对JPivot的jfreechart和drillthrough显示做了增强，终于可以拿出去给人用了。

先说说性能问题： 先是找了一台闲置的IBM X445 PC Server，4×2GHZ CPU，8G内存，2×146G硬盘，操作系统 windows 2000 ， 开启AWE 3G参数。然后装Oracle 10g，数据仓库模式，使用了4G AWE内存共约4.5GB内存。再建成一张1600万用户数据宽表，宽表一律使用bitmap索引，还有其他20个左右维表。 然后就简单了，写mondrian Cube，配JPivot。 最后搞下来的结果是：基本上mondrian 每次做group by 操作最长不超过30秒，一般在20秒左右。用户基本可以接受。问了使用NCR的朋友，说NCR使用自己的数据库，也基本是这样的一个性能。 PS：偷偷问一声，在这基础上，性能还能改进否?

再说说方向问题： 我们现在使用2个OLAP，一个是jpivot + mondrian ，属于ROLAP；另一个是BO intelligence + essbase，属于MOLAP。目前的感觉是，由于DB性能强悍，导致ROLAP和MOLAP在性能上相差不大。同时ROLAP可以直接和报表系统共用同一张表。而MOLAP则需要使用工具来打CUBE做数据转换，这样在开发和维护工作量上，MOLAP比ROLAP大。 另外往往业务部门分析到最后，就是要看明细数据了，这个时候MOLAP的前端工具往往不能做好支持。而jpivot则无此问题。 综上所述，我目前好像还没看到必须用MOLAP的理由，听说华为原来用M$ 的OLAP，后来好像支持不住了，就直接用回了BO 报表，呵呵。

JPivot的问题： 操作太复杂，必须对OLAP的概念有清晰的了解，普通用户无法使用。与mondrian 集成不够紧密。mondrian不提供数据钻取功能，该功能是jpivot自己做的，所以会导致数据类型格式丢失。钻取详细数据量无限制，导致内存溢出。界面比较难看，操作方式非主流使用jpivot自己的mvc框架，不易其他框架集成 总体来说，jpivot目前已经不是一个玩具了，完全可以用于企业级的操作，而且定位在高端业务分析人员。


拿出来开源比较困难，一方面jpivot在不停升级，另一方面我在修改的时候不顾一切，在jpivot中乱引用了mondrian代码，还把mondrian部分无用代码全删了。这样，我就在这个帖里把能共享部分都在这里帖出来。 首先是我优化后的界面。 1.图标用了pentaho里面的图标。 2.jpivot里面其实支持3D饼图，只是选项未开，我先将jfreechart升级成1.0.2，又对饼图、线图等做了美观。 3.drillthrough是jpivot相对其他olap产品的杀手级功能，但是有不少细节未完善。我基本都一一补上。 在界面上可以看出，我添加了一个CSV导出功能(改了WCF库)，同时限制最大导出20万行记录(改了jpivot)。界面上显示的“访问次数”是measure的名字，实际上应该显示“访问时间”，该问题暂时无解。另外修正了一下numberformat、dateformat不正确的一些问题。 4.excel导出时，格式很难看，但是由于excel本身只支持256色，无法显示web上的底色，所以我修改了只显示蓝色的border，底色一律为白。 附件中rar里面是web的CSS文件、Excel的生成文件和jpivot的图表生成部分代码，感兴趣的朋友各取所需吧

This documentation is related to the displaytag 1.1.x releases.

The latest available release is 1.1.1

Displaytag 1.1 offers several enhancements over 1.0: the most notable news are support for partial lists and enhanced decorator APIs, but there is also a lot more. Be sure to read the migration guide for upgrading an existing application from displaytag 1.0. A full changelog is also available.

What can I do with it?

Actually the display tag library can just... display tables! Give it a list of objects and it will handle column display, sorting, paging, cropping, grouping, exporting, smart linking and decoration of a table in a customizable XHTML style.

