Steve’s Visions

In my last post, Meeting Maker to Leopard Migration, Part 1, I gave some of the background information regarding the problems I was experiencing with upgrading our Mac OS X Server 10.4 environment to Leopard.  Most of the issues revolve around Meeting Maker and the neccessity for extended attributes in Open Directory for Meeting Maker to work.  In this post, I will cover the nitty gritty, down and dirty steps I took to get my Open Directory over to a new server running 10.5.

Export 10.4 Data

In the last post I mentioned how I was using an article from NetMojo and the stream editor sed to get the users and groups out of the 10.4 Open Directory and into the 10.5 Open Directory.  Specifically, the way I did this was to utilize the ldapsearch utility the way that Brent mentioned at NetMojo, but with a twist.  This is what Brent had suggested:

ldapsearch -v -x -D 'uid=dirmanager,cn=users,dc=netmojo,dc=ca' -W -b "dc=netmojo,dc=ca" -s sub "(objectclass=apple-user)" > users.ldif

Well, I took it a step further and incorporated sed into the mix.  I knew that I had to remove the MM attributes, so why not do it in the stream.  Hence the following was born:

ldapsearch -v -x -D "uid=diradmin,cn=users,dc=yourdomain,dc=com" -W -b "dc=yourdomain,dc=com" -s sub "(objectclass=apple-user)" | sed '/comMeetingMakerSignInName/d' | sed '/comMeetingMakerCurrentServer/d' > newldap.ldif

As you can see, I piped the output from ldapsearch thru sed two times to get rid of the two attributes we use.  I now had a clean ldif file to work with and could use this to test on 10.5

Import LDIF into 10.5

So now that we have our ldif data, we have to get it into the 10.5 directory.  Two hurdles that I was going to have to jump were the Search Base and the Kerberos Realm.  You see, you should be naming these two items the same so that your data flows in nice and smooth.  However, since I had inherited this installation, I wanted to make it more generic by dropping server names from the Search Base and Kerberos Realm.  You see, the default for Open Directory is to create your search base like this:

And your Kerberos realm is like this:

As I stated, I wanted these to be generic so I could move to a different server later, if need be.  Well that introduced a little complication to the mix, just meaning I had to force the import into the new OD.  We accomplish this with the following:

ldapadd -v -x -D 'uid=diradmin,cn=users,dc=yourdomain,dc=com' -W -f /tmp/new-users.ldif

So, now that I have the data in, I needed to check to make sure it was working.  Guess what, all of the users showed up in WGM, and even after a restart they were all still there!  Awesome!  Now we’re cooking with gas.

The Monkey Wrench

Everything was looking groovy, and I really thought I had this beast tackled.  Then the monkey wrench dropped in my lap.  I started testing authentication to the directory and couldn’t get it to work.  Okay, I thought, the password server didn’t move over so it was just a password issue.  Wrong.  None of the user accounts, except those that were already there, would authenticate.  Yep, something was wrong.

I figured out that because the Password Server did not come over, and probably because of some Kerberos issues as well, authentication was not going to work.  So I re-imaged the server (you do have an image of the fresh server, right?), set it up as a 10.5 OD Master again, and then I went back to the 10.4 server.

This time, I decided I would incorporate sed in a different manner.

To Archive and To Restore

I went back to the 10.4 Server and this time used the Archive feature inside of Server Manager to get the data out.  Once I had the archive, I mounted the disk image and used the sed commands to strip out the Meeting Maker crap, I mean attributes.

First thing to do is mount the sparse image that is the backup.  With the image mounted, open Terminal and navigate onto the root of the image.  Now that we are there, we just need to list the ldif file and sed it:

cat users.ldif | sed '/comMeetingMakerSignInName/d' | sed '/comMeetingMakerCurrentServer/d' > newusers.ldif

Make sure you verify the name of the LDIF file.  Once this command is finished, verify the newusers.ldif file, then delete the users.ldif file and rename newusers.ldif to users.ldif.  Make sense?

Now we can take this over to the 10.5 server and restore it there.  And guess what?  Once we do that, it works.  I tested with a restart (several restarts in fact) and sure enough, I could authenticate to the directory.

Now, finally, I have a directory without Meeting Maker in it, which means I can now move forward with getting iCal server up and operational so I can get rid of Meeting Maker all together.

I hope these two articles have helped you out of a bind with Meeting Maker and given you the commands necessary to get up to 10.5.

Back in April I started a new job at an advertising agency here in Dallas.  As part of the job I inherited an installation of People Cube’s Meeting Maker calendaring software running on Mac OS X 10.4 Server.  One of my first thoughts was to get all of our servers off of 10.4 and on to 10.5 Leopard.  As part of that process, I would obviously need to migrate Meeting Maker over to the new server software as well.  Seems pretty simple, right?  It wasn’t, trust me.

