Ray Van Dolson's Blog

Pontifications from smoggy Southern California

Archive for the ‘Systems Administration’ Category

RHEL’s Apache and LDAP Referrals

with 4 comments

After upgrading to RHEL 5.7, one of my Apache servers which protects content using mod_ldap authenticating against Active Directory stopped working. Error logs showed the following:

auth_ldap authenticate: user xxxx authentication failed; URI /viewvc/ 
[ldap_search_ext_s() for user failed][Operations error]


This usually means there is a problem with referrals, but OpenLDAP was properly configured to not follow them (/etc/openldap.ldap.conf w/ REFERRALS off).

Turns out that buriedin the RHEL 5.7 release notes, this gem can be found. A brand new configuration directive called LDAPChaseReferrals. Apparently, when referrals are provided in a result-set, mod_ldap by default does not bind to them using the provided credentials. The new version of Apache in RHEL 5.7 corrects that and provides this new directive to enable or disable the feature.

However, I couldn’t find any documentation for it upstream, and after following the bugzilla link in the release notes realized that the Apache project had actually gone a different route and called their directive LDAPReferrals in addition to adding another directive to limit the number of hops that would be followed.

End result is that it appears Red Hat has added in a one-off and undocumented configuration directive. 🙂 Likely unintentionally, but this definitely led me to some confusion.

Opened a new bug to see about getting this resolved.


Written by Variant

August 1, 2011 at 2:21 pm

Posted in Systems Administration, Technology

Tagged with , ,

screen, we hardly knew thee…

leave a comment »

I recently discovered tmux. It’s actually been around for about four years, but as I’ve been reasonably happy with GNU screen, I’d never thought to look elsewhere. tmux piqued my curiosity and as there were packages readily available in EPEL, I installed it and have been using it most of the day.

The screen keystrokes are firmly stuck in my brain, and of course there’s the chance that I might have to use screen again on other systems, so I’d rather stick with them vs. re-learning tmux’s C-b based command structure. After some tinkering, I found that the following in my ~/.tmux.conf file gets me most of the way there:

set-option -g prefix C-a
bind-key p previous-window
bind-key C-p previous-window
bind-key Space next-window
bind-key C-Space next-window
unbind-key C-b

# Makes CTRL-A A work like in screen (jumps to beginning of line)
bind-key a send-keys C-a

In a nutshell, this sets the command key sequence to C-a (CTRL-A) and sets the ‘p’ and spacebar keys to cycle through my windows. As I often find myself keeping the CTRL key pressed down as I hit the p or spacebar, I also mapped things so the windows will shift whether or not I leave CTRL pressed or not.

I’ve never been a screen power user, but anything with a smaller memory footprint is a win for me as I primarily have been using screen on a low-memory Linode system.

Written by Variant

June 22, 2011 at 10:50 pm

Posted in Systems Administration, Technology

Tagged with

Cleaning up Gmail (Hosted Apps)

leave a comment »

A couple of years back, I migrated all of my email off of my Postfix/Dovecot mail server to Google Apps.  I was tired of fighting spam and dealing with the occasional outages to my server that would impact the family and friends whose email lived there.

I didn’t have a lot of accounts to migrate, and many of my users were POP3 users who downloaded everything — so there wasn’t a lot of email to move over.  What there was I did manually with an IMAP capable email client and just copied folders and their contents “en masse” over to GMail.

This worked pretty well except for the fact that I’d been using Mutt, and had all my sent mail copied to a series of folders embedded under a parent “Sent” folder with the year and month in the name.  So Sent/Sent-Mail-2001-05, etc.  There were a ton of these folders and in GMail they show up as Labels.  A very long list of labels. With no easy way to hide them all.

I dealt with a few manually, but GMail didn’t seem to have a way to do any sort of bulk actions within their UI, and recursively moving the contents of these folders into GMail’s Sent Mail folder from within Thunderbird wasn’t much easier.