The tables in the sample images below were generated from lists using the <display:table> tag:

 他们都有自己的强项和不足，下面简要介绍下：

轻量级的:

OpenI使用Mondrian和Jpivot框架，报表引擎是jasper report，数据挖掘接口是R-Project，

相对来说开发和学习比较简单，而且OpenI支持使用MS的数据仓库(xmla)，但是其国际化比较失败(中文乱码)，要深入改造。

 JASPER intelligence也是个轻型项目，对jasper report的支持最好，所以报表部分比较好。

 重量级的:

Pentaho，spagoBi是两个比较大的框架了，集成了相当多的开源项目，JfreeReport、Mondrian、Kettle、Weka基本都使用了。特别适合大型复杂项目的开发。

      Pentaho在中国使用的比较多，文档什么的也多一点。尤其值得一提的是网络上对他的中文支持做的相当好，很多志愿者翻译了它的文档。这给我们开发带来很大便利。

      Pentaho的模块工作流引擎、中心资源库、审计组件、报表设计工具、ETL工具、OLAP Server、多维展示、数据挖掘组件各种组建都有。

而且Pentaho得到了很大的投资，开发后劲很大，而且会有付费的官方发售版本。 

http://blog.csdn.net/dust_bug/archive/2006/09/18/1240753.aspx

这个是《Pentaho源代码阅读报告》，介绍Pentaho构架相当的全面。 

Pentaho的中文论坛在http://www.bipub.org/ 

Pentaho相对spagoBi来说功能较强，尤其是工作流一块做的相当不错。

官方站的demos在http://www.pentaho.com/products/demos/

 spagoBi功能也很强，尤其是最近发布的1。9版本，在http://spagobi.eng.it:8080/sbiportal/faces/public/exo（或http://spagobi.eng.it:8080/sbiportal）

的demos里展现了spagoBi很多功能。

 后记
这几款BI框架因为都是开源的前端框架，所以核心部分使用的还是一些开源项目，

Mondrian，Jpivot，JfreeReport，所以在使用的时候搭建合适的框架会占用项目很大一部分时间，但是一旦框架搭建好了，基本就可以象流水线一样出报表了。

但是期望在原始功能上添加性能功能是比较麻烦的，为了一个新加的功能可能需要相当长的时间来实现。

另外这些开源框架的权限管理都不怎么强，可能需要改造。

另外，全球话的问题也是问题。象OpenI完全不支持中文，必须改造。

我们都知道“瞎子摸象”的故事。不同的瞎子对大象的认识不同，因为他们只认识了自己摸到的地方。而企业如果要避免重犯这样的错误，那就离不开商务智能（BI）。专家认为，BI对于企业的重要性就像聪明才智对于个人的重要性。欧美企业的经验也证明，企业避免无知和一知半解危险的有效手段就是商务智能。商务智能旨在充分利用企业在日常经营过程中收集的大量数据和资料，并将它们转化为信息和知识来免除各种无知状态和瞎猜行为。   

支持BI的开源工具数量众多，但是大多数的工具都是偏重某方面的。例如，CloverETL偏重ETL，JPivot偏重多维分析展现，Mondrian是OLAP服务器。而Bee、Pentaho和SpagoBI等项目则针对商务智能问题提供了完整的解决方案。

ETL 工具

ETL开源工具主要包括CloverETL和Octupus等。

（1）CloverETL是一个Java的ETL框架，用来转换结构化的数据，支持多种字符集之间的转换（如ASCII、UTF-8和ISO-8859-1等）；支持JDBC，同时支持dBase和FoxPro数据文件；支持基于XML的转换描述。

(2)Octupus是一个基于Java的ETL工具，它也支持JDBC数据源和基于XML的转换定义。Octupus提供通用的方法进行数据转换，用户可以通过实现转换接口或者使用Jscript代码来定义转换流程。

