This picture was in the street in front of my apartment.
Archive for February, 2005
So - I have this Dave moment…
I am 3/4 reclined in the egg shaped bulkhead seat flying over Great Slave Lake (Detroit to Osaka)-listening to Oakenfold on SamSung MP3 player (marginally degraded user experience - Not an IPOD) while the fully articulating chair gently pulses my lumbar region. A perfect 10 point Dave moment. I then shuffled to that Ipanima girl!
I am writting from the China Trust Hotel in southern Taiwan at the end of my first full day over the puddle and I love this spinning head full of images. I do have a digital camera this time and will send some shots over. I need sleep now however.
One last image to spare - in the 1st class lounge in Osaka - a tall buddhist monk in a mustard colored robe quietly walks by wearing a mustard and black Louis Vitton scarf
There really is something broken about OSX’s use of LDAP as a directory server.
I dont have an OS X Server. That’s probably a good thing, because I think it must do something to the OOB netinfo that basically invalidates it.
Fro more information you can see my page taht has a more extensive documentataion of my experiences…
I dont know how they do that.
What needs to happen is this: At system start up after the network is enabled, I need to see some kind of attempt to read some information from the directory.
But I dont see any until AFTER a user logs in.
This means that users that are valid LDAP users cannot login to a machine until AFTER a netinfo user has logged in, and some of the LDAP information is known to the system.
Once that happens, any user with an LDAP entry can login.
Again, the first login has to be from a user with valid local netinfo creds, otherwise no dice. Once a local netinfo user has logged in, all is fine.
This is only for environments where all the machines have local netinfo databases, which is pretty par for the course in small environments. If you have an XServe, and everyone is migrated, then you are fine.
But this leadds me to wonder what happens to the 50% of other businesses that are not configured right, where profiles are not migrated to the server… There’s got to be trouble there.
OpenDirectory is very half baked right now, mostly the work needs to be done at the client side. I’ve been trying alot of things. I’ve customixed my lookupd prefs so that the default search order is Cache DS NI. This did not work. Does anyone know how to override the search order in Directory Access?
* WPG2 Plugin Not Validated *Hey Bonehead in blue Ford Explorer, with the easy to remember vanity plate, who was honking at me to make a right turn on red at the corner of Hanley and Wydown…have some patience stupid.
Ok, so what is the deal with bumpers and bowling? We tried to go bowling on Sunday, and our favorite bowling alley, Tropicana, was closed for a private party. No problem, we went to another bowling alley, and asked for bumpers, since we all suck horribly at bowling and having bumpers is the only way that we can all enjoy the game without sinking gutterballs.
The first place would only give us bumpers for the kids, the adults needed to have their own lane.
“That sucks.”, to quote my daughter.
The next place we went only had bumpers for kids under 8, and wouldn’t give us a lane with bumpers. What? I tried to explain that we just wanted to throw a ball at some pins and weren’t good enough bowlers to enjoy the game without bumpers. No dice.
Is it that tough to set up bumpers?
In further attempts at reverse engineering OpenDirectory, here is the latest status report.
I’ve managed to get just about as far as I really want to go right now. I still cannot BIND to the directory without deleting my user in the local netinfo db. I suppose I could login as one user at home (LDAP) and another on the road, and give them both the same home dir.
I’ve even tried deleting the AuthAuthority setting in my local nidb, no dice. Again, what does work is to rename your nidb user entry to something else. Once you do that - Then BIND authentication works. I think there must be a flag in netinfo that says not to rely on the nidb, and to always validate the user with LDAP, if possible, otherwise fallback to the nidb cache.
You can turn on the Workgroup manager client in OS X by creating an object of objectclass apple-computer and giving it the apple-mcxflags with a value of ‘*has_mcx_settings*’ and creating attribute attribute ‘apple-mcxsettings’ with an empty string as the value. This will cause Workgroup Manager client interface to be displayed on login.
I’m still working on what is contained inside the applemcxsettings attribute, to get stuff to appear insode the workgroup dialog.
Later.
