MacOS LDAP Authentication

I configured iMac to use My OpenLDAP server. There were several problems.

I will not talk about configuring ‘Directory Utility’. (If you know how to configure LDAP server and the basic method of configuring LDAP client, you will not have much difficulty in configuring LDAP client using ‘Directory Utility’)

  1. First, try to switch user using sudo su command like ‘sudo su – dgkim’, there was problem accessing dgkim’s home directory. no such directory.
    1. /home directory is reserved by mac os, so you need to change home directory to ‘/Users’
      1. Change mapping for ‘Users/NFSHomeDirectory’ using ‘Directory Utility’ : Change Users/NFSHomeDirectory from ‘homeDirectory’ to ‘#/Users/$uid$’
      2. See the page [1]
      3. there were several other topics, to use auto_mount NFS volume as home directory(this case I need NFS server that I don’t have), or disable auto_mount and symlink /Users to /home (but it wasn’t the answer what I was looking for.)
    2. /Users/dgkim directory will not be created automatically
      1. Use LoginHook to create user’s home directory. login hook can be created with ‘defaults write com.apple.loginwindow LoginHook /path/to/hookscript.sh’
      2. I followed instructions on page [1] YOU SHOULD KNOW WHAT THE SCRIPT DOING.
      3. This only works with login screen, it means if you try to access via ssh for the first time, it will not work.
  2. Second, try to su from local user like ‘su – dgkim’, the password authentication failed.
    1. The mac os tries to authenticate the user with mechanism that can’t be used at server. It may not be the problem of mac os, It may caused by openldap. I don’t exactly know clean answer. [2]
    2. This problem was long unsolved problem for me. When I change olcSaslSecProps, the EXTERNAL method is blocked. (it isn’t acceptable.)
    3. I tried first method of [2], I configured ‘olcSaslSecProps’, then the local command like ‘ldapsearch -Y EXTERNAL’, stopped working. It means the root user can’t change or control, the server configuration(by ldapmodify). It took several hours, I researched “How can I disable only ‘*-MD5’ and use only ‘LOGIN or PLAIN'”
    4. but the answer was below, in the page [2], there is a instruction to change access control list.
    5. The page [2] shows static config (like ‘slapd.conf’), but I uses dynamic(?) configuration ‘/etc/ldap/slapd.d/cn=config’. Modifying using ldif file can’t be difficult.
    6. The page [3] is similar answer.

[1] : https://docs.foxpass.com/docs/mac-os-x-logins-over-ldap
[2] : https://serverfault.com/questions/916745/unable-to-authenticate-openldap-users-on-macos-clients-user-not-found-no-secre
[3] : https://www.chriscantwell.co.uk/2009/12/mac-osx-authentication-against-openldap/


Mac OS ldap client testing scripts

# this will clear cache?
dscacheutil -flushcache
# Query user name
dscacheutil -q user -a name dgkim

ldapsearch, and ldapwhoami command

# to check login methods
# Run from server, using EXTERNAL mech, to login as root(uid=0)
ldapsearch -H ldapi:/// -Y EXTERNAL -s base -b "" -LLL "+" | grep -i sasl

# on the other machine, If you configured [2] instructions, it will print nothing
ldapsearch -H ldaps://ldap.domain/ -x -W -s base -b "" -D uid=yourusername,ou=Users,dc=domain -LLL "+" | grep -i sasl
# ldapwhoami
# Run from server, using EXTERNAL mech
ldapwhoami -H ldapi:/// -Y EXTERNAL
# will display 
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn:gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth

# On the other machine, I use simple bind method to login
ldapwhoami -H ldaps://ldap.domain/ -x -D uid=yourusername,ou=Users,dc=domain -W
# will display
dn:uid=yourusername,ou=Users,dc=domain

 

 

The year 2020

TL;DR; AWS/Infra engineer/Dev/Ops …

Dev – Python3, Django, NodeJS, EDA

Ops – AWS, Docker, Container, deployment.

others – APM, ElasticSearch, AWS Lambda, AWS CloudFormation, AWS CloudWatch, TravisCI,

 

What I bought? – Mikrotik hEX, Netgear R7000, Apple Magic Trackpad 2

My Current Devices – MacBook Pro Retina Late 2012, Dell Vostro 260s, Libreboot X200, Raspberry Pi 1 Model B, Raspberry Pi 3 Model B

 

Dec 2020 – Verdaccio(npm repository), serverless-flask

Sep, Oct, Nov 2020 – NodeJS, Fargate. (nodejs, sequelize)

Sep 2020 – Mikrotik hEX

Aug 2020 – AWS ECS Fargate (nodejs, python, php, vuejs)

Jul 2020 – Dell Vostro 260s (2012 ~ 2017 … 2020 ~ ) reborn (SSD migrated from hulk)

Jul 2020 – hulk.dgkim.net (2012 ~ 2020) died

Jul 2020 – Docker / AWS ECS, ECR

Jun 2020 – AWS CloudWatch/X-Ray, ElasticAPM

May 2020 – AWS CodeDeploy (ec2)

Apr 2020 – Serverless Framework(nodejs)

Apr 2020 – new job. DevOps. NodeJS, Python3

Mar 2020 – Netgear R7000

 

Oct 2019 ~ Apr 2020 : OpenStack, …

The year 2019

    • January
      • Japanese – Just hiragana, katakana
    • February
      • my first Apple Watch(1st generation) died. 2015.07. ~ 2019.02. (battery is swollen)
    • March
      • Spring Web MVC + Spring Security archetype project. (https://github.com/deokgonkim/spring-archetype)
      • Python server project. (2-tier to 3-tier application renovation, http server that provides JSON data service. extended SimpleHTTPServer module. first-try of Decorator.) Spring based module also will be.
    • May
      • retirement of Vostro 260s (My main desktop switched to Hulk, i7, 32GB RAM, 128 SSD, 1TB(*2 RAID1) HDD
      • Beginning Swift
      • Glimpse of Qt 4.8.6 C++, with Visual Studio 2008 C++ project.
      • Purchased another Raspberry Pi 3 Model B
        • Purchased sensor kits for RPi, especially DHT11 temperature, humidity sensor.
    • June
      • Spring Web Project (RPi Sensor chart, and MQ, and IoT control)
    • July, August, September
      • Job seeking.
    • October
      • New job, OpenStack operations. new town.
    • November
      • New Server, LDAP, Django Project(id service)
      • OpenStack Queens Test
      • DBA Role : PostgreSQL
    • December
      • New Django Project (Linux monitoring)

2019 May IoT project

As I previously posted, I made a WiFi AC remote controller project. see telegram bot for HVAC

Today, I begin a new project to go further.

I purchased another Raspberry Pi 3 Model B, AND Raspberry Pi Sensor Kit. (http://m.eleparts.co.kr/goods/view?no=3730500 and http://m.eleparts.co.kr/goods/view?no=3030452)

(I just wanted to purchase sensor only, but I can’t sure, I could attach these sensors to my existing RPi, so I posted a question to a forum https://www.cooking-hacks.com/forum/viewtopic.php?f=43&t=19434&sid=d89e064868d4a0dce0c58ea7a6490bde)

And, I tested DHT11 as https://github.com/deokgonkim/rpi_sensor

 

My next step will be,

1. set up a messaging queue, like Rabbit MQ

2. set up a web/api server for gathering the data and the controll center.

3. my existing bot code shoud be migrated to a new server, and these two RPi should listen to MQ for commands, and should send data to MQ.

 

To be continued…

Continue reading 2019 May IoT project

My first Apple Watch died.

My first Apple Watch died. (1st generation 42mm stainless steel)

I have worn it for about 3.5 years. (since 2015.08. ~ 2019.02. )

Yesterday, I noticed top panel is popped up.

So, I googled some known issues like this kind of accident. and I found there was an issue regarding battery swollen.

(you may see the swollen battery or not. I think it is swollen.)

The warranty is limited to 3 years, so I can’t get the repair service from authorized apple repair center. (I don’t want buy old/refurbished one)

And I don’t know local private repair shop that can repair watch. (There is one private apple repair shop near here, but they don’t repair watch)

There is another option. ifixit.

https://ko.ifixit.com/Guide/Apple+Watch+Battery+Replacement/41080

https://ko.ifixit.com/Guide/Apple+Watch+Adhesive+Replacement/41083

https://ko.ifixit.com/Store/Parts/Apple-Watch-42-mm-Original-Series-1-Replacement-Battery/IF308-000-1

it seems not too hard to repair myself, the most difficult part would be pulling off the screen, but the screen is already popped up 🙂

 

But there is a critical(?) serious(?) problem. 🙁

They don’t ship internationally ㅋㅋ

 

So, I give up repair, give up my watch, .. (buy new one? ㅋㅋ)

or, keep it for sometime? or put it into a trashcan? (what if the battery blow up?)