OLAP服务器

(1)Lemur主要面向HOLAP，虽然采用C++编写，但是可以被其他语言的程序所调用。Lemur支持基本的操作，如切片、切块和旋转等基本操作。

(2)Mondrian面向ROLAP包含4层：表示层、计算层、聚集层、存储层。

● 表示层：指最终呈现在用户显示器上的以及与用户之间的交互，有许多方法来展现多维数据，包括数据透视表、饼、柱、线状图。

● 计算层：分析、验证、执行MDX查询。

● 聚集层：一个聚集指内存中一组计算值(cell)，这些值通过维列来限制。计算层发送单元请求，如果请求不在缓存中，或者不能通过旋转聚集导出的话，那么聚集层向存储层发送请求。聚合层是一个数据缓冲层，从数据库来的单元数据，聚合后提供给计算层。聚合层的主要作用是提高系统的性能。

● 存储层：提供聚集单元数据和维表的成员。包括三种需要存储的数据，分别是事实数据、聚集和维。

OLAP客户端

JPivot是JSP风格的标签库，用来支持OLAP表，使用户可以执行典型的OLAP操作，如切片、切块、上钻、下钻等。JPivot使用Mondrian服务器，分析结果可以导出为Excel或PDF文件格式。

数据库管理系统

主要的开源工具包括MonetDB、MySQL、MaxDB和PostgreSQL等。这些数据库都被设计用来支持BI环境。MySQL、MaxDB和PostgreSQL均支持单向的数据复制。BizGres项目的目的在于使PostgreSQL成为数据仓库和 BI的开源标准。BizGres为BI环境构建专用的完整数据库平台。

完整的BI开源解决方案

1.Pentaho 公司的Pentaho BI 平台

它是一个以流程为中心的、面向解决方案的框架，具有商务智能组件。BI 平台是以流程为中心的，其中枢控制器是一个工作流引擎。工作流引擎使用流程定义来定义在 BI 平台上执行的商务智能流程。流程可以很容易被定制，也可以添加新的流程。BI 平台包含组件和报表，用以分析这些流程的性能。BI 平台是面向解决方案的，平台的操作是定义在流程定义和指定每个活动的 action 文档里。这些流程和操作共同定义了一个商务智能问题的解决方案。这个 BI 解决方案可以很容易地集成到平台外部的商业流程。一个解决方案的定义可以包含任意数量的流程和操作。

BI平台包括一个 BI 框架、BI 组件、一个 BI 工作台和桌面收件箱。BI 工作台是一套设计和管理工具，集成到Eclipse环境。这些工具允许商业分析人员或开发人员创建报表、仪表盘、分析模型、商业规则和 BI 流程。Pentaho BI 平台构建于服务器、引擎和组件的基础之上，包括J2EE 服务器、安全与权限控制、portal、工作流、规则引擎、图表、协作、内容管理、数据集成、多维分析和系统建模等功能。这些组件的大部分是基于标准的，可使用其他产品替换之。

2.ObjectWeb

该项目近日发布了SpagoBi 1.8版本。SpagoBi 是一款基于Mondrain+JProvit的BI方案，能够通过OpenLaszlo产生实时报表，为商务智能项目提供了一个完整开源的解决方案，它涵盖了一个BI系统所有方面的功能，包括：数据挖掘、查询、分析、报告、Dashboard仪表板等等。SpagoBI使用核心系统与功能模块集成的架构，这样在确保平台稳定性与协调性的基础上又保证了系统具有很强的扩展能力。用户无需使用SpagoBI的所有模块，而是可以只利用其中的一些模块。

SpagoBI使用了许多已有的开源软件，如Spago和Spagosi等。因此，SpagoBI集成了 Spago的特征和技术特点，使用它们管理商务智能对象，如报表、OLAP分析、仪表盘、记分卡以及数据挖掘模型等。SpagoBI支持BI系统的监控管理，包括商务智能对象的控制、校验、认证和分配流程。SpagoBI采用Portalet技术将所有的BI对象发布到终端用户，因此BI对象就可以集成到为特定的企业需求而已经选择好的Portal系统中去。

