The LDAP server was in read only mode all night, making minor things not work right.
The object cn=userRoot,cn=ldbm database,cn=plugins,cn=config has an attribute, nsslapd-readonly, that was set to on. Changing it to off put the directory back in read-write mode and made password changes (and other stuff) start working again. As far as I can tell, this object is not accessible through the GUI console.
Spent this afternoon and evening chasing down a strange problem in LDAP.
At about 4:00 this afternoon, ASHTI went into a tailspin, with a load average of about 24. After some poking, I determined it was Samba at fault, and that it was having horrendous performance on searches for rid attribute matches. My first thought, that it was a lack of index on that attribute was correct, but it wasn’t immediately obvious.
I did increase the All IDs number, but that, of course, didn’t do anything. I found out how to export and import the database, though.
I finally figured out how to rebuild the indices from the command line, and noticed that rid and uidnumber weren’t among them. I added those indices via ldapadd and rebuilt.
Adding an index:
ldapadd:
dn: cn=rid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config objectClass: top objectClass: nsIndex cn: rid nsSystemIndex: false nsIndexType: pres nsIndexType: eq
and then to regenerate: db2index.pl -D ‘CN=Manager’ -w password -n userRoot
Regeneration takes a long time, and may require a restart of the LDAP server at the end (and be careful for crashes in the middle).
It occurs to me to wonder whether this information might have any bearing on the MacOS X login issue…
Added a pre-register check in NetReg for new aut-registers.
The pre-register displays links to the AUP and privacy policies and the Vexira download page before explicitly having them click an “I agree” link to get registered.
Caught a few copies of a new virus sent to opf-l and held (return address was postmaster).
Redirected to my account and sent copies to Vexira. They had sig updates shortly afterwards.
The new version of Moodle is all ready to go.
I made the old instance of Moodle available under the /old URL, copying the code and data from the moot server that it was on. The database for it is still on SHANTI.
Starting to do mass conversions for various people.
Rewrote rcm2ical to deal with multiline description fields and some timezone issues. Sun ONE didn’t do the right thing with respect to daylight savings. Now I convert all times to UTC using Date::Manip and make a hash structure for the calendar with a separate entry for each event (keyed by the event UID). After the hash is complete I walk it and print out the results.
I’ve been getting HEDD up and running for Moodle.
Jumpstarted yesterday from the Moodle definition. The main gotcha is that this box has no CD-ROM, so the disks ar c0t0 and c0t1 rather than c1 based.
Today I got PostgreSQL and PHP installed. PostgreSQL is using /data/pgsql as its data directory, and I essentially copied the startup script from the FreeBSD port for Solaris.
PHP was simple and straightforward, after modifying the apxs perl script to point to the right perl location (/usr/bin rather than /usr/local/bin).
—
Update: having to recompile PHP with OpenLDAP support. I made OpenLDAP without slapd support, since we aren’t going to be running any LDAP server here and this takes out the requirement for Berkeley DB.
Some observations about viruses on campus, from looking at the MIMEDefang stats on KE…
Getting some fine tunings for the NetSQUIDs, finding some new viruses, and thinking about tape libraries.
I’ve got a decent semi-auto install of NetSQUID.
I’ve got the install script debugged decently and burned to CD. All the later customization can probably be easily enough done with the update scripts. At this point we can install Slackware 9.1 with the tagfile floppy, chroot to /mnt on the new system, mount the NetSQUID CD, and then run install.sh from there, answering customization questions as appropriate. It sets up the update script to run every 15 minutes and pull updates (if they’ve changed) from SHANTI and install them. Since the updates are just tarballs based from /, we have the ability to modify just about anything on the system fairly easily.
I think we’re going to try putting the NetSQUID test box on the link between the Lilly Alpine and the Black Diamond soon to see how well it holds up.
There’s a NetSQUID prototype almost completely working.
I had to add some shared libs for the perl IPTables module that weren’t in the TAMU package, and the DNS server parsing in the netsquid perl program was slightly broken. I got some snort rules that should detect various worms and added a simple test one for HTTP to make sure it was working right. The main thing at the moment is that HTTP redirection on blocking is not working properly. I’m not sure about the network topology, iptables, or thttpd, so we’ll see what happens Monday.
Working on updates for MIMEDefang/ECSanitizer.
Seems like the best thing to do might be to rewrite ECSanitizer from scratch and clean up a lot of its internals. I started doing that earlier today.
Getting further with NetSquid.
NetSquid is now at netsquid.tamu.edu. They’ve got a quick install tagfile set for Slackware 9.1, so I’m downloading the 9.1 ISO images. Ellenm reports that she’s working on a Slackware package that will include the appropriate perl version and modules. Other stuff should be coming on the web site soon.
We’re using Linksys gigabit ethernet adapters for the bridge, product code EG1032. Linux seems to have decent drivers for these, and we’ve got a box working with the two test cards we got (in bridging, not yet using snort, etc.). Next is to install Slackware on these and get the TAMU style setup working.