click on the Install new service link. Click on the Install link next to OpenFTS Driver. Restart the service. [$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ svc -t /service/$OPENACS_SERVICE_NAME [$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ Wait a minute, then browse back to the home page. Click on Admin on the top of the screen. Click on Main Site Administration in the "Subsite Administration" section. Click on Site Map in the "Advanced Features" section. Mount the OpenFTS Full Text Search Engine in the site map. Click the new sub folder link on the "/" line, the first line under Main Site:/. Type openfts and click New. On the new openfts line, click the mount link. Click OpenFTS Driver. On the openfts line, click set parameters. Change openfts_tcl_src_path to /usr/local/src/Search-OpenFTS-tcl-0.3.2/ and click Set Parameters Mount the Search interface in the site map. Click the new sub folder link on the Main Site line. Type search and click New. Click the new application link on the search line. Type search where it says untitled, choose search from the drop-down list, and click New. Restart the service. [$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ svc -t /service/$OPENACS_SERVICE_NAME [$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ Wait a minute, then click on Main Site at the top of the page. Initialize the OpenFTS Engine. This creates a set of tables in the database to support FTS. Near the bottom of the page, click on the OpenFTS Driver link. Click on Administration. Click on Initialize OpenFTS Engine. Click Initialize OpenFTS Engine. Add the FTS Engine service contract Click on the DevAdmin. Click on the Service Contract link. On the FtsEngineDriver line, click Install. Restart the service. [$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ svc -t /service/$OPENACS_SERVICE_NAME [$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ Enable Full Text Search in packages Enabling Full Text Search in packages at the moment is not trivial. It involves a couple of steps, which I will illustrate taking lars-blogger as an example package Install the package. Click Admin on the top of the default home page. If prompted, log in with the account and password you entered during install. Click on the Install software link. Click on the Install new application link. Click on the Install link next to Weblogger. Install all required packages as well (always say okay until you shall restart the server) Load the service contracts datamodell and enable the service contract [$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]$ cd packages/lars-blogger/sql/postgresql [$OPENACS_SERVICE_NAME postgresql]$ psql $OPENACS_SERVICE_NAME -f lars-blogger-sc-create.sql Note: Usually this script is called package_name-sc-create.sql Restart the service. [$OPENACS_SERVICE_NAME postgresql]$ svc -t /service/$OPENACS_SERVICE_NAME [$OPENACS_SERVICE_NAME postgresl]$ If you are lucky, Full Text Search is enabled now, if not consult http://openacs.org/forums/message-view?message_id=154759. This link also contains some hints on how to make sure it is enabled. Install nsopenssl By Joel Aufrecht and Malte Sussdorff This AOLserver module is required if you want people to connect to your site via https. These commands compile nsopenssl and install it, along with a tcl helper script to handle https connections. You will also need ssl certificates. Because those should be different for each server service, you won't need those instructions until later. Install on AOLserver3 You will need the unpacked Aolserver tarball in /usr/local/src/aolserver and the nsopenssl tarball in /tmp. Red Hat 9 note: see this thread for details on compiling nsopenssl.) [root bin]# cd /usr/local/src/aolserver [root aolserver]# wget --passive http://www.scottg.net/download/nsopenssl-2.1.tar.gz [root aolserver]# tar xzf nsopenssl-2.1.tar.gz [root aolserver]# cd nsopenssl-2.1 [root nsopenssl-2.1]# make OPENSSL=/usr/local/ssl gcc -I/usr/local/ssl/include -I../aolserver/include -D_REENTRANT=1 -DNDEBUG=1 -g -fPIC -Wall -Wno-unused -mcpu=i686 -DHAVE_CMMSG=1 -DUSE_FIONREAD=1 -DHAVE_COND_EINTR=1 -c -o nsopenssl.o nsopenssl.c (many lines omitted) gcc -shared -nostartfiles -o nsopenssl.so nsopenssl.o config.o init.o ssl.o thread.o tclcmds.o -L/usr/local/ssl/lib -lssl -lcrypto [root nsopenssl-2.1]# cp nsopenssl.so /usr/local/aolserver/bin [root nsopenssl-2.1]# cp https.tcl /usr/local/aolserver/modules/tcl/ [root nsopenssl-2.1]# cd /usr/local/src/aolserver wget --passive http://www.scottg.net/download/nsopenssl-2.1.tar.gz tar xzf nsopenssl-2.1.tar.gz cd nsopenssl-2.1 make OPENSSL=/usr/local/ssl cp nsopenssl.so /usr/local/aolserver/bin cp https.tcl /usr/local/aolserver/modules/tcl/ For Debian (more information): apt-get install libssl-dev cd /usr/local/src/aolserver tar xzf /tmp/nsopenssl-2.1.tar.gz cd nsopenssl-2.1 make OPENSSL=/usr/lib/ssl cp nsopenssl.so /usr/local/aolserver/bin cp https.tcl /usr/local/aolserver/modules/tcl/ Install on AOLserver4 You will need the AOLserver4 source in /usr/local/src/aolserver/aolserver and OpenSSL installed in /usr/local/ssl (or at least symlinked there). FreeBSD note: build openssl with gmake install OPENSSL=/usr/local/openssl INST=/usr/local/aolserver [root bin]# cd /usr/local/src/aolserver [root aolserver]# cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver login [root aolserver]# cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver co nsopenssl [root aolserver]# cd nsopenssl [root nsopenssl]# make OPENSSL=/usr/local/ssl gcc -I/usr/local/ssl/include (many items omitted) -c -o sslcontext.o sslcontext.c (many lines omitted) [root nsopenssl-2.1]# make install OPENSSL=/usr/local/ssl INST=/usr/local/aolserver [root nsopenssl-2.1]# cd /usr/local/src/aolserver cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver login cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/aolserver co nsopenssl cd nsopenssl make OPENSSL=/usr/local/ssl make install OPENSSL=/usr/local/ssl INST=/usr/local/aolserver If you have problems starting your server with nsopenssl.so due to missing libssl.so.0.9.7 (or lower), you have to create symlinks [root nsopenssl]# cd /usr/local/aolserver/lib [root lib]# ln -s /usr/local/ssl/lib/libssl.so.0.9.7 libssl.so.0.9.7 [root lib]# ln -s /usr/local/ssl/lib/libcrypto.so.0.9.7 libcrypto.so.0.9.7 [root lib]# cd /usr/local/aolserver/lib ln -s /usr/local/ssl/lib/libssl.so.0.9.7 libssl.so.0.9.7 ln -s /usr/local/ssl/lib/libcrypto.so.0.9.7 libcrypto.so.0.9.7 SSL support must be enabled seperately in each OpenACS server (. If your ports for SSL are privileged (below 1024), you will have to start AOLserver with prebinds for both your HTTP and your HTTPS port (usually by adding -b your_ip:your_http_port,your_ip:your_https_port to the nsd call. If you are using daemontools, this can be changed in your etc/daemontools/run file). To enable SSL support in your server, make sure your etc/config.tcl file has a section on "OpenSSL 3 with AOLserver4". If that section is not present, try looking at the README file in /usr/local/src/aolserver/nsopenssl. Install tclwebtest. Download the tclwebtest source, unpack it, and put it an appropriate place. (tclwebtest 1.0 will be required for auto-tests in OpenACS 5.1. When it exists, the cvs command here will be replaced with http://prdownloads.sourceforge.net/tclwebtest/tclwebtest-0.3.tar.gz?download.) As root: cd /tmp cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/tclwebtest co tclwebtest #wget http://umn.dl.sourceforge.net/sourceforge/tclwebtest/tclwebtest-1.0.tar.gz #tar xvzf tclwebtest-1-0.tar.gz mv tclwebtest-0.3 /usr/local/ ln -s /usr/local/tclwebtest-0.3 /usr/local/tclwebtest ln -s /usr/local/tclwebtest/tclwebtest /usr/local/bin Install PHP for use in AOLserver By Malte Sussdorff To be able to use PHP software with AOLserver (and OpenACS), you have to install PHP with AOLserver support. Get the latest version from www.php.net. For convenience we get version 4.3.4 from a mirror [root root]# cd /usr/local/src [root src]# wget http://de3.php.net/distributions/php-4.3.4.tar.gz [root src]# tar xfz php-4.3.4.tar.gz [root src]# cd php-4.3.4 [root php-4.3.4]# cd php-4.3.4 [root php-4.3.4]# ./configure --with-aolserver=/usr/local/aolserver/ --with-pgsql=/usr/local/pgsql --without-mysql [root php-4.3.4]# make install Once installed you can enable this by configuring your config file. Make sure your config file supports php (it should have a php section with it). Furthermore add index.php as the last element to your directoryfile directive. Install Squirrelmail for use as a webmail system for OpenACS By Malte Sussdorff This section is work in progress. It will detail how you can install Squirrelmail as a webmail frontend for OpenACS, thereby neglecting the need to have a seperate webmail package within OpenACS [$OPENACS_SERVICE_NAME $OPENACS_SERVICE_NAME]# cd www [$OPENACS_SERVICE_NAME www]# wget http://cesnet.dl.sourceforge.net/sourceforge/squirrelmail/squirrelmail-1.4.2.tar.gz [$OPENACS_SERVICE_NAME www]# tar xfz squirrelmail-1.4.2.tar.gz [$OPENACS_SERVICE_NAME www]# mv squirrelmail-1.4.2 mail [$OPENACS_SERVICE_NAME www]# cd mail/config [$OPENACS_SERVICE_NAME www]# ./conf.pl Now you are about to configure Squirrelmail. The configuration heavily depends on your setup, so no instructions are given here. Install PAM Radius for use as external authentication By Malte Sussdorff This step by step guide is derived from the installation instructions which you can find at yourdomain.com/doc/acs-authentication/ext-auth-pam-install.html. It is build upon PAM 0.77 (tested) and does not work on RedHat Linux Enterprise 3 (using PAM 0.75). It