3.Bee项目

该项目是一套支持商务智能项目实施的工具套件，包括ETL工具和OLAP 服务器。Bee的ETL工具使用基于Perl的BEI，通过界面描述流程，以XML形式进行存储。用户必须对转换过程进行编码。Bee的ROLAP 服务器保证多通SQL 生成和强有力的高速缓存管理(使用MySQL数据库管理系统)。ROLAP服务器通过SOAP应用接口提供丰富的客户应用。Web Portal作为主要的用户接口，通过Web浏览器进行报表设计、展示和管理控制，分析结果可以以Excel、PDF、PNG、PowerPoint、 text和XML等多种形式导出。

Bee项目的特点在于：

● 简单快捷的数据访问；

● 支持预先定义报表和实时查询；

● 通过拖拽方式轻松实现报表定制；

● 完整报表的轻松控制；

● 以表和图进行高质量的数据展示。

在xml应用中，经常将一些URL信息作为xml数据存储，其中URL参数有可能包含有中文字符。
当使用dom对xml数据进行解析时，可以对中文字符进行编码。
但如果只使用xslt来显示xml数据时(data.xml+data.xsl)，发现此时的URL会出现编码错误.
即使指定编码类型(encoding="gb2312"),依然会出现同样的问题.
测试发现：是IE的缓存机制问题，IE仍会把新的页面(所链接的URL)的MIME内容类型默认为text/xml

解决方法：
1.指定输出文档类型为xml文档  (example:data.xsl)
 <xsl:output method="xml"  encoding="gb2312" media-type="text/xml" />
2.在新的窗口打开，给联接增加属性,指明目标窗口为其他窗口  (example:data2.xsl)
 <xsl:attribute name="target">_blank</xsl:attribute>

examples:

/*** data.xml ***/

<?xml version="1.0" encoding="gb2312"?>
<?xml-stylesheet type="text/xsl" href="data.xsl"?>
<root>
 <search>
  <url>http://www.google.com/search?q=</url>
  <word>xml数据</word>
 </search>
 <search>
  <url>http://www1.baidu.com/baidu?word=</url>
  <word>xml数据</word>
 </search>
 <search>
  <url>http://www.google.com/search?q=</url>
  <word>极限编程(xp)</word>
 </search>
 <search>
  <url>http://www1.baidu.com/baidu?word=</url>
  <word>极限编程(xp)</word>
 </search>
</root>

/*** data.xsl ***/

<?xml version="1.0" encoding="gb2312"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<!-- 去掉下面一句,将出现错误 -->
<xsl:output method="xml"  encoding="gb2312" media-type="text/xml" />

<xsl:template match="/">
 <xsl:apply-templates /> 
</xsl:template>

<xsl:template match="search">
 <xsl:element name="a">
  <xsl:attribute name="href"><xsl:value-of select="url" /><xsl:value-of select="word" /></xsl:attribute>
  <xsl:value-of select="word" />
 </xsl:element>
 <br />
</xsl:template>

</xsl:stylesheet>

/*** data2.xsl ***/

<?xml version="1.0" encoding="gb2312"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">

<xsl:template match="/">
 <xsl:apply-templates /> 
</xsl:template>

<xsl:template match="search">
 <xsl:element name="a">
  <xsl:attribute name="href"><xsl:value-of select="url" /><xsl:value-of select="word" /></xsl:attribute>
  <!-- 去掉下面一句,将出现错误 -->
  <xsl:attribute name="target">_blank</xsl:attribute>
  <xsl:value-of select="word" />
 </xsl:element>
 <br />
</xsl:template>

</xsl:stylesheet>

CVSNT 2.5.03 Installation on Windows 2003

Author: Bo Berglund
Notice:
This guide is written as an installation help for CVSNT 2.5.03 and higher on Windows 2003 server.
Most of the discussion is also valid for installation on Windows XP-Pro (see below for an important setting).
NOTE! You cannot use XP-Home for CVSNT!
The guide uses the Innosetup based installer that I maintain but similar results can probably be obtained by using the Innosetup installer published by Oliver Giesen as well.
I am not using the MSI installer from the official CVSNT website since I cannot accept non-opensource software if anything else is available.

