Rant

Configuring OpenLDAP, or what the @#$% !!!

Posted on: Fri, 06 Feb 2015 11:52 By: patrick

OpenLDAP 2.3 (released in 2005) introduced a new way for configuring the slapd daemon. The traditional method was a configuration file (/etc/ldap/slapd.conf on Debian) that could simply be edited with a text editor. The new way follows the Eat your own dog food maxim: The configuration is stored in a set of LDIF files (stored under /etc/ldap/slapd.d in Debian) which cannot be edited directly with a text editor. Instead, all changes must be done via LDAP operations. Funny enough: In order to configure the daemon, the daemon must already be running.

slapd-config, as the new configuration method is called, may be a technically cool feature, but from a casual sysadmin's point of view it is nothing but a major pain in the butt! So you want to quickly change slapd's log level to diagnose some authentication problem? OK, first check the documentation to see where the log level option is located in the configuration schema, and how its attribute is called. Then query the running daemon to look at the current value(s). Then write an .ldif file that contains the change. Then issue a complicated ldapmodify command that requires more cryptic options than tar and cpio combined. Of course the .ldif file contains an error, so diagnose & repeat. After maybe 20 minutes the job is done. Phew, only 20 minutes to change the daemon log level, I am such an LDAP wizard!

Actually when I did this just now it took me more like an hour because I am so not used to the procedure (another explanation might be that I'm just stupid, but hey, I think that's not it). Since I don't want to repeat the experience, I have started to write up some recipes on my wiki. Here's the link in case you are interested.

Article Styles
Topics

Damon Lindelof getting close to the brink

Posted on: Fri, 17 May 2013 22:23 By: patrick

A long time ago I decided that I would never ever watch another movie directed by Roland Emmerich. Not every movie on my menu must be super quality, plain good entertainment is usually OK, and sometimes I even enjoy to see trash films. But I always felt insulted by the stuff made by Emmerich because he seems to assume that the viewers of his movies (e.g. me) are dumbasses that are happy to see explosions, and never mind the story. So these days Emmerich movies are a no-go for me.

A few days ago I saw Star Trek Into Darkness. After maybe half the movie had passed, I felt how I got angrier and angrier at all the stupid mistakes in the story, until in the end I had to say: What a dumb movie! Then I happened to see the writing credits, and everything became clear: Damon Lindelof has done it again. As a writer this guy just seems to be abysmal, and now he is getting reeeeally close to the brink of my Emmerich hole...

Article Styles
Topics

Resuming apps on login vs. the quarantine flag

Posted on: Fri, 15 Feb 2013 23:40 By: patrick

This is the workflow Apple envisioned when they introduced the annoying quarantine flag back in the days of Mac OS X 10.4:

  1. User A downloads an archive (.dmg, .tar.gz, etc.) from the Internet. The system applies the quarantine flag to the archive file.
  2. User A extracts an application from the archive and places it into /Applications. The system infects the app bundle passes the quarantine flag on to the app bundle.
  3. User A launches the application. The system warns about the unsafe origin of the app.
  4. User A confirms that the app is safe to use. The system clears the quarantine flag. Problem solved.

Unfortunately, my workflow is slightly different: Click the "Read more" link to see what the problem is.

Article Styles
Topics

Humor is controversial

Posted on: Fri, 25 Jan 2013 14:59 By: patrick

If you like a bit of computer science entertainment, this StackOverflow question has a humorous treatment of a very real world problem that I am sure has affected all of us, more or less severely.

And here is a demonstration how a light-hearted subject will always be turned into a controversy by people that are just too focused. What a pity.

Article Styles
Topics

Git and the Swiss army knife myth

Posted on: Sat, 25 Feb 2012 14:48 By: patrick

I just came across yet another article that touts Git as "a version control Swiss army knife". The comparison annoys me! I was born and bred in Switzerland, and I know from first-hand experience that a real Swiss army knife is small, handy and has only a few tools. In short, this: A real Swiss army knife

Git, on the other hand, is more like this:

A Swiss army knife abomination.

(I do like Git, but please don't compare it to a Swiss army knife).

Article Styles
Topics
Subscribe to Rant