w i c k e d    l u s h !

I have a cron job on a web server that periodically runs mysqldump and emails me a zip file containing the database backups. I looked at one of them recently, and instead of the full DB dump, all it had in was this:

-- MySQL dump 10.11
--
-- Host: localhost    Database: dbname
-- ------------------------------------------------------
-- Server version	5.0.37-standard-log

/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS,
FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE
='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;

…and when I try running sqldump from the command line I get:

mysqldump: Got error: 1044: Access denied for user ‘usrname’@'%’ to database ‘dbname’ when using LOCK TABLES

After lots of fruitless Googling, I came across this page, which says the problem can be overcome by using the “–skip-lock-tables” flag, like this:

  mysqldump --skip-lock-tables -u usrname -p  dbname >  backup.sql

Worked perfectly!

Beware – if you use crontab and are upgrading to Mac OS X 10.5 (Leopard), your existing crontab files will be DELETED by the upgrade!**(actually only moved & disabled – see comments) Back ‘em up first (yeah, I know you should always do a backup before upgrading, but this is really the only issue I found).

Also note that Leopard’s firewall seems to let everything through by default, even if that’s not what you previously had your firewall set to do.

If the disc is stuck in the drive but not mounted (i.e. doesn’t show up in the finder), and everything else has failed (eject button, F12, Cmd-E etc), and you want to eject the disk without having to reboot – for all you “uptime” junkies – then try this in a terminal window:

drutil tray eject

and hit return. If that doesn’t work, try:

drutil list

This lists all removable drives you have connected.
Then type:

drutil tray eject n

where “n” is the number of the drive to be ejected.

Thanks to MacFixIt.com for this

I’m currently part of the Joost beta program, but unfortunately, they do not yet have a version for PowerPC-based Macs (I use a 15″ Al powerbook plugged into my TV to watch DVDs and slideshows, and to listen to music via the stereo). So – I lugged a noisy old Sony Vaio into the living room, but the video card was perplexingly annoying.

It’s an ATI Radeon 9200 AGP card that I originally bought form CompUSA (I needed it quickly – I’d never go there otherwise. newegg.com rules!), and it has a VGA socket, an S-Video socket and a DVI socket. However, the real pain was that Windows won’t display if the card only has a TV plugged into the S-Video socket (with nothing connected to the VGA and DVI ports). When the machine first boots, the TV displays fine – shows the BIOS, and even shows the black Windows XP splash screen with the progress bar; however, as the welcome screen is due to appear (presumably when the video driver loads), the TV goes blank (blue), and stays that way.

I fixed it (eventually) by using Windows Remote Desktop to connect and install the Real VNC server, then disconnecting RDC and connecting via VNC (because when you’re connected via RDC, you can’t mess with the custom ATI video settings). When connected via VNC, I tried to set up a custom display configuration under Display properties->advanced->ATI displays; however, I got an error message because I didn’t have a primary VGA display connected.

At this stage, some Googling revealed it might be possible to edit the firmware (http://www.rage3d.com/board/showthread.php?t=33718482&page=2), but hey – life’s too short for that kind of hassle. So – I went to Radio Shack (somewhere else I never go unless I’m desperate), and bought a 25-pin male VGA plug and 3 75-Ohm resistors. I then soldered the resistors across the red, green and blue pins & their respective grounds (search for “VGA pinout; see for example http://pinouts.ru/Video/VGA15_pinout.shtml). The resistors joined pins 1->6, 2->7 and 3->8. And actually, I lied – the resistors were 68 Ohm – Radio Shack didn’t have any 75’s.

So – plugged this into the vga socket, and the ATI control panel thought I had a primary display attached. I was therefore able to set up the TV to work (had to click the “advanced” button in the TV settings and check “force TV detection”), and – importantly – I was able to assign a hot-key to this display setup (I used F8). I also set the desktop resolution to 1024×768.

So – now when I boot the machine (with the dummy VGA load attached), the same thing happens – screen goes blank after XP splash screen – but if I then wait about 30 seconds, I can press F8 and the windows desktop magically appears on my TV screen.

Incidentally, I also tried to connect an IBM Thinkpad (with a built-in S-Video socket) to the TV, but that wouldn’t work either, even though it appeared that it should. Needless to say, the Mac s-video socket “just works”(TM).

I heard Lily Allen’s song “LDN” on Jo Whiley’s show this morning, and LOVED everything about it! Go to her myspace page NOW and listen to LDN and her other songs:

http://www.myspace.com/lilymusic

(Jo Whiley is on BBC Radio 1; programs available online for 1 week after broadcast)

I was using Visual Studio.NET 2005 on my Windows XP box last night (don’t flame me – I also program in Java and have several Macs), when suddenly the machine just restarted itself for no apparent reason; no blue screen, nothing – just a reboot.

When it started again, i got a pop-up dialog at the login screen. The title bar said “DfrgNtfs.exe – System Error”, and the message in the box was the unbelievably helpful “Unknown Hard Error”.

I tried looking in the system Event Log to see if I could find any clues there… – oops! I got the same “Unknown Hard Error” popup dialog – this time, with “mmc.exe – System Error” in the title bar. I tried opening a command prompt – nothing happened.

In order to try to read the crash dump file (C:WINDOWSMinidumpMini120105-01.dmp), I downloaded the microsoft free Windows debugger – WinDbg – as described in this good article:

http://www.networkworld.com/news/2005/041105-windows-crash.html?page=1

However – when I try to install it, I get another “Unknown Hard Error” popup, with “msiexec.exe” in the title bar (starting to see a pattern, here…??)

I googled, and found several people saying it could be a hardware problem – notably hard disk or ram – so I did a full disk check – no improvement. I then figured that maybe the crash was caused by some other problem, but that it must have left some system files in a corrupted state, which, in turn, caused the pop-ups.

I eventually found a discussion group where someone (unfortunately, I didn’t save the link) recommended the windows command-line command: sfc /scannow – that checks all the win system files for corruption (and possibly bribery), and repairs them from your Windows XP install disk if problems are found. I ran that from the “start menu -> run” dialog, and some of the popups stopped…, well…, popping up (notably the DfrgNtfs.exe ones), but i still got them when trying to view the event log or trying to install software.

Finally, I found the answer. The files that the System, Application and Security events are written to (the ones you view from the Event Viewer) had been corrupted – so I guess whenever I tried to do something that would create an entry in one of these logs, I got an error. The solution was found on this page:

“How to Delete Corrupt Event Viewer Log Files”
http://support.microsoft.com/?kbid=172156

…which basically says – disable the event logging service in the “Services” dialog; reboot; delete the following files from C:WINDOWSsystem32config: AppEvent.Evt, SecEvent.Evt and SysEvent.Evt (or rename them as a backup); set the event logging service back to “automatic” startup; reboot

That solved all my problems…

1) As described in the previous post – Setting up LDAP (slapd) on Mac OS X (non-server edition) – you need to download mozillaOrgPerson.schema and reference it on slapd.conf. This page describes the process:

http://applications.linux.com/applications/05/05/18/1248224.shtml?tid=37

along with the following instructions

2) Before you do an export, I would advise creating a dummy contact in your address book, and filling in every field with a message that echoes that field’s name – for instance First Name: “myFirstName”, Last Name: “myLastName” etc, etc. This will make it much easier to map fields to names for troubleshooting later. Don’t put non-numeric characters in phone number fields though, since this will cause import errors in LDAP (ask me how I know…)

Now export the Thunderbird address book as an ldif file (open Thunderbird, then go “Tools->export”), and use this perl script (instead of the one on the above-linked page) to convert the ldif export file to the correct format. Note you need to edit either the script or your input filename so they match, and you need to edit the script to add your domain name:

==========================================================

#!/usr/bin/perl -pi
# Perl script to convert my LDIFs from Mozilla into a format which
# can be imported successfully into OpenLDAP, using the Moz v0.6
# schema.
# Johny Agotnes (mozilla@agotnes.com) – June 2003
use MIME::Base64;

# Variables to change block
# Handle the different dn strings

### NEED TO EDIT THIS ###
$dnVariable = “ou=addressbook, dc=my-domain, dc=com”;
### NEED TO EDIT THIS ###

### NEED TO EDIT THIS ###
$inPutFile = “ThunderbirdAddressBook.ldif” ;
### NEED TO EDIT THIS ###

# END of Variables to change block

if ( ! open(MYINPUTFILE, $inPutFile)) {
print (”File < ” . $inPutFile . “> not found!”) ;
exit 1 ;
} ;

while(<myinputfile>)
{
# Good practice to store $_ value because
# subsequent operations may change it.
my($line) = $_;

# Good practice to always strip the trailing
# newline from the line, change from DOS eol first.
# $line =~ s/.$// ;
chomp($line);

# ‘dn’ handling, ick ick, it seems :: indicates base64 encoding
if ($line =~ /^dn::/) {
# Strip off the ‘dn:: ‘ part so that decode_base64 will work
$line =~ s/^dn:: //;
$line = decode_base64($line) ;
$line = cleanDN($line) ;
# Second param to stop linebreaks
$line = encode_base64($line, “”) ;

# Prepend ‘dn:: ‘ to make it correct again
$line = “dn:: ” . $line ;
# encode_base64 adds a newline, so we get rid of it again.
chomp($line) ;
} elsif ( $line =~ /^dn:/) {
$line = cleanDN($line) ;
}

# Correct Syntactic Export errors
$line =~ s/mozillaAbPersonObsolete/mozillaOrgPerson/;
$line =~ s/^modifytimestamp.*$/doNotPrintThisLine/ ;
$line =~ s/^xmozillanickname.*$/doNotPrintThisLine/ ;
$line =~ s/workurl/mozillaWorkUrl/;

# Start Black Magic
# If no sn, set sn from org name
$done = 0 ;
if ((/^dn:/…/^o:/) && ($done==0) ){
goto Cont if /^sn:/;
goto Replcn if /cn:/;
goto Repl if /o:/;
goto nada ;
Cont:
$done=1; goto nada;
Replcn:
my($line) = $_;

# $line =~ s/.$// ;
$line =~ s/cn:/sn:/;
print $line ;
$done=1; goto nada;
Repl:
my($line) = $_;
# $line =~ s/.$// ;
$line =~ s/o:/sn:/;
print $line ;
nada:
}
if (/^$/) {
$done = 0 ;
}
# End Black Magic

# Print the line to the screen and add a newline if we’re not
# told not to by the contents of the line
if ($line ne “doNotPrintThisLine” ) {
print “$linen”;
}
}

sub cleanDN
{
# Surely there are better ways of doing this for subroutines?
my $dnString = $_[0] ;
$dnString =~ s/,mail.*$//;
$dnString =~ s/,*//;
$dnString =~ s/.*$/$&, $dnVariable/;

return $dnString ;
}

==========================================================

I got this file from Mozilla’s site – it was an attachment to a bugzilla bug (#116692) – but note that I had to edit it to get the correct output for my setup. I think that to actually run it, I had to redirect its output to a file, something like:
pt.pl > outputfile.ldif
- otherwise it sent its output to stdout.

This didn’t get rid of commas within the fields (for example – Dr A Jones, MD) – which mess up the import – so I manually did a search & replace on all commas after I ran the above perl script. I know perl does this kind of thing in its sleep, but I despise perl, and didn’t want to spend more time than necessary debugging it, so I just fired up my favorite editor…

Follow the instructions on the above-linked page to complete the import into LDAP. Other import errors I had included the presence of non-numeric values in phone # fields. Just edit by hand and start again. Tedious, but it works eventually.

I found phpLDAPAdmin (http://phpldapadmin.sourceforge.net/) invaluable – just drop it in your /Library/Webserver/Documents directory, edit the config file to point it at your server, edit your httpd.conf file to enable php (basically uncomment all the lines that mention using php), then restart Apache, and away you go

THUNDERBIRD TWEAKS REQUIRED:

Some of The LDAP field names that Thunderbird uses in its exported contacts are different from the ones that the addressbook actually looks for when connectign to an LDAP server – pretty frustrating. Anyway, if you do the following, all shoudl be well:

Download Thunderbird 1.5beta1 from:

http://www.mozilla.org/products/thunderbird/releases/1.5beta1.html

older versions do not have the ldap mappings in the preferences

—————————-

After installing it and firing it up, look under preferences (or Tools -> Options on windows), go to advanced and select “general” tab, then click “Config Editor” button.
In config editor, change these existing keys to the values shown:

ldap_2.servers.default.attrmap.HomeAddress -> mozillaHomeStreet,homePostalAddress
ldap_2.servers.default.attrmap.HomeAddress2 -> mozillaHomeStreet2,mozillaHomePostalAddress2
ldap_2.servers.default.attrmap.WorkAddress -> street,streetaddress,postOfficeBox,postalAddress
ldap_2.servers.default.attrmap.WorkAddress2 -> mozillaWorkStreet2,mozillaPostalAddress2

These will ensure that the first and second lines of the home address and work address appear as they should.

Next, make this change:

ldap_2.autoComplete.directoryServer -> ldap_2.servers.myLDAPserver

(where “myLDAPserver” should be changed to the name of your ldap server, AS DEFINED IN THE PREFERENCS ENTRIES, under ldap_2.servers.***)

This will make thunderbird do an LDAP lookup to autocomplete any email addresses or names you are typing in the To: Cc: or Bcc: fields of new emails – fantastic!

restart thunderbird, and enjoy!

=======================================================

In case anyone has problems connecting to the LDAP server with their username/bind address and password – I found this useful info in a discussion archive at http://www.openldap.org/lists/openldap-software/200301/msg00715.html

CONNECTION TIP – SASL vs SIMPLE

> Seems something wrong with my slapd instance. (Maybe the setup process
> wasn’t completed.) It always report,
> /SASL [conn=0] Error: unable to open Berkeley db /etc/sasldb2: No such
> file or directory/
> Then I touch a file /etc/sasldb2 but of cause it didn’t work.

I note that the ldapadd command you use is not using the right set of
flags for SASL bind. If you want to use SASL you need to specify
‘-U <username>’ rather than ‘-D <binddn>’. If you do not want SASL
then you need ‘-W -x’.

Assuming you want SASL…

This seems rather important:

> additional info: SASL(-13): user not found: no secret in database

If you want to use SASL bind then you need some SASL secrets for the
user concerned. SLAPD cannot update the SASL database – it must be
done by other means.

Try this as root:

saslpasswd2 -c <username>

where <username> is the SASL username that you want to create. There
is no connection with Unix usernames.

Then make sure that /etc/sasldb2 is non-zero and is readable by the
user that slapd runs as. It should not be globally readable, as SASL
secrets are effectively stored in clear.

With 2.1.x versions it is possible to store SASL secrets in the
directory itself. See section 10.2 of the manual for details.

=======================================================

I have been wanting a centralized address book/contacts solution for a long time, and was looking for something that used open standards, and saved stuff in plain text, or could export to plain text. If Thunderbird could also access it directly, that would be perfect, but what hope was there? I looked at Synckolab (http://www.gargan.org/extensions/synckolab.html) – which is an excellent idea, but not ready for primetime. I poked around for a long time, knowing at the back of my mind that LDAP was probably the best way to go, but I just didn’t want to go through the pain of installing and setting it all up, only to have to do it all again next time I upgrade my operating system (I’d just been through similar pain with my mail server setup, converting from OS X Panther to OS X Tiger – non-server versions). The whole reason I got a mac to use as my server (mac mini, 1.25GHz, 512MB RAM) was so I didn’t have to deal with Linux – life’s too short.

However, my research indicated that even the non-server version of Mac OS X ships with an LDAP server (but no UI tools for setup/admin). Furthermore, all the parts you need can also be downloaded, installed and updated via Fink (http://fink.sourceforge.net/). Having seen posts from people who had problems getting the mac-shipped version to work, I decided to go the Fink route.

So here it is – pretty straightforward, really…

First – download and install Fink (http://fink.sourceforge.net/) and then FinkCommander (http://finkcommander.sourceforge.net/), and do selfupdate and update-all (see the “source” menu)

1) in FinkCommander, install:

openssl097 0.9.7d-1 Secure Sockets Layer and general crypto library
openssl097-shlibs 0.9.7d-1 Secure Sockets Layer and general crypto library

openldap-ssl 2.1.22-25 LDAP directory services implementation
openldap-ssl-shlibs 2.1.22-25 Shared libraries for LDAP

cyrus-sasl2-shlibs 2.1.21-3 Cyrus Simple Auth. and Security Layer Library
cyrus-sasl2 2.1.21-3 Cyrus Simple Auth. and Security Layer Library
cyrus-sasl2-doc 2.1.21-3 Cyrus Simple Auth. and Security Layer Library