Table of contents
CVSNT Installation
Configuring the server
Adding CVS users
Adding CVS administrators
Disabling pserver as security measure
The cvs passwd command for adding users
Managing pserver and sserver users
Using the SSPI protocol
Fine-tuning user access of CVS
Using spaces with CVSNT

Installation of the CVSNT server

File system type
Make sure your system is only using the NTFS file system!
Also make sure you are logged on as an administrator of the PC (using an account with administrative priviliges).
And most important: Use the local disk on the CVSNT server!

IMPORTANT for XP-Pro users:
You MUST switch off Simple File Sharing, which is the default for XP (as recommended by Microsoft to make XP somewhat compatible with Win95-98-ME)!
You do this by opening a Windows Explorer and then use the menu command Tools/Folder Options. Select the View tab and scroll down to the bottom where you find this item. Uncheck it now!


Now for the actual installation and configuration:

1. Get the latest release of CVSNT
Get the latest CVSNT Innosetup installation from Innosetup CVSNT Installer download

2. Create CVS directories
Create two directories on the target machine, c:\cvsrepos and c:\cvsrepos\cvstemp. If you have a separate disk partition to spare for CVS then use that instead. The important point here is that the disk where the repository is located on is NTFS.

3. Directory security and permissions
Give c:\cvsrepos\cvstemp security settings that allows full control for all accounts including SYSTEM.
Important:
The cvstemp directory must NOT be located in either c:\WINNT\Temp or anywhere in the "C:\Documents and Settings" tree because these locations have imposed restrictions on user access!
Notice that on XP-Pro out of the box from Microsoft the permissions cannot be set like this until "Simple File Sharing" is switched off (see above). So you must do this if you use XP-Pro. XP-Home is totally unsuitable for CVSNT!

4. Install CVSNT
Run the downloaded CVSNT setup file and make sure to change the installation path to c:\programs\cvsnt (I am paranoid about removing any spaces in paths used by cvs!)
Start screen:


License agreement:


Install directory selection:
Note:
I strongly recommend that you install CVSNT to a path that does NOT contain any embedded spaces, for example like this:


Installation component selection screen:


Start menu selection:


Task selection screen:


Ready to install!


Install in progress


Release notes


Installation done!

Configuring the CVSNT server and repository

1. CVSNT Control Panel configuration
CVSNT is configured from the CVSNT Control Panel, which can be reached via the shortcut link placed under the Start menu during installation.


Now open the CVSNT control panel applet and do the following:

2. Shut down the CVSNT service
Check that the CVSNT Service is not running (Start button is enabled). This is the initial screen showing that both services are running:


If it is started then stop it. You can leave the Lock Service running.

3. Repository creation
The tab will initially look like this:



4. Add repository
Now you will add a repository to the server. This is done using the "Add" button. When you click this a dialogue shows up where you will define your repository.



5. Repository folder
Click the ellipsis button for Location to bring up the folder browser.
Now you can browse to the location you want for your repository and add a new folder here.
NOTE:
I strongly advice NOT to use paths with embedded spaces for CVS!



6. Name repository
Now fill in the description and the name of the repository as well.
NOTE:
Do NOT accept the suggested name, which is the same as the folder path!
Instead only use the bare folder name with a leading / like this:



7. Initializing the repository
When you click the OK button there will be a dialog where CVSNT offers to initialize the new repository.
When you click Yes then the new folder will be converted to a real repository:




8. First repository added!
Now the list of repositories has been populated with the first repository:




You can add as many as you like (almost) but please do not fall for the temptation to use one repository for each and every project! There are a lot of possibilities to streamline the development process using CVSNT, but many of these use the virtual modules concept and this is only possible within a single repository.