Enter Python and imaplib.  The following hacky and one-off script ended up doing the job for me pretty nicely:

import re
import imaplib

LRP = re.compile(r'\((?P<flags>.*?)\) "(?P<delimiter>.*)" (?P<name>.*)')

def main():
    global LRP

    m = imaplib.IMAP4_SSL('imap.gmail.com', 993)
    m.login('username', 'password')

    status, mailboxes = m.list("/Sent", '*')

    for mb in mailboxes:
        flags, delimiter, mailbox_name = LRP.match(mb).groups()

        print mailbox_name
        s, d = m.select(mailbox_name)

        # If we got an OK and there are > 0 messages in the folder.
        if s == 'OK' and int(d[0]) > 0:
            print "  Trying to move %d messages." % int(d[0])
            typ, [response] = m.search(None, 'SEEN')
            if typ != 'OK':
                raise RunTimeError(response)
            msg_ids = ','.join(response.split(' '))
            m.copy(msg_ids, '[Gmail]/Sent Mail')
            m.store(msg_ids, '+FLAGS', '\\Deleted')
            if mailbox_name != '"Sent"':
                if int(d[0]) == 0:
                    print "  No messages, deleting %s" % mailbox_name
                print "  Skipping Sent"

if __name__ == '__main__':

Now my GMail is much more neat and tidy. It would be nice if imaplib had a move() call…

Written by Variant

May 30, 2011 at 8:30 am

Posted in Systems Administration, Technology

Tagged with ,

My First Greasemonkey Script

leave a comment »

My first Greasemonkey script compels MarkMail‘s message view pane to use a fixed width font instead of a variable width font. Much nicer.

Written by Variant

October 25, 2009 at 9:03 pm

File Locks on Solaris 10

with 6 comments

In the process of troubleshooting a file locking issue on a Samba/NFS server, I needed to be able to take a look at the locks on a Solaris 10 system. In Linux this is fairly straightforward to do with the lslk command or by taking a peek at /proc/locks. No such luck on Solaris.

Fortunately, I stumbled across this excellent reference and was introduced to the Solaris Modular Debugger (mdb).

The ::lminfo command gave me almost exactly what I needed, except, as Chris mentions in his wiki entry, the path information is truncated. You can easily cycle through and print only the path out, but then you’re missing the rest of the information which is awfully nice to see.

> ::lminfo
ADDR             TP FLAG    PID COMM             VNODE            PATH
600114a7040      WR 0021    315 ypbind           60012161080      /var/yp/binding/xpr
6001203ea00      WR 0021    315 ypbind           60012160080      /var/yp/binding/xpr
6001203e800      WR 0021    315 ypbind           600115b0140      /var/yp/binding/xpr
60011452700      WR 0001    558 mdmonitord       600131da100      /etc/lvm/.mdmonitor
6001203eb00      WR 0021    315 ypbind           60012160180      /var/yp/binding/xpr
60010a90e80      WR 0001    505 automountd       60013024180      /etc/svc/volatile/f

I couldn’t figure out a good way to convince ::print to display multiple lock_descriptor_t members — and format it as nicely as ::lminfo did. I was about to write an external parser in awk or python to hack this together, when Jonathan Adams of Sun suggested that an mdb module could be created to accomplish just what I was after.

After some trials and tribulations getting this going, I was able to create a ::lminfo2 module that not only displays the pathname of the locked file sans truncation, but also spits out the whence, start and length information for ranged locks! Sample output:

# echo "::load /home/rayvd/src/mdb/sparcv9/lminfo2.so; ::lminfo2" | mdb -k
ADDR             TP FLAG    PID COMM             VNODE            WHENCE    START     LEN       PATH
600114a7040      WR 0021    315 ypbind           60012161080      1         0         1         /var/yp/binding/xprt.udp.2
6001203ea00      WR 0021    315 ypbind           60012160080      1         0         1         /var/yp/binding/xprt.ticlts.2
6001203e800      WR 0021    315 ypbind           600115b0140      1         0         1         /var/yp/binding/xprt.ticotsord.3
60011452700      WR 0001    558 mdmonitord       600131da100      0         0         0         /etc/lvm/.mdmonitord.lock
6001203eb00      WR 0021    315 ypbind           60012160180      1         0         1         /var/yp/binding/xprt.ticlts.3
60010a90e80      WR 0001    505 automountd       60013024180      0         0         0         /etc/svc/volatile/filesystem-autofs.lock

The main challenge I encountered was dealing with the mdb_printf and mdb_snprintf commands. Both are “smart” in that they automatically truncate lines at the end of the terminal.

