TheGeekery

The Usual Tech Ramblings

mod_auth_ldap and Active Directory

After having a server running fine for a while (about a year) a simply upgrade of ldap, and apache brought one of my “cheap hack” pages to a halt. That “cheap hack” page was developed to save account managers having to rummage their way through the company configuration screens of our app. I basically have a php app that talks directly to the DB, and allows them to update the account manage information quickly for a bunch of stores. This was protected by a login prompt that was generated by mod_auth_ldap. This hits our domain controllers, and makes management very nice. Here is the catch. We recently added a new domain controller, and I also upgraded apache and openldap on this particular server (security updates). All of a sudden, things came to a halt, the logs hinted at the issue…

auth_ldap authenticate: user *user* authentication failed; \
  URI */somepage.php* [ldap_search_ext_s() for user failed][Operations error]

Mildly baffled, I jumped on google, suspecting that the upgrade for OpenLDAP had broken something, or mod_auth_ldap (packaged with Apache2) had altered their syntax. I stumbled across a post or two that hinted at group names, but I wasn’t specifying any. I then finally stumbled across this. Now I am a complete airhead sometimes, and forgot that only a week before I did all these upgrades, I started re-arranging the domain into organizational units for improved security. It appears Apache’s mod_auth_ldap module gets itself in a tizzy when the results from the search are in OUs. A suggestion was to hit the global catalog instead. This was just a case of changing the port number from 389, to 3268. Another quick test, and it appears to all be working rather nicely again.

Beginning the Cleanup

After spending an hour trying to clean up my unread message count, I realized I’m on far too many lists. This never used to be an issue a few years ago, because the lists I was on were critical to a lot of stuff I did. For example, TheBat user discussion list. I used to be very active in the client, as well as helping out a lot. It’s served me well for over 5 years, though there have been some rough spots, and nearly complete give-ups, but always attracted back to it because of its rich features. The problem is, my work now doesn’t give me enough time to read a huge amount of emails, and the last thing I feel like doing at the end of the day is trawling through a few hundred emails about helping people when I’ve been doing it all day. Then there is the undernet stuff, and various other lists too.

So I was looking at my mail store size. About a year ago, I started “archiving” stuff by creating an archive structure duplicating the folder layout, and moving emails into a dated folder under that. Then I bzip2’d a few years worth of stuff, took them off the box, and left it at that. Well, despite doing that, I still have close to 2GB of mail. I am sitting here in a moment of thought, trying to work out why I have 2GB of mail. Originally I had planned to keep some of it for references, but then I think back to the last time I even looked at the archives. Quite simply, I have not. So that tells me it’s clean up time. My plan is fairly simple, bzip2 everything that is dated before 2005, take it off the server, burn it to a DVD, and store it. If I ever decide later at some point in time I had an article I know I’d read waaay back in time, I know I have it, otherwise it doesn’t need to be on my server.

The “clean mail store” will only contain information I know I will need frequently, or are things I have to deal with. For example, SquirrelMail bugs, or reply to friends, otherwise it’s going to be a case of read and delete. I should probably also consider a better storage method for my license keys, and serial numbers instead of my mailbox. I think this will probably help me start to unclutter some things around here… now off to say some goodbyes on some lists, and do some unsubscribing.

Cisco against the world...

In a weird case of “who designed this packaging”, it looks like Cisco is against the world. Or at least they agree with the government and immigrations, and against Taiwan.

This is a small image from one of the packages in our Pix box.

Against the world...

Wooo...

So we got approved on the PIX yesterday, and it was ordered. We also have just been sent the new IP addresses we’re getting with our new connection. 62 shinny new IPv4 addresses winging their way to my office care of a 10mbps fiber connection (upgradable to 1gbps).

Exchange and Large Messages

In a sane environment, you set limits on the sizes of attachments you can both send, and receive. However I’m not in a sane environment. The corporate types complain when they cannot do what they want, and being just a meer Network Admin I have to follow their orders albeit with reluctance, and severe suffering of everybody else.

The Fall of The IT Control Freak

Art Wittmann over at Network Computing (a publication by CMP) wrote an article this week on “The fall of The IT Control Freak”. It basically goes on to mention the general trend that in most setups, the control of the IT team is slowly slipping. The reason is simple; the advance of technology. In his article he cites the early 80s with desktop computers costing $6,000 each. That’s a huge chunk of money for one person’s desktop. Compared to now, I have 2 laptops on my desk, 2 flat panel screens, and 2 desktops, combined is probably less than that one desktop back then.

