Friday, 13 September 2013

Mac OS X Lion slapd problem after changing certificate

After changing the self-signed certificate on Mac OS X Lion Server the slapd process would not start, the log revealed messages:

Sep 13 14:50:35 crab slapd[12125]: @(#) $OpenLDAP: slapd 2.4.23 (Jun 24 2012 23:35:56) $
Sep 13 14:50:35 crab slapd[12125]: daemon: SLAP_SOCK_INIT: dtblsize=8192
Sep 13 14:50:35 crab slapd[12125]: main: TLS init def ctx failed: -1
Sep 13 14:50:35 crab slapd[12125]: slapd stopped.

Eventually after reading about slapd and running
/usr/libexec/slapd -d -1

I found this was because slapd was using the configuration in
instead of

the former overriding the latter.  Unfortunately it seems the "Server Admin" GUI does not update slapd.d!  I tried running
/usr/libexec/slapd -f /private/etc/openldap/slapd.conf -F /private/etc/openldap/slapd.d
as recommended, but this did not update the existing slapd.d files.

Finally I just moved slapd.d to slapd.d.sav and the slapd process then started successfully.

Saturday, 2 February 2013

Fun with Sophos UTM and Mac OS X Lion ldap

Scenario: Sophos UTM 9 gateway needs to authenticate unknown users against a Mac OS X Lion server running Open Directory.  How do we find the right strings to put in the Authentication Server configuration in UTM?

The UTM configuration is reached from the UTM webadmin page, on the lhs click on "Definitions & Users" then "Authentication Servers".

Click on "New Authentication Server...".

Set "Backend" to "LDAP".

I set "Position" to "Bottom".

Populate the "Server" field with the address of your Mac OS X server.

Now the "Bind DN" field will contain uid=diradmin,cn=users,dc=fruit,dc=local if your LDAP administrator is "diradmin" and your server is "fruit.local".  You need as many "dc=" parts as there are parts in the host name e.g. for you would need "dc=fruit,dc=tree,dc=com".

(I am a little concerned about using "diradmin" here perhaps another user can be created for binding?)

In the "Password" and "Repeat" fields enter the password for "diradmin" or whatever user you are using to bind. This explains how to reset the directory administrator password if you can't remember it.
[You can get to the Directory Utility by opening System Preferences then clicking on "Login Options" then "Edit" next to "Network Account Server.]

The "Base DN" will be what appears as "LDAP Search Base" under "Open Directory"->Overview in Server Admin.

Friday, 25 January 2013

xrdp access to SuSE Linux Enterprise Server 11 SP2

  1. Launch suse-sles-11-sp2-v1.00.i386 ami.
  2. Connect with ssh as root.
  3. Use yast to install xkeyboard-config and *gnome* packages. 
  4. Download the latest xrdp package from
  5. Compile and install it.
  6. Add /usr/local/lib/xrdp to /etc/
  7. Run "ldconfig -v". 
  8. For an en-gb keyboard mapping download km-0809.ini from this very useful blog post.
  9. Disable /etc/profile.d/ by running chmod +t /etc/profile.d/
  10. Start xrdp and xrdp-sesman with /etc/xrdp/ start 
  11. You should now be able to connect using RDP using sesman-Xvnc when you get the drop-down menu as long as you have the RDP port allowed through in your current security group.

Tuesday, 15 January 2013

FreeBSD 9.1 Sparc Ultra 5 X config

I needed to run X on an old Philips 150 S monitor that has a fixed 1024x768x60 resolution.

This is the /etc/X11/xorg.conf I ended up with:

Section "ServerLayout"
Identifier " Configured"
Screen 0 "Screen0" 0 0
InputDevice "Mouse0" "CorePointer"
InputDevice "Keyboard0" "CoreKeyboard"

Section "Files"
ModulePath "/usr/local/lib/xorg/modules"
FontPath "/usr/local/lib/X11/fonts/misc/"
FontPath "/usr/local/lib/X11/fonts/TTF/"
FontPath "/usr/local/lib/X11/fonts/OTF"
FontPath "/usr/local/lib/X11/fonts/Type1/"
FontPath "/usr/local/lib/X11/fonts/100dpi/"
FontPath "/usr/local/lib/X11/fonts/75dpi/"

Section "Module"
Load "extmod"
Load "record"
Load "dbe"
Load "dri"
Load "dri2"
Load "glx"

Section "InputDevice"
Identifier "Keyboard0"
Driver "kbd"

Section "InputDevice"
Identifier "Mouse0"
Driver "mouse"
Option "Protocol" "mousesystems"
Option "Device" "/dev/cuau3"

# rc.conf
# moused_enable="YES"
# moused_type="mousesystems"
# moused_port="/dev/cuau3"
#Section "InputDevice"
# Identifier "Mouse0"
# Driver "mouse"
# Option "Protocol" "auto"
# Option "Device" "/dev/sysmouse"

Section "Monitor"
Identifier "Monitor0"
VendorName "Monitor Vendor"
ModelName "Monitor Model"
HorizSync 35-50
VertRefresh 56-75

Section "Device"
### Available Driver options are:-
### Values: <i>: integer, <f>: float, <bool>: "True"/"False",
### <string>: "String", <freq>: "<f> Hz/kHz/MHz"
### [arg]: arg optional
#Option "probe_sparse" # [<bool>]
#Option "accel" # [<bool>]
#Option "crt_display" # [<bool>]
#Option "composite_sync" # [<bool>]
#Option "hw_cursor" # [<bool>]
#Option "force_pci_mode" # [<bool>]
#Option "dma_mode" # <str>
#Option "agp_mode" # <i>
#Option "agp_size" # <i>
#Option "local_textures" # [<bool>]
#Option "buffer_size" # <i>
#Option "mmio_cache" # [<bool>]
#Option "test_mmio_cache" # [<bool>]
#Option "panel_display" # [<bool>]
#Option "reference_clock" "28.636 MHz"
#Option "shadow_fb" # [<bool>]
#Option "sw_cursor" # [<bool>]
#Option "AccelMethod" # <str>
#Option "RenderAccel" # [<bool>]
Identifier "Card0"
Driver "mach64"
VendorName "Advanced Micro Devices [AMD] nee ATI"
BoardName "3D Rage I/II 215GT [Mach64 GT]"
BusID "PCI:1:2:0"

Section "Screen"
Identifier "Screen0"
Device "Card0"
Monitor "Monitor0"
DefaultDepth 8
SubSection "Display"
Viewport 0 0
Depth 8
Modes "1024x768"