To build the module, you need a C compiler, the SUNWmdbdm package, and also, a header file (mdb_ks.h) from the mdb sources (available in OpenSolaris) to gain access to some internal mdb functions not exposed by mdb_modapi.h.

The module, and some basic instructions on building are available here. Feedback welcome.

Written by Variant

October 25, 2009 at 8:16 pm

Posted in Systems Administration, Technology

Tagged with ,

Tricks with find

leave a comment »

I was attempting to find the newest C file in a tree of files I’d checked out from CVS. find to the rescue:

$ find . -name '*.c' -printf '%-50p %-15T@ %T+\n' | sort -k2
./ssl/main.c                                       1039831674      2002-12-13+18:07:54
./ssl/lex.yy.c                                     1039831674      2002-12-13+18:07:54
./ssl/ssl_enum.c                                   1039831678      2002-12-13+18:07:58
./ssl/y.tab.c                                      1039831683      2002-12-13+18:08:03
./common/lib/debug.c                               1039831686      2002-12-13+18:08:06
./common/lib/r_list.c                              1039831689      2002-12-13+18:08:09
./common/lib/r_time.c                              1039831689      2002-12-13+18:08:09
./common/lib/r_errors.c                            1039831689      2002-12-13+18:08:09
./common/lib/r_replace.c                           1039831689      2002-12-13+18:08:09
./common/lib/r_assoc_test.c                        1039831689      2002-12-13+18:08:09
./common/lib/threads/pthreads/pthread.c            1039831690      2002-12-13+18:08:10
./base/debug.c                                     1039831693      2002-12-13+18:08:13
./base/common.c                                    1039831693      2002-12-13+18:08:13
./base/proto_mod.c                                 1039831694      2002-12-13+18:08:14
./base/print_utils.c                               1039831694      2002-12-13+18:08:14
./base/tcpconn.c                                   1041533083      2003-01-02+10:44:43
./null/null_analyze.c                              1041533086      2003-01-02+10:44:46
./ssl/ssl_analyze.c                                1041533087      2003-01-02+10:44:47
./ssl/ciphersuites.c                               1051291844      2003-04-25+10:30:44
./ssl/ssl_rec.c                                    1051291846      2003-04-25+10:30:46
./common/lib/r_data.c                              1166728933      2006-12-21+11:22:13
./common/lib/r_assoc.c                             1166728933      2006-12-21+11:22:13
./common/lib/r_bitfield.c                          1166728933      2006-12-21+11:22:13
./ssl/sslprint.c                                   1166728991      2006-12-21+11:23:11
./ssl/ssl.enums.c                                  1166728991      2006-12-21+11:23:11
./ssl/sslxprint.c                                  1166728991      2006-12-21+11:23:11
./base/network.c                                   1166729027      2006-12-21+11:23:47
./base/tcppack.c                                   1166729027      2006-12-21+11:23:47
./base/pcap-snoop.c                                1166729027      2006-12-21+11:23:47
./ssl/ssldecode.c                                  1247069555      2009-07-08+09:12:35

Written by Variant

July 8, 2009 at 8:35 pm

Posted in Systems Administration, Technology

Tagged with ,

Recording Streaming Automatically

leave a comment »

I wanted to record a streamed radio show automatically once a week at a certain time, for a certain duration. Enter mplayer, cron and a simple shell script:

# show.sh
DATE=$(date +%Y%m%d)

[ -f "$OUTFILE" ] && rm -f "$OUTFILE"

mplayer -dumpstream -dumpfile $OUTFILE $URL &
sleep 10800
kill $PID

Then add a cron entry as follows:

0 7 * * Sun $HOME/bin/show.sh

This will record the specified stream for three hours, every Sunday at 7am local time.

Written by Variant

June 23, 2009 at 8:38 pm