9. Server Settings
Now go on to the Server Settings tab.
Here the default settings are all right for now, except the Temporary Directory setting.



NOTICE about Domains:
You can set the Default domain entry to either the CVSNT server PC name (as in the example above) or the domain name to which the CVSNT server belongs. CVSNT will strip the domain part from all accounts that log on using the default domain before processing. All other logons will be processed using their complete names (DOMAIN\username). The result of this is that all users that "belong" to the domain specified in this box will be logged using only the account name, likewise these usernames will be supplied to the administrative scripts without the domain name. All others will have a domain name added. This must be accounted for in any admin script used.
The CVSROOT/users file is one such admin file that needs to be handled with care concerning domain and non-domain entries.

Temp dir: Use the ellipsis button to browse for the folder prepared for this purpose above:



10. Compatibility
On the next tab (Compatibility Options) there is nothing you need to change for now:




11. Plugins and protocols
The Plugins tab define a lot of the extra features of CVSNT including some aspects of the connection protocols. The sceen list the available plugins and when you select a line you will be able to configure this plugin by clicking the configure button:




12. Sserver configuration
Here is the configuration window for the SSERVER protocol plugin. Please set it like this:




13. Advanced settings
The final tab on the Control Panel deals with advanced configuration settings and you need not change anything here.




14. Apply configuration changes
Now click the Apply button! This is really important, nothing will happen unless you do this! Note that after you have done this the Apply button is disabled.

15. Start the CVSNT service
Go back to the first tab and click the Start button. After a few moments the Stop button will be highlighted.
Now CVSNT runs (success!)

16. Restart the server
In order for you to be able to use the command line cvs you need to have the path variable set to include the location of the cvs.exe just installed (c:\programs\cvsnt). Since the installer will have put this into the system path variable it will work if you restart the server.
You can check this by going to a command window and typing the command:
cvs --ver
If this results in an eror message then you should restart the server PC before continuing.

Adding and managing CVS users for pserver and sserver access

This is a step that is only needed if you plan on using the sserver or pserver protocols with this CVS server. If your users are all on Windows PC:s pserver is not recommended since it has inherent security flaws. Instead use SSPI because that protocols integrate much better with Windows. If you decide to go with sspi (recommended) then you can skip the discussion on how to add and manage users in this section.

1. Creating CVS accounts on the server
In order for pserver and sserver to work you have to define CVS users, but before you can do this you need to create two real accounts on the server. These accounts will be used by the CVS users as the working accounts.
You need one account which will be a CVS administrative account and one which will be a normal user account. Note that the CVS administrator need not be a server administrator!



The two accounts are added through the Users dialog in Computer Management.
I have used the account names cvsadmin and cvsuser as shown above.

2. Adding CVS users
Open a command window and do the following (replace items <text> with the real values from your system).

set cvsroot=:sspi:<computername>:/TEST
cvs passwd -a <account name>

You will now be asked to enter a password for this user. This password is only for CVS use so it should not be the real system password! Enter the password twice.
Now the CVSROOT/passwd file will be created and the user you entered will be added to the list in this file.
This step is necessary if you are going to use the pserver or sserver protocol in the future since there is no way to log in with pserver/sserver unless there is a passwd file present with the user listed.

Important note:
Any user entered like this MUST be an NT user on the local system! CVS will not accept any user login that is not connected to a "real" account.

3. Aliasing CVS users to real accounts
In order to have many CVS user logins you don't need to create masses of system accounts! Instead you can "alias" a CVS login to a "real" account using this command:

cvs passwd -r <real accountname> -a <cvs login name>

What will happen now is that to CVS the user will be known and registered as the CVS login given in the command, but for file operations that will encounter permission issues the commands will be executed in the context of the real system account that was aliased. This makes it possible to use NTFS file system permissions to limit access to certain parts of the repository to some users. You simply create a system account for which you set limited permissions and then you alias the CVS login to this user.