2018년 자동차 주유대금 요약

2018년에 주유한 내역에 대해서 간략히 단가 계산을 해보았습니다. ( 2018년에 그다지 주유를 많이 하지 않았고, 주로 리터 주유를 하다보니, 아래와 같은 표가 나옵니다.)

ps. 2017년엔 리터주유말고 금액주유가 있어서 정확한 계산은 안 되지만, 대략 계산해보면(51건) 1,470원 정도로 나왔다.

ps. 대충 계산하면, 6% 정도 오른 것인가?

2018년 기록

1. Python Tkinter Desktop App
2. Raspberry pi HVAC Wifi Remote, Telegram chatbot
3. 9월 : 쌀밥 -> 고기야채로 전환 (저녁만 해당, 아침은 라면(밥->라면으로 복귀))
4. Hulk server reborn -> 빈 서버로 몇 달간 방치되어 있다가, 일반적인 개발 서버로 용도 전환. (메모리도 32GB로 확장)
5. 10월 iPhone 7으로 바꿈. (iPhone 6S 3년)
6. iOS 앱 개발 준비중(Objective-C) : 여전히 앱스토어에는 올리지 못하고, 연습만 계속 중.

Python 개발 기록
– 3월 : 에이전트 형태의 데몬 개발. 분산된 서버(에이전트)의 운용 상황을 중앙서버로 전송하는 역할
Python, log parsing(no library, not re), cx_Oracle, Periodic Data Collection, Windows WMI and CMD, Sqlite3
– 9월 : 위 에이전트에서 수집한 정보를 편하게 보는 프로그램 개발
Python, Tkinter, cx_Oracle, Chat(udp broadcasting), Socket Proxy, RDP Proxy, encryption with 3rd party software
– 12월 : 데이터 연계를 위한 XMLRPC 데몬
Python, SimpleXMLRPCServer, argparser

지른 것.
– iPhone 7 (10월)
– iPhone 7용 지갑형 케이스 (카드 3장 휴대하여, 지갑을 휴대하지 않을 수 있게 되었다.)
– iPhone용 Lightning Digital AV 어댑터 : HDMI 디스플레이에 iPhone 화면을 띄울 수 있다.

– Youtube Premium : 더 이상 광고를 보지 않고, 동영상을 볼 수 있다.

– IR Transceiver for aduino : 에어컨, TV를 Raspberry pi를 통해 원격 제어하는 것을 만들었지.

trivial
– FANN 시작만 하다가 접음.
– tensorflow 시작만 하다가 접음.
– Libreboot X200 Linux – Trisquel 업그레이드(7.0 -> 8.0), 96DPI -> 125DPI로 변경. DPI변경이 이렇게 보기 좋은 것이구나(?)
– sharedrop
– pgp everywhere, GPG, Yubikey SMIME
– openvpn notification https://www.gargoyle-router.com/phpbb/viewtopic.php?t=5756

telegram bot 제 2탄

텔레그램 봇을 만들어 보았었지요.

이번엔 그 두 번째 이야기.

HVAC IR Remote라는 라즈베리파이에 올릴 수 있는 IR Transceiver를 구매하고,
원격에서 집에 있는 장치를 리모콘 조작하듯이 켜고 끌 수 있는 것을 만들어 보았습니다.

Github : https://github.com/deokgonkim/lirc-telegram-bot


# hvac-telegram-bot

## My Hardware

* Raspberry Pi Model B. (old one)
* HVAC IR Remote for arduino / Raspberry Pi
* https://www.cooking-hacks.com/hvac-ir-remote-shield-for-raspberry-pi
* https://www.cooking-hacks.com/documentation/tutorials/control-hvac-infrared-devices-from-the-internet-with-ir-remote/

## Setting up HVAC IR Remote for LIRC

* Instructions

> https://www.hackster.io/austin-stanton/creating-a-raspberry-pi-universal-remote-with-lirc-2fd581

* Install lirc package

```
sudo apt-get install lirc
```

* Configure kernel module

```
vi /etc/modules
lirc_dev
lirc_rpi gpio_in_pin=18 gpio_out_pin=23
```
> note I/O port is different than above documentation.
> You can find GPIO port for HVAC IR Remote in arduPi.cpp

```
vi /etc/lirc/hardware.conf
```
> see above document

```
vi /etc/lirc/lirc_options.conf
```
> https://raspberrypi.stackexchange.com/questions/50873/lirc-wont-transmit-irsend-hardware-does-not-support-sending
> set driver to 'default'

* Record IR signal or obtain configuration file.
> http://lirc.sourceforge.net/remotes/

> My testing board didn't work as expected.
> I can only control IR LED, two buttons, two indication LEDs. but can't read IR signal. I don't know board is broken or something.

