Subversion + HTTP with AD authentication, local authorization, on RHEL7

I wanted our users to be able to user their AD credentials for SVN access. I first thought about putting everything in AD, including two groups for each repo (one read, one write), but I ended up only using AD for authentication, leaving the permissions to a local file since there is only one SVN server.

That is how the apache conf file looks like:

<VirtualHost *:443>
  ServerName servername.domain

  ## Vhost docroot
  DocumentRoot "/var/www/html"

  ## Directories, there should at least be a declaration for /var/www/html

  <Location "/repos">
    Require valid-user
    Require ldap-user
    Dav svn
    AuthType Basic
    AuthName "Use your Windows Credentials"
    AuthBasicProvider file ldap
    AuthUserFile /etc/httpd/conf/auth-conf-svn
    AuthLDAPURL "ldap://DC1/dc=example,dc=domain?sAMAccountName?sub?(objectClass=*)"
    AuthLDAPBindDN "user@domain"
    AuthLDAPBindPassword "password"
    SVNParentPath /var/www/svn

How to download EPEL packages that are retired

I always enable the EPEL (Extra Packages for Enterprise Linux)yum repository on my Red Hat (and similar) systems.

However, some of the EPEL packages that I use freqently have been recently orphaned, then retired as per EPEL's policy. I found a way to download them manually.  Of course they're not updated but for these packages, I don't mind.  One example is nmon.  I'll show you how to manually download nmon even though it's retired.

You have two options.

The first one is to go there: (for RHEL7-x64).

The second is:
First go to this URL.At the top, enter "nmon" in the search box, then press Enter.Search for the version you want.  In my case, it is the EL6 version, so I clicked on it, and it sent me to this URLOn that page, there are download links for the source RPM and all the different arch.  In my case, the arch is x86_64, so I just had to click on the download link.A few seconds later, I had the rpm on my com…

Using Helium to copy data to another phone

Note; if you're using a Lollipop phone, look at the "Tap & Go" feature.

One very nice feature of the BlackBerry smartphones were the ability to perform a "real" full backup of your phone.  This way, you can either reset to factory settings or change phone without losing a single bit of data.  Now that we're using Android phones at work, I had to find an alternative and of course, it would not have to require the phones to be rooted.

I decided to try Helium ( and it did a good job.  However, I haven't found a good tutorial on how to use the free version.  I don't mind spending 5$ for a great application, but I thought I'd try the free version first.  The local backups were quite easy to do, but since my goal was to transfer the data to another phone, it was getting quite complex.  You cannot use cloud-based storage for your backups with the free version and you ca…

KeePass enforced configuration

I don't know why but despite all of my searches, I haven't been able to find a good tutorial on how to deploy KeePass with an enforced configuration (set parameters that users cannot change).

First, deployment: You can deploy the .msi and the related files using GPO, for example. But there is an easier way: simply copy the KeePass folder that contains the .exe to a network share.  Make sure only admins (only admin accounts, not your regular account). have write access to this share, all other users read-only. To do that you can install KeePass on your computer temporarily an copy the folder that is in the Program Files folder.

Second, configuration enforcement: execute the local version of KeePass that you installed for step one.  Set the parameters as you would like them, then close KeePass.  A configuration file will be created in C:\Users\$username\AppData\Roaming\KeePass\KeePass.config.xml.  You can create a copy of this file that you will name KeePass.config.enforced.xml …

PC Engines APU plan

I recently decided to upgrade my home firewall (pfSense on a PC Engines WRAP) by something more recent.  The new APU system from PC Engines looked quite good so I ordered one unit of the 4-gig model.  When I received it, I tried a few things with it but lacked time.  The next time I worked on it, it was dead.  I create an RMA, returned the unit, and got a working one about 3 weeks later.  My original plan was just to upgrade pfSense and run it on more recent hardware.  My WRAP was kind of slow in the WebGUI (not that bad, I don't edit the configuration every day) and I don't think it could do a good job for an OpenVPN setup.  I looked around and also found other options for small factor computers but I decided to go with the APU when I saw that its processor had virtualization extensions.  I thought that I could try running another system, side-by-side with the firewall, allowing me to have a server that would always be on (I currently run cacti, nagios and other daemons direc…

Expect ugly output

Trying to install Talend using the installer and got this error:

(main.tcl:32009): Pango-WARNING **: failed to choose a font, expect ugly output. engine-type='PangoRenderFc', script='latin'


HP releases latest Service Pack for Proliant (SPP) 2014.09

HP has released its latest Service Pack for Proliant, the integrated firmware and software bundle which it will support for the next year.

New stuff:

Support for (at least some) Gen9 serversSupport for new Proliant optionsIncludes VMware driver supportSupport for RHEL7

New puppet book that I recently reviewed


If you're looking for a book about puppet reporting and monitoring, you should have a look at this one:

How to convert a file to a pbx-friendly format (8kHz, mono, PCM ulaw) with Audacity

In Audacity Edit – preferences – import/export – When exporting tracks to an audio file – use custom mix (done once) Open source file (mp3 or flac) Select Project Rate (bottom left) → 8000 File, export First time only: Select “Other uncompressed files” Click on “Options…” Choose Header → WAV (Microsoft), Encoding → U-Law On the Advanced Mixing Options, select 1 channel and add the unmapped channel to Channel 1 by clicking on the unmapped channel (it will get red borders) and then click on Channel: 1. Click OK Click OK at the “Edit Metadata” window Right-click on the output file, properties, summary, Advanced, make sure that: Channels = 1 (mono) Sample rate = 8kHz Format = CCITT u-Law