My train of thought was simple, create a 10.4 Open Directory replica, promote that box to master, upgrade it to 10.5, then use similar methods to get the actual OD master up to 10.5 and master again.  Sounds simple, right?  I thought it was too, that’s until I ran into Meeting Maker and its extended attributes.  (of course Kerio has the same problem, but it is easier to get around)

Well, I did just what I said, I created a 10.4 replica and upgraded it to 10.5 and guess what, the users did not come with it.  Well, not all of the users came with the upgrade.  For some reason, the users showed up in Workgroup Manager, then I upgraded to 10.5 and alot of the users were gone.  Like more than 75% were gone.  Hmmm, interesting phenomenon going on here, I wonder what it could be.

Well, I beat on the problem a bit more, re-installing 10.4 on the replica and re-creating the replica.  This time I went in to WGM before doing the upgrade.  Sure enough, all of the users were there, so I restarted the server and wouldn’t you know it, 75% of them were gone again.  I smell a conspiracy here.

So I got to looking at the ones that were left, and they all had a common thread:  no extended attributes in the LDAP database for Meeting Maker.  See, the way that Meeting Maker was set up by the consultant from People Cube was to use extended attributes in the LDAP database to put the server and login name.  In our case the attributes were comMeetingMakerSignInName and comMeetingMakerCurrentServer.  So, I did what any good sys admin does:  I tried and tried and tried to get the data in.  I tried importing via ldapadd, I tried archiving the 10.4 and restoring it into 10.5, I think I might have even tried sacrificing a small animal on the server, but nothing worked.  So I resorted to the only thing I had left:  calling People Cube support.

I received a call back from one of the engineers at People Cube who had no clue what was going on, so he got the consultant on the phone that helped with our original installation.  Now, he listened acutely to my woes, and proceeded to inform me that Meeting Maker was never officially intended to run on Open Directory, but that it was more intentioned for OpenLDAP.  Then, he told me that as far as he knew no one had put Meeting Maker on 10.5 yet.  Huh?  10.5 has been out since November and no one has put it on?  Crazy.  He gave me some ideas, and after thinking it thru, he actually came up with something that worked.

I was able to utilize information from NetMojo, specifically this article, and sed to get it done.  In the next article I’ll give the specific steps I used to get the LDAP info out and into the 10.5 server.

During the day I make my living as a techno weenie for a local ad agency. I manage the systems, network, and all that goes along with that. Part of the process of managing the systems is the deployment, or re-deployment, of desktops and laptops. Being an ad agency, this means deployment of Apple Macintosh systems.

For many years, all the way back to my days with Jeff Turner and Ad/Out, I have been a big proponent of disk imaging for deployment. Back then, in the days of OS 8 and OS 9, it meant carrying around a Syquest drive with a copy of a system on it, dragging that to the system and then blessing the System Folder. For those of you that remember this method, it was easy to do for one or two systems, but when you had over 100 systems to deploy, it took time. As the Macintosh system moved to OS X, imaging systems for deployment got easier and easier. Well, it got less cumbersome to do, and easier for large scale deployments.

For the last several years building an image usually meant one of two things: installing everything on a machine and imaging that (I call it fat Imaging), or installing a base OS and imaging that (layered imaging I call it). When a new machine comes in, you lay on the base image, then lay on the applications (done in packages of course), and away you go, or you lay on the fat image and away you go. The problem with this method has always been the amount of maintenance required to “clean up” the image after configuring preferences, installing apps, setting bookmarks, etc. You always wound up with “cruft” on the image.

I realize this isn’t new to a lot of people, in fact most sys admins already know this, and they already know about a great tool developed by Josh Wisenbaker from AFP548.com, InstaDMG. InstaDMG takes system imaging and deployment to a new level. Using a series of folders with a retail disk image, along with your updates and custom packages, InstaDMG spits out an image that is ready for deployment, having never been run on a computer. This means you don’t get the “cruft” on the system that comes from booting the image, and, best of all in my opinion, the image is Universal so it will work on PPC and Intel machines.

I realize this article is a re-hash of some, if not most, of the information on AFP548 about InstaDMG, but I am so jazzed about this tool, and about what it’s possibilities are, that I want to make sure more people hear about it, and more junior admins learn there is a better way than installing systems using CDs and DVDs.

Seriously, I wasn’t thinking of making this a multi-part post on my experiences driving to downtown Dallas, but with so many interesting people out there, I have more content.

So I was driving home last night at around 9:15 pm (I had the A/C in the server room go out at 4:30 pm necessitating an emergency call by the HVAC company), and I get passed by a Ford Ranger pickup truck.  Now, I was doing probably close to 70 mph when they passed me.  I look into the bed of the truck, and huddled up next to each other are two people leaning against the cab.  Here in Texas it is legal to drive with people in the bed of your truck, and I don’t have a major problem with that in some situations.  However, 70 mph on the highway???

It just goes to show that not everyone is as concerned with the safety of others as they should be.

Are you nuts?  I don’t get it.  Apple reported their Q2 2008 earnings this afternoon after the stock market closed, and their stock took a slight hit.  Forbes is reporting that Apple is wobbling, even though their numbers were great.

Just how great?  Check it out, they posted a 36 percent jump in profit and they beat Wall Street estimates by 9 cents a share (they posted $1.16 per share profit).  So tell me how all of that equals sell off or wobble?  I just don’t get it.

Back in February the Lifehacker web site ran a Top 10 article on smart playlists for iTunes.  It has turned out to be an article that has helped me discover a lot of lonely music.  If you are like me, I’m sure you have a few select play lists that you listen to over and over.  Or you have artists that you like depending on the mood.  But think about all of that music you are missing.

When I set up my “Ignored Music” playlist, I found over 80gb of music that I hadn’t ever played.  Or at least, I hadn’t played in a really long time.  So now everyday when I sit at my desk I go straight for the Ignored smart list and play it all day long.  I’m now down to 22 days of music as compared to 25 days when I started.  I have a ways to go, but….what will I do when I get done?  Guess I’ll start over with items played once.

Remember what the ultimate question:  How do you eat an elephant?  One bite at a time.

I wasn’t really sure I would make this a multi-part post, but after this morning’s drive in, I figured I could add a few more details.

So this morning I left the house around 6:40, stopped and got a nice cup of joe (triple venti, non-fat, no whip, white mocha if you please), and jump on I-35E heading South. Well, it was around 6:50 am when I finally hit 35, and boy, was traffic nice and light. I think it took me right about 30 minutes to get to the office and I hardly had to hit my brakes. That’s not to say I didn’t hit them, just that I hardly used them.

Why is it when people see flashing police lights on the other side of the road, they must hit their brakes and rubber neck to see what is going on? As we were coming up on the GBT (George H. Bush Turnpike for those uninitiated readers) there was a police office with his lights on the shoulder of the North bound side. Of course, once everyone saw these lights they had to slow down to about 30 mph to see what was going on. And what was going on? Nothing. Motorist was pulled to the side of the road so the officer was probably just warning approaching motorists of the danger.

See, it’s things like that, things about the human psyche that just puzzle me. You hear people complain about the traffic, complain that it takes them an hour to get into work, yet they are the same ones slowing down to see the carnage on the other side of the road. Don’t they get it? Watch the road in front of you and you might get to work in 30 minutes, and you probably won’t get into an accident. That is, of course, as long as you aren’t shaving your face or putting on your eye liner.

Three years ago my Apple sales rep talked me into going to the World Wide Developer’s Conference (WWDC).  At the time I wasn’t sure if I should go or not, I mean come on, I’m not a developer.  But, he assured me that I would get something out of it.  Well, he was right, I got a lot out of it.

I had the opportunity to meet a lot of fellow system admins, I was able to sit in on some really cool discussions about Apple in the Enterprise, and I got to laugh my tail off at Stump the Experts (how many shirts will Mark wear this year?).

So, since I had such a great time in 2005, it was natural that I would get my company to send me in 2006, and again in 2007.  Well, now I’m at a new company, and getting them to foot the $3000 (ticket, air, hotel) to go there is looking pretty bleak.  Not to mention the fact that there is a doctor’s convention in town at the same time, and all of the hotels around San Francisco have upped their prices.  Oh well, I guess I’ll have to settle for the play by play on Twitter or some other site.

For years now I have worked in the suburbs, never having the joy of working in a downtown skyscraper and never having to live through the downtown commute. At the most I’d have to drive 30 minutes to get from the house to the office. Now, however, I have to endure the drive downtown from our nice cushy suburban town.

It always amazes me at how traffic is so time based. Hit the highway at 7 am on the dot, and you hit very little traffic and can breeze into downtown. Hit the highway at 7:05 am, and your experience is something all together different. You get to experience a sea of red taillights staring out you, people weaving in and out of lanes for that extra car length, and people finishing their daily hygiene rituals in the car.

It always amazes me to see people driving with their knee, drinking a cup of coffee, and putting on their make-up (or shaving) while driving in traffic. These are some true multi-taskers here. Imagine how much they must get done at work if they can manage all of this and not get into a wreck. It’s funny to me, because I was listening to an old TWIT episode on the way into work today (Episode 136) and they were talking about how we humans need so many inputs into our life to be balanced.

I think the ones that amaze me the most are the cell phone talkers, although the ladies putting on eye liner rank right up there. As you approach a slow moving vehicle, with no one around for miles, you can almost wager odds that the person is on a cell phone. This morning, as I was making the snails way to work (I got on the highway at 7:10 am, hence the sea of red), there was a gentleman behind me that was getting a little too close to my rear bumper for my enjoyment. He finally weaved over to the lane next to me, and as he caught up my suspicions were right: he was on his cell phone entranced in a conversation. Now what makes this interesting in my eyes is that he was driving a used car that he recently purchased, and his maneuvering into the next lane put him right behind an 18 wheeler that cost him at least a 1/4 mile on me. Pay attention to the road and you might not have that happen.

So, I guess I will have to get used to the crawl into the office, put on a few podcasts, and enjoy the behaviors of those around me.