## Preparations

following my own blog https://www.dgkim.net/wordpress/2017/08/24/telegram-bot-%ed%85%8c%ec%8a%a4%ed%8a%b8-%eb%85%b8%ed%8a%b8/

### python-telegram-bot
> I tried
```
git clone https://github.com/python-telegram-bot/python-telegram-bot

cd python-telegram-bot
git submodule update
```

> But, today I changed plan.
> https://pypi.org/project/python-telegram-bot/

## programming part

> I referenced https://github.com/python-telegram-bot/python-telegram-bot/tree/master/examples

> quickly created firstbot.py

2017년 기록.

2016년 기록과 마찬가지로, 2017년말에 작성했어야 하는데, …
2017년 기록을 17일이나 지나서 기록하게 되었다.

2017년에는 무슨 일이 있었나?

2017년, 2가지 막일을 했다. 한 2달?
따뜻했던 여름, … 정장을 갖춰 입던 것 보다는, 가벼운 옷차림이라, 여름이 별로 덥지 않다고 생각했다.
그래서, 몸무게가 많이 줄었었다.

10월, SM을 하는 직장을 구했다.
처음에는 Python이라 올ㅋ 했었으나, 지금은 헐ㅋ 하고 있다. ㅋㅋㅋ

그리고, 봄에는, 차 가벼운 접촉사고도 있었다.

지른 것?
Yubikey – Google, Dropbox에는 2FA 등록하였고, Comodo SMIME 인증서 담았고, Vostro 260s 로그인 보안으로 사용한다.

책? 지금 C++, 소프트웨어 공학, Python(이걸 몇년째 읽고있는지 ㅋㅋ) 보고 있다.
(C++, 소프트웨어 공학 책은 엄청 오래된, 낡은, 종이책이다)

그리고, www.dgkim.net가 Linode에 입주하였다.
그래서, hulk는 지금 공기계로 방치되어 있다. ㅋㅋ

Vostro 260s — 그 느리던 윈도우10을 밀어버리고, ㅋㅋㅋ Ubuntu 설치해서 PC생 2막을 시작했다. ㅋㅋ
(은퇴할 시점이 지나긴 했지만, 윈도우10 시절에 비하면, 엄청나게 빠른 날라다니는 PC라는 ㅋㅋ 7, 8, 10 업그레이드 하면서 쭉 써왔지만, 7은 기억이 가물가물해도, 그것보다 지금의 Ubuntu가 더 빠르지 않을까? ㅋㅋ)
(집에서 Libreboot X200에도 밀려서, 몇달 방치하다가, 이사하고 몇일 안되서, 결정을 내리고, “윈도우는 내인생에 없다”를 선언했지 ㅋㅋ)
(과장좀 보태서, … 버릴까 하다가, … 우분투를 한번 깔아 보고는, 올ㅋ 신세계 인데? 하면서 쓰자!! 하게되었지)
(덕분에 + 덤으로, USB 스틱은 엄청 느리구나를 느끼고, 몇개를 뿌리고, 이동식 디스크도 뿌리고,)

whity도 2017년 Trisquel을 실어서 보냈다. 내가 가진 가장 느린 장비는 RaspberryPI고, 그것 보단 빠르지만,
랩탑이란 역할을 하지도 못하고, 역할도 없어서, 이제는 손을 놓을 때가 되었다고 판단했지.

지금 방치된 것은, hulk, home2 인데, … hulk는 i7인데, 공기계 상태이고, home2는 최종 상태가 어떠했는지 기억도 안나고 ㅋㅋ home2는 펜티엄4던가?

술은, 카스 위스키 와인 ㅋㅋ 420썼고, 막스키, 청주도 시도했는데, … 막스키는 자제해야 되겠고, 청주는 저렴하게 취하면서 많이 먹을때?
담배는, 34썼네, .. 전년 대비 반토막이긴 한데, … 줄이다가 다시 늘려서 ㅋㅋ 12월엔 9번 샀었네요. (3월엔 3번이었는데 ㅋㅋ)

(2016년 만큼 기억에 남는 포인트가 많은 건 아닌 것 같다. 지금도 마찬가지지만, 머리가 하얀 ㅋㅋ)