So, I turn on debugging so I can see what OpenLDAP thinks is going on and I see that the krb principal is put as UID=PRINCIPAL. But no realm! OpenLDAP should do some realm mapping!
I had a lot of success last night with getting LDAP working with Authentication and mail routing. Unfortunatly, I’ve managed to leave it in an instable state.
The big problem here is that I have to grok how all the parts fit together and that seems to be difficult for me right now. It seems to me that if LDAP is going to let you authenticate using GSSAPI over SASL, they should tell you who you are. You should be able to figure out who you are. They should clearly document how identity maps between SASL and LDAP.
What does CityDesk do? Looks like it provides a GUI front-end for a set of XML transformations. Not that that is a bad thing. It’s a good thing. People feel more comfortable with the “control” that they feel a WYSIWYG editor gives them. Personally, I get irritated from having to go over all the formatting and get it right. But it looks like Joel has combined the best of both worlds — kind of like XMetal does.
I have a similar system in place at work that let’s me edit a document without bothering with the formatting and produce printable copy from the same document. I can change the appearance on the fly — this is what XSLT is for. And, if you are into Perl, check out AxKit which will give you all these benefits for free. But, without the GUI front-end.
Hey! Here is a great resource for setting up LDAP-based mail routing for virtual domains under EXIM. That should be very helpful.
Just another note on the note below about government’s growing power.
All it took to give the government these powers were decrees. “Ok, we’re doing things this way from now on.” Perhaps non-citizens shouldn’t expect any constitutional rights, but what if a suspect is a citizen? Next thing you know, it’ll be drug smuggling suspects who are tried by the military. Then any immigrant and non-citizen. Then we’ll get any citizen who does really nasty things.
So much to think about and worry about. Bush seems to be taking this opportunity to use military tribunals to try suspected terrorists, and his administration has taken to eavesdropping on suspects’ conversations with their lawyer.
They can get away with this because people don’t care about the terrorists.
They don’t think that they can be designated a suspect, so they figure the new rules won’t apply to them. The government takes advantage of this apathy by granting themselves more and more power. Civil liberties for suspected terrorists have taken a precipitous dive over the past couple of months. And, when suspects loose rights, we all loose rights.
This reminds me of what a co-worker said about downloading music over the Internet using Napster. “Until a judge decides its illegal, I don’t care.”
I had a long lunch today with Eddie Parker, an old co-worker from when we both worked at PixSell. He’s moved on to consulting and such now, but it was good to hook up with him for lunch.
He asked me for information about copying a disk from one machine to another on Solaris. The important thing here was installboot but in the process of looking up information about this I came accross numerous pointers to securityportal.com’s “Cold Mirroring” instructions. Unfortunatly, it was only pointers. The actual page was 404.
Just saw Shrek over at the neighbor’s house.
Pretty funny, really. But this is why I don’t want to own a DVD player — so we can go over to the neighbor’s and watch. Rose ordered pizza and had her grandkids there (who are about the same age as my kids) and we had some kids from accross the street there. It was fun, and we all enjoyed ourselves and spent time together as neighbors.
Last night, I was able to get hierarchical administration going. That means that we’ll be able to let people admin their own domains for email. They’ll be able to add mailboxes as needed.
One worry about this, though. Quotas! We have to enforce quotas per domain. Right now the only way I can think of doing this is cron jobs since, to my knowledge, Cyrus IMAPd doesn’t allow you to set quotas for a group of users.
I also spent a little time looking at the current non-functionality of PHP but decided to let it go for now since we aren’t using it.
I did try chatting with Sheila, but she and Mert were busy chatting it up.
It was 3:00am when I finally finished up last night. Alexis is being really helpful, and when I woke up this morning my clothes were ironed!
BTW, if you are the sysadmin for more than one Solaris box, you would benefit from learning to create installation packages. For a step-by-step recipe, see sunfreeware.com’s pkgadd instructions.