Not a great start...

Sunday afternoon, we received a call from building security reporting that they’ve had a power outage lasting 1.5 hours, and power has now been restored. This means hell for me. 1.5hours is quite a long time. Our UPSes are able to sustain the servers for approximately 30 minutes, and longer if we reduce the servers to critical load only.

So why didn’t I get a notification earlier that power was out?

Productivity and blah...

Blah… that’s kinda how I feel at the moment. Not sure why. I’m unmotivated at work, and I get this feeling my productivity is slipping. I’m finding myself snipping a little more at people I work with because of stupid mistakes they make. Usually I’d joke about it, but this is different. What’s weird is that it’s not like I’m not getting stuff done.

Today was a little different, I really didn’t feel up to a huge amount of work, so took care of some niggling projects that I took upon myself to do. For example, there has been an open development request for auditing of user changes on our production services. This is, and always has been, something that should be there. But it’s not new functionality, and it’s not fixing a bug. This is more of an internal thing, and as most people know, internal projects always take the back burner over customer requests. So basically summarized, the open request is to add tracking of who changed what, on what user, and when. Fairly simply security auditing stuff. The current setup records who changed the record, and when, not what, just when. It also doesn’t keep a history, so a minor flaw there. Now this is where things get stupid. Our helpdesk staff cannot see who last modifed the user record. This in itself is retarded, I’m sure it’d take a developer all of 2 minutes to modify the current user management screen to add a “last modifed by:” field, and load the data, but nope.

Anyway, I digress slightly. So for them to find out who modified a record, they have to come see me and ask. This generally isn’t too bad, it’s a 2 second query. The problem is, it takes 30 seconds to connect to the SQL server, another 10 seconds loading the query window, and the few seconds to execute the query. Totally about a minute to find out 1 item. I do it on an almost daily basis, and in performing the operating, I get distracted from whatever project I was working on (see comment about snipping a little higher up), and I generally get quite frustrated. I know it’s not the helpdesk tech’s fault that they don’t have access to the information, it just gets under my skin that our developers aren’t fixing the issue for us.

I took about an hour of my day today, I dedicated it to resolving the above issue. Very simply web interface. So simply, all you need to do is type in the user id of the user, and hit go. This then talks to the SQL server, finds the user information, and displays it. I even went so far as to allow multiple options by using a , seperated list of values. Now the helpdesk don’t need to me try and figure out who modifed what, and when. So you see, it has been productive today, or at least in that regard.

So I decided to spent the better part of the afternoon looking at todo management. I honestly say, I suck at it. At any one time, I probably have a list longer than both my arms. So I should probably start better management of them. Especially as I’ve noticed my memory seems to slip from time to time. Better management of my time is what I need. A better outlook on what I have on my plate of things to do. So I start looking around, and somehow manage to stumble across David Seah’s blog (he’s done some work with EA, and other games over the years). He has a series called “The Printable CEO (tm) Series”.

David’s series covers a handful of novel ideas on time management, project tracking, and the likes. He also has a little section on productivity. This is the section that caught my eye. Mostly because of his artical on Adult-Onset Productivity Responsibility Syndrome. Now he comments later on in the article (well in the comments) that his self-diagnosis is in jest, however some of the stuff he goes over seems to settle quiet well with myself as well. He covers little things like feeling inadequete, feeling left out, feeling behind. It’s well worth a read, along with his other stuff on productivity.

After reading his entry, I came to realize some things:

  • I seem to procrastinate quite a bit. For example, I’ve had a personal project sitting on the back burner for ages. Purely because I can do the tasks the application was/is meant to do manually, it’s just time consuming.
  • I work much better under pressure. If I have a deadline, and a lot of work, I get stuff done.
  • I have a terrible memory. Don’t stop me in the hallway, and ask me about a project, chances are, I was going somewhere, and I’m likely to have just forgotten what I was doing, and now my whole task has been blown.
  • I have a terrible memory… Yes I said it twice. Email me the task. I usually ask you to anyway, that way it’ll get done, otherwise I will most likely forget.
  • I’m terrible at time management. Give me a deadline for something, I will get it done by then. If you want to review it, make sure you tell me, otherwise I will work on the deadline.

So this rambling bundle of blithering actually started off with a plan in my head, and about the 3rd line in, it went to rambling. This also goes well with other things I’ve noticed. I’m a terrible writer… I usually have some kind of plan, but about 3 lines in, the plan is gone, and I start to ramble… so on that note, I’m closing this one up, and trying again at some other point in time.