Note that this command will fail if there is a space embedded in the real account name! DON'T ever use spaces in these contexts!!!!! (But using quotes may solve the problem like this:
cvs passwd -r "system admin" -a "new user"
Since I don't have a valid user with embedded space I could not check the quotes trick with the valid user name parameter, but adding a CVS login with space embedded *can* be done with quotes.)

Examples:
cvs passwd -r cvsuser -a charlie

or if you want the new user to be a CVS administrator:

cvs passwd -r cvsadmin -a rogerh

Note about Domain users:
You can add domain users with the following command:
cvs passwd -r <real accountname> -D <domain name> -a <cvs login name>
This command is reported by a user to have worked for him. I cannot check it because I don't have a domain. But based on information from the mail list I think that it will only work if there is a trust between the CVSNT server PC and the domain controller. If the CVSNT server PC is a member of the domain then this is the case.

The server is now ready to be used and you can check the pserver functionality by doing this:

4. Testing the CVS connection with sserver
Open another command window and type:
set cvsroot=:sserver:<user>@<computername>:/TEST
Replace <user> and <computername> with valid entries like:
set cvsroot=:sserver:charlie@cvsserver:/TEST

Then:
cvs login (enter password on prompt)
cvs ls -l -R
(this should give you a list of the files in TEST/CVSROOT)

5. Testing the CVS connection with pserver
Open another command window and type:
set cvsroot=:pserver:<user>@<computername>:/TEST
Replace <user> and <computername> with valid entries like:
set cvsroot=:pserver:charlie@cvsserver:/TEST

Then:
cvs login (enter password on prompt)
cvs ls -l -R
(this should give you a list of the files in TEST/CVSROOT)

6. Testing the CVS connection from another PC
Open a command window on another PC where you have installed the CVSNT in client only mode and type:
set cvsroot=:sserver:<user>@<computername>:/TEST
Replace <user> and <computername> with valid entries like:
set cvsroot=:pserver:charlie@cvsserver:/TEST

Then:
cvs login (enter password on prompt)
cvs ls -l -R
(this should give you a list of the files in TEST/CVSROOT)

If you cannot get this far, for example if the login fails, then you should check the Windows Firewall settings on the CVSNT server:

7. Modifying Windows Firewall to allow CVS calls

• Go to Control Panel
• Open the Windows Firewall item.
• Select the Exceptions tab
• Click the "Add port" button
• Enter the name CVSNT and port number 2401 as a TCP port
• Accept back to the main screen
• Make sure Windows Firewall is set to ON

Administrating the repository, users with admin rights

There have been a number of reports that people have not been able to add users or execute the cvs admin command even though they were members of the Administartors group or even of Domain Admins. In order to avoid this there is a simple way to manage who will have admin rights on the CVSNT server. It is done through the CVSROOT/admin file.
Here is how to:

• Create a text file called admin (no extension) inside the CVSROOT directory of the repository.
• Edit this file by adding on separate lines the login names of the users you want to give administrative priviliges on the CVS server.

Disabling the pserver protocol

If you are exposing your CVSNT server to the Internet you should disable the :pserver: protocol because it uses too low security levels. Only the password for login is 'encrypted' and this is only barely so. All other traffic is in cleartext...
To protect your data you should use the :sspi: protocol instead (and set its encryption flag of course).
As an alternative with the same basic functionality as pserver you can use sserver instead. This uses encrypted connections by default and is probably better if you want to add cvs logins that do not correspond to real accounts (see above).
Disabling any protocol on the CVSNT server is done through the CVSNT Control Panel Plugins tab.
Select the :pserver: protocol line and click Configure. This will bring up a dialogue where you can just uncheck the checkbox to disable the protocol:

Adding new pserver users using the cvs passwd command

As soon as you have logged on using pserver or sserver with a cvs login name that is the same as a local system admin or is aliased to an admin account or is listed in the CVSROOT/admin file then you can add and delete CVS user logins with the passwd command. Here is the full syntax for this command:

