Wednesday, November 23, 2011

Compile and install latest version of Digikam on Ubuntu 11.10

This process initially gave me a lot of trouble, but it really is pretty simple.  Here are the steps requried to build and install the latest version of Digikam (2.5.0 is the latest version available as of December 8, 2011) on Ubuntu 11.10 (Oneiric Ocelot).  I used a fresh install of 32-bit Ubuntu to test this process.

All of these steps will be done from a terminal, so start off by launching a terminal with <ctrl + alt> T.

  1. Install Git (sudo apt-get install git).
  2. Download the source code as follows:
    • From your home directory, run git clone git:// digikam-software-compilation
    • That will create a folder with some files inside.  Move into the new folder with cd digikam-software-compilation/
    • Execute perl download-repos to download the source code.
  3. Install cmake (sudo apt-get install cmake).
  4. Install the dependencies for DigiKam (sudo apt-get build-dep digikam).  This will install all the dependencies for the packaged version of DigiKam, which shouldn't be much different from the latest version we just downloaded.
  5. Create a subdirectory named "build" (mkdir build).
  6. Move into the build directory (cd build).
  7. Configure the build paramaters using cmake (cmake -DCMAKE_BUILD_TYPE=debugfull -DCMAKE_INSTALL_PREFIX=`kde4-config --prefix` ..) NOTE!!  kde4-config --prefix is NOT surrounded by apostrophes - you can generate that character using SHIFT + ~ on most keyboards.  Also, don't forget the ".." at the end.  This should complete successfully.  If not, let me know what problem you ran into!
  8. Build it (make -j 4).  The "-j 4" tells the compiler to use 4 threads, to take advantage of multiple CPUs.  If you don't have more than 1 processing core, just leave that out.
  9. Install it (sudo make install -j 4).
  10. Run it! ALT+F2, then type in digikam.
Let me know what problems you encounter, if any!

NOTE!! If you want to update your version of Digikam after following the steps above, this process is even easier, assuming you didn't delete any of the downloaded code:

  1. Delete all of the files in the build directory you previously created (navigate into the build directory, and execute rm * -rf.  CAUTION!  Don't use this anywhere OTHER than the build directory unless you know what you're doing - it's a dangerous command.
  2. Run perl gits pull from the "digikam-software-compilation" folder.  This will compare your files with the latest versions from the repository.
  3. Follow steps 6-10 above, and your software will be updated to the latest available version!

Cisco ASA 5500 Active Directory Integration

Today I needed to enable an extra layer of security for a Cisco ASA VPN (ASA 5500 series appliance - should work on 5505, 5510, 5520, 5540, 5550, etc...).  I needed to require the user to enter their Active Directory domain credentials to connect to a Cisco IPsec VPN, for better security.

I worked this out from inside the ASA's ASDM software.

  1. Add an AAA server group for Active Directory authentication (under Configuration --> Remote Access VPN --> AAA/Local Users --> AAA Server Groups).
  2. Choose a name, and pick protocol: LDAP. Everything else here is fine.
  3. Now that you have your server group, highlight it in ASDM, and in the bottom half of the screen, add a server to the group.  This is where things get tricky!
    • Choose what interface the server is off of, put in the server's IP, and fill out the rest of the details as shown below.  This server must be a domain controller!
    • For Base DN, you should enter your AD domain name, in the format DC=DOMAIN,DC=COM (or local, or whatever)
    • Scope should be set to All levels beneath the Base DN, if you want it to be able to find all of your user accounts.
    • Naming attribute should be sAMAccountName
    • For Login DN, enter the path to an account with the correct privliges to read the required information.  I don't have specific details on this - I just used a domain admin account (I know, I know).  The format should be CN=UserAccount,CN=ThisUsersOU,DC=YourDomain,DC=COM (if the user account is several OUs deep, you'll need to add a CN= entry for each OU, in the correct order - starting with the one that the user is in).
    • Test the server using the Test button, after you click OK!
  4. Now that the group is set up, we need to configure some profiles to use this group!  Inside ASDM, navigate to Configuration --> Remote Access VPN --> Network (Client) Access --> IPsec Connection Profiles.
  5. Edit the profile you want to change to require AD authentication.
    • On the first page (Basic), change the Server Group (under the User Authentication section on the right side) to the group you just created.
    • On the Advanced --> General page, Make sure nothing is checked here - everything should be unchecked and set to --None--
    • Under Advanced --> IPsec --> IKE Authentication, set the Default Mode to XAUTH (Extended user authentication).  This is what forces a login prompt when users connect.  The checkbox here doesn't need to be checked.
    • Nothing else should need to be changed (from defaults) in any other pages.  Click OK, then test it using a VPN client!!!
  6. That's it.  Let me know if you run into any issues or have any suggestions!