I don't know why SELinux problems seem so frustrating. The problem almost certainly is related to the fact that there is frequently no error message. This is exactly the problem I ran into while turning up a new Apache web server on Red Hat Enterprise Linux 6 (RHEL6) with SELinux enabled.
Aug
20
2012
Aug
17
2012
Based on my last post MySQL LDAP Authentication Plugin, I received feedback from MySql Joro Blog by Oracle.
They told me:
Insted of writing (and having to deply) your own client plugin you probably can reuse the cleartext client side plugin, specially because it’s available in a number of mysql clients already. Check sql-common/client.c on MySQL 5.5+ for details.
This is very useful because you only need to put the plugin in server side, and in the client side you only need to check if the clear password plugin is enabled.
Now, I present the updated code with the only server side plugin, and I reused the cleartext client side plugin from MySql, it’s more short and very focused in LDAP authentication:
/* Author: Ignacio Ocampo …[Read more]
Aug
11
2012
As a continuation of previous post, now, I will show how to make a mysql plugin for ldap authentication.
Get the mysql-server source code at http://dev.mysql.com/downloads/mysql/ (http://dev.mysql.com/get/Downloads/MySQL-5.5/mysql-5.5.27.tar.gz/from/http://cdn.mysql.com/)
Installing necessary packages
yum groupinstall 'Development Tools' yum install cmake ncurses-devel
Download source code, build and start MySQL Server
wget http://dev.mysql.com/get/Downloads/MySQL-5.5/mysql-5.5.27.tar.gz/from/http://cdn.mysql.com/ tar -xzf mysql-5.5.27.tar.gz cd mysql-5.5.25 # Preconfiguration setup groupadd mysql useradd -r -g mysql mysql # Beginning of source-build specific instructions cmake . make make install # Postinstallation setup chown -R mysql . chgrp -R mysql . ./scripts/mysql_install_db --user=mysql chown -R root . chown -R mysql data cp support-files/mysql.server …[Read more]
Aug
10
2012
I have the goal of authenticate MySQL users with an LDAP server, currently, employees of my company are authenticated in several services (ftp, ssh, svn) through my LDAP server, except MySQL. (As you can imagine, I need to add manually every user in MySQL, a very tedious task).
In this post I only leave the example with LDAP authentication.
Installing necessary packages
yum groupinstall 'Development Tools' yum install openldap-devel
Source ldapClient.c
#include <stdio.h>
#include <ldap.h>
/* LDAP Server settings */
#define LDAP_SERVER "ldap://nafiux.com:389"
int
main( int argc, char **argv )
{
LDAP *ld;
int rc;
char bind_dn[100];
/* Get username and password */
if( argc != 3 )
{
perror( "invalid args, required: username password" );
return( 1 );
}
sprintf( bind_dn, "cn=%s,ou=People,dc=nafiux,dc=com", argv[1] );
printf( "Connecting as %s...\n", …[Read more]
Aug
09
2012
I feel a sense of pride when I think that I was involved in the development and maintenance of what was probably the first piece of software accepted into Debian which then had and still has direct up-stream support from Microsoft. The world is a better place for having Microsoft in it. The first operating system I ever ran on an 08086-based CPU was MS-DOS 2.x. I remember how thrilled I was when we got to see how my friend’s 80286 system ran BBS software that would cause a modem to dial a local system and display the application as if it were running on a local machine. Totally sweet.
When we were living at 6162 NE Middle in the nine-eight 292, we got an 80386 which ran Doom. Yeah, the original one, not the fancy new one with the double barrel shotgun, but it would probably run that one, too. It was also …
[Read more]
Aug
03
2012
The problem many MySQL/MariaDB 5.5+ users are painfully aware of:
InnoDB: Using Linux native AIO
InnoDB: Warning: io_setup() failed with EAGAIN. Will make 5
attempts before giving up.
InnoDB: Warning: io_setup() attempt 1 failed.
InnoDB: Warning: io_setup() attempt 2 failed.
InnoDB: Warning: io_setup() attempt 3 failed.
InnoDB: Warning: io_setup() attempt 4 failed.
InnoDB: Warning: io_setup() attempt 5 failed.
InnoDB: Error: io_setup() failed with EAGAIN after 5
attempts.
InnoDB: You can disable Linux Native AIO by setting
innodb_native_aio = off in my.cnf
InnoDB: Initializing buffer pool, size = 128.0M
InnoDB: Completed initialization of buffer pool
mysqld got signal 11 ;
There is no news that disabling InnoDB native AIO is not exactly
the best possible option. It’s also not a secret that the
alternative is increasing aio-max-nr if …
Jul
27
2012
The brief outage was due to a scheduled move of the servers to a separate rack and subnet dedicated to our work with the Center for Information Assurance & Cybersecurity (ciac) at the University of Washington Bothell (uwb), and a11y.com
I am currently exercising the new (to us) equipment and hope to winnow the less than awesome equipment over the next quarter. I spent the last six months finding the best in breed of the surplussed DL385 and DL380 chassis we (work) were going to have recycled. The team and I were able to find enough equipment to bring up one of each with eight and six gigs of memory, respectively. These will make excellent hypervisors for provisioning embedded instances of Slackware, Fedora, RHEL, CentOS, Debian, FreeBSD, OpenSolaris, OpenIndiana, FreeDOS, etc.
When I initially configured this xen paravirt environment, I failed to plan for integration with libvirt, so I am now re-jiggering the software bridges so …
[Read more]
Jul
24
2012
This past week I attended OSCon, the annual conference for open source’s true believers. And there was a religious fervor in the air, particularly from the point of view of someone more accustomed to Oracle conferences.
And if open source is the religion, proprietary closed-source companies are the devil. That having been said, I was surprised how virtually all large companies were demonized. Even long-time defenders of open source like IBM were ignored at best. That didn’t prevent them from coming though, with Microsoft and HP in particular with high-profile sponsorships and PR offensives that didn’t seem to have much influence with the crowd.
The companies generating buzz were the small companies built around development of their own open source products. There are a surprising number of them out there, especially relating to multiple forks of a popular product like MySQL or …
[Read more]
Jul
22
2012
A couple students in one of my classes ran into a problem when
competing Java threads tried to insert new rows in a table. They
raised an error when they tried the DELAY keyword to
avoid the race (collision) condition in an INSERT
statement. It was simple to explain to them that the DELAY keyword doesn’t work with an
InnoDB table. Any attempt throws the following error:
ERROR 1616 (HY000): DELAYED OPTION NOT supported FOR TABLE 'message'
|
Important Update: INSERT DELAYED is gone
in MySQL 5.6.6 (announcement) and the whole issue comes down to
synchronizing threads (some dislike the solution) or using the
ON DUPLICATE KEY …
Jul
17
2012
Converting from uw-mailboxes (mbx) to Unix format (dovecot)
It took me by surprise how the mailbox formats had changed, when I switched to Dovecot which is the best IMAP/POP3 mail program, in my opinion. It handles large (enormous) mailboxes with many (hundreds of) users. Caching makes things go fast again.
Here is a simple bash utility, to take all users, and convert all
mailboxes & folders.
cd /home
for u in *
do
if [ -d /home/$u/Mail ]; then
echo "User: $u"
cd /home/$u/Mail