Usage:
cvs passwd [-a] [-x] [-X] [-r real_user] [-R] [-D domain] [username]
-a Add user
-x Disable user
-X Delete user
-r Alias username to real system user
-R Remove alias to real system user
-D Use domain password

Example:
cvs passwd -r charlie -a john
This adds a CVS login john with a system alias to account charlie. When the command is executed there will be a password dialogue that asks for the password of john twice for confirmation. Note that this is NOT the actual system password of account john, it is the CVS login password only used by CVSNT.
After the command completes there will be a new line in the CVSROOT/passwd file looking somewhat like this:
john:KacIT8t1F/SKU:charlie
The part between the :: is the DES encrypted password you typed in and will be used by the CVSNT service during login to validate john. Once accepted the account charlie will instead be used so the password is no longer used. The CVSNT service has full priviliges to act on charlie's behalf and this is what it does too.

Managing pserver and sserver users

If you plan on using pserver or sserver with a fairly large number of different user logins then you might want to do as follows (also described above):

• Create a local user on the CVSNT server by the name of "cvsuser".
• Login to the cvs server using an admin account.
• Add the logins with the following command to alias to the cvsuser:
  cvs passwd -r cvsuser -a <login user name>
  You will be asked twice for the login password.

Using the SSPI protocol for CVSNT access

A few years ago the SSPI protocol was added to CVSNT. It works over TCP/IP so it can more easily traverse firewalls. Like :ntserver:, which is now depreciated, the :sspi: protocol does not need a login, instead the login you did when you started your workstation is used with this protocol.

Limiting user access with sspi
When used normally sspi will accept connections from all system users that authenticate against the system (local or domain). Often this is not really what we want, instead we want to use the same mechansism as is used with :pserver:. Here the CVSROOT/passwd file limits the logins accepted by CVSNT to those mentioned in the file.
With :sspi: this is quite possible, you only have to list the account login names that you want to give CVS access in the passwd file. You also have to set the parameter
SystemAuth = No
in the CVSROOT/config file.
Note that in this case there is no need for entering passwords into the passwd file, sspi uses the system login and the passwd file is only used as a list of accepted users. So simply issuing this command when logged in as a CVS administrator will work:
cvs passwd -a newuser
(press enter twice to tell CVSNT that no password is used)

Fine-tuning user access of CVS

The NTFS file system permissions can be used to tune the access to the CVS repository with more granularity than the passwd file allows. Here is how it is done:

1. Create a number of NT user groups where members can be added and removed easily.
2. Don't use aliases in the login scheme, let each user login as himself, for example using :sspi:.
3. Set permissions (read/write, read only, no access) on the module level in the repository using the CVS groups as tokens.
4. Give membership to the CVS user groups as needed to individual NT accounts

Using spaces with CVSNT

CVSNT tries its best to handle spaces embedded in file and directory names. But there still are instances where the use of spaces breaks the CVS functionality badly. So my recommendations are:

1. Install CVSNT to a path that does not contain spaces.
2. Place the repository on a path not containing spaces.
3. If you install additional software like PERL or RCS, don't use spaces!
4. Instruct your users not to use spaces in directory names that are to be handled by CVS.

People may argue that CVSNT handles these issues for them, but in my experience this is only partly true. For example the loginfo and notify script parsing breaks fully when handling files with embedded spaces. There are other places as well...
Also by allowing spaces you will make it impossible to later move the repository to a *nix system (Unix, Linux etc).
So you are much better off prohibiting spaces up front!

Afterwords

This tutorial is written 2005-11-16 and is based on CVSNT version 2.5.03.2148.
The test system is Windows Enterprise Server 2003 with SP1 installed running in Virtual PC 2004 SP1 on my development PC. The server is not member of a domain.

Comments? Send me a message: Bo Berglund