If you don’t see these, there’s a setting in the preferences, on the fink tab, that says: “use unstable packages” – mine’s checked, but I’m not sure if these fell into that category or or not)

2) in terminal, type:

sudo vim /sw/etc/openldap/slapd.conf

and scroll down to find this:

include /sw/etc/openldap/schema/core.schema

and beneath it, add:

# ADD THESE: ##
include /sw/etc/openldap/schema/cosine.schema
include /sw/etc/openldap/schema/inetorgperson.schema
include /sw/etc/openldap/schema/mozillaOrgPerson.schema
##############

(IMPORTANT: don’t forget to get a copy of mozillaOrgPerson.schema and put it in the above location. It can be downloaded via a google search. I used version 0.6.3)

Now scroll down to find this:

#######################################################################
# ldbm database definitions
#######################################################################

database bdb
suffix "dc=my-domain,dc=com"
rootdn "cn=Manager,dc=my-domain,dc=com"

Replace “my-domain” with your real domain name. (For other settings, if required, see “man slapd.conf”).

Save & exit.

To test whether the configuration file is correct or not, type:

sudo /sw/sbin/slapd -d 5 -t

which tests the config file (with level 5 debugging, to tell you why it’s failing, if it is)

3) AS ROOT, start ldap (slapd) with *lots* of console debugging:

/sw/sbin/slapd -d 255

Also see “man slapd”

4) AS ROOT, set up using these instructions:

http://www.onlamp.com/pub/a/onlamp/2003/03/27/ldap_ab.html

My install differed from this in the following ways (refer to the above-linked page to understand how these fit in):

Here’s my directory.ldif file:

dn: dc=my-domain,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
dc: my-domain
o: my-domain

dn: ou=addressbook,dc=my-domain,dc=com
objectClass: top
objectClass: organizationalUnit
ou: addressbook

***NOTE*** – MUST have the blank line between “o: my-domain” and “dn: ou=addressbook…etc”

Here’s the command line to add it to the directory:

ldapadd -D 'cn=Manager, dc=my-domain, dc=com' -x -f directory.ldif -W

(Had to add the -W -x -D ‘cn=…’ option to bind as that name, otherwise it tries to use SASL)

Command line to do initial search:

ldapsearch -W -x -D 'cn=Manager, dc=my-domain, dc=com' -b 'dc=my-domain, dc=com'
'objectclass=*'

(Had to add the -W -x -D ‘cn=…’ option to bind as that name, otherwise it tries to use SASL)

TO ADD AN ENTRY:

cn=Test User,cn=Test User,ou=addressbook,dc=my-domain,dc=com
givenName Test
sn User
cn Test User
street 123 Main St
o myCompany
l My Town
st CA
postalCode 50005
telephoneNumber 888 888 8888
mobile no mobile
facsimileTelephoneNumber 888 888 8888
mail me@my-domain.com

…next post – Importing Contacts from Thunderbird Addressbook into LDAP – will show how to export existing address book contacts from mozilla thunderbird and import them into your LDAP server…

So here we go…. First, by way of explanation – wickedlush will grow (initially, at least) with the purpose of disseminating information, in addition to providing entertainment, social comment and mental stimulation.

I have spent many many hours, utilizing the services of my good friend Mr Google, in order to solve conundrums (conundra?) of the highest order, and each time, I think “hmmm… I really must write up my own experiences on the web, so that others following the same path will have more information at their fingertips…” Typically, this happens after I’ve spent several days trying to solve a seemingly-impossible computing task, and have found the hint of an answer buried deep in a discussion list thread from 1997. This moment of enlightenment invariably follows many false starts, where google searches turn up someone with my exact problem, but clicking on the link reveals a lonely email with the accompanying text: “This is the only message in the current thread”. A silent scream for help, echoing through time….

So, dear reader, my intent is to blog many and varied subjects, from computers to art, from ashtanga to gardening, from software development to photography, and from eastern philosophy to blatant consumerism. That way, next time someone searches for an answer to their question, the odds of them finding an answer will be marginally improved and, with any luck, we will also have some fun along the way

This is *NOT* the only message in the current thread…

A virgin page lies before you and I… an adventure ready to unfold… what will it bring? Wait and see!