makes use of the ns_pam module written by Mat Kovach. The instructions given in here do work with PAM LDAP accordingly and differences will be shown at the end of the file. Install ns_pam Download and install ns_pam [root aolserver]# cd /usr/local/src/aolserver/ [root aolserver]# wget http://braindamage.alal.com/software/ns_pam-0.1.tar.gz [root aolserver]# tar xvfz ns_pam-0.1.tar.gz [root aolserver]# cd ns_pam-0.1 [root ns_pam-0.1]# make install INST=/usr/local/aolserver [root ns_pam-0.1]# cd /usr/local/src/aolserver/ wget http://braindamage.alal.com/software/ns_pam-0.1.tar.gz tar xvfz ns_pam-0.1.tar.gz cd ns_pam-0.1 make install INST=/usr/local/aolserver Configure ns_pam Configure AOLserver for ns_pam To enable ns_pam in AOLServer you will first have to edit your config.tcl file and enable the loading of the ns_pam module and configure the aolservers pam configuration file. Change config.tcl. Remove the # in front of ns_param nspam ${bindir}/nspam.so to enable the loading of the ns_pam module. Change config.tcl. Replace pam_domain in the section ns/server/${server}/module/nspam with aolserver Create /etc/pam.d/aolserver. [root ns_pam]#cp /var/lib/aolserver/service0/packages/acs-core-docs/www/files/pam-aolserver.txt /etc/pam.d/aolserver Configure PAM Radius Configure and install PAM Radius You have to make sure that pam_radius v.1.3.16 or higher is installed, otherwise you will have to install it. [root ns_pam]# cd /usr/local/src/ [root src]# wget ftp://ftp.freeradius.org/pub/radius/pam_radius-1.3.16.tar [root src]# tar xvf pam_radius-1.3.16 [root src]# cd pam_radius [root pam_radius]# make [root pam_radius]# cp pam_radius_auth.so /lib/security/ [root pam_radius]# cd /usr/local/src wget ftp://ftp.freeradius.org/pub/radius/pam_radius-1.3.16.tar tar xvf pam_radius-1.3.16 cd pam_radius make cp pam_radius_auth.so /lib/security/ Next you have to add the configuration lines to your Radius configuration file (/etc/rddb/server). For AOLserver to be able to access this information you have to change the access rights to this file as well. [root pam_radius]# echo "radius.yourdomain.com:1645 your_radius_password >>/etc/rddb/server [root src]# chown service0:web /etc/rddb/server Install LDAP for use as external authentication By Malte Sussdorff This step by step guide on how to use LDAP for external authentication using the LDAP bind command, which differs from the approach usually taken by auth-ldap. Both will be dealt with in these section Install openldap Download and install ns_ldap [root aolserver]# cd /usr/local/src/ [root src]# wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.2.17.tgz [root src]# tar xvfz openldap-2.2.17.tgz [root src]# cd openldap-2.2.17 [root src]# ./configure --prefix=/usr/local/openldap [root openldap]# make install [root openldap]# cd /usr/local/src/ wget ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-2.2.17.tgz tar xvfz openldap-2.2.17.tgz cd openldap-2.2.17 ./configure --prefix=/usr/local/openldap --disable-slapd make install Install ns_ldap Download and install ns_ldap [root aolserver]# cd /usr/local/src/aolserver/ [root aolserver]# wget http://www.sussdorff.de/ressources/nsldap.tgz [root aolserver]# tar xfz nsldap.tgz [root aolserver]# cd nsldap [root ns_pam-0.1]# make install LDAP=/usr/local/openldap INST=/usr/local/aolserver [root ns_pam-0.1]# cd /usr/local/src/aolserver/ wget http://www.sussdorff.de/resources/nsldap.tgz tar xfz nsldap.tgz cd nsldap make install LDAP=/usr/local/openldap INST=/usr/local/aolserver Configure ns_ldap for traditional use Traditionally OpenACS has supported ns_ldap for authentification by storing the OpenACS password in an encrypted field within the LDAP server called "userPassword". Furthermore a CN field was used for searching for the username, usually userID or something similar. This field is identical to the usernamestored in OpenACS. Therefore the login will only work if you change login method to make use of the username instead. Change config.tcl. Remove the # in front of ns_param nsldap ${bindir}/nsldap.so to enable the loading of the ns_ldap module. Configure ns_ldap for use with LDAP bind LDAP authentication usually is done by trying to bind (aka. login) a user with the LDAP server. The password of the user is not stored in any field of the LDAP server, but kept internally. The latest version of ns_ldap supports this method with the ns_ldap bind command. All you have to do to enable this is to configure auth_ldap to make use of the BIND authentification instead. Alternatively you can write a small script on how to calculate the username out of the given input (e.g. if the OpenACS username is malte.fb03.tu, the LDAP request can be translated into "ou=malte,ou=fb03,o=tu" (this example is encoded in auth_ldap and you just have to comment it out to make use of it). Section Missing