From paul.suh at ps-enable.com  Wed Jun 11 20:58:16 2008
From: paul.suh at ps-enable.com (Paul Suh)
Date: Wed Jun 11 20:58:22 2008
Subject: [Newsletter] PACKA-GEm, OD LDAP indexing, Apple Retail and Xsan,
	MOSXSWebPassword, Training
Message-ID: <1AA19512-E86E-4760-A7C4-5B0583B5AF04@ps-enable.com>

Folks,

It's been a longtime since the previous newsletter because I've been  
heads down writing code on a new project that just had its official  
announcement last night.

PACKA-GEm
---------------

I've done a lot of work with a client configuration management tool  
called the Casper Suite. It's a great enterprise tool for dealing with  
pushing out packages and configurations to hundreds of desktops and  
laptops, running scripts, and a whole lot more. Unfortunately, it's  
not well suited for organizations with less than 100 or so seats; the  
costs and complexity make it more trouble than it's worth for such  
smaller installations.

What I've been working on is turning this into a hosted service called  
PACKA-GEm. For a relatively low monthly fee per computer under  
management, we will provide the management server; all you need is a  
local file server to hold the updates. We're in limited alpha testing  
right now; we're looking at launching the service for real at the end  
of the summer. For more information, go to:

<http://www.packagem.com/>


Open Directory LDAP Indexing
--------------------------------

If you do a lot of management of computers via Computer Lists, you  
should look in the /var/log/slapd.log file on your OD master for error  
messages that look like:

> Apr 15 20:31:11 odserver slapd[78]: <= bdb_equality_candidates:  
> (apple-computers) index_param failed (18)\n
> Apr 15 20:31:11 odserver slapd[78]: <= bdb_substring_candidates:  
> (apple-mcxflags) index_param failed (18)\n

These are an indication that the LDAP server is performing searches on  
non-indexed attributes, and as a result is running more slowly and  
requiring more CPU power than it might need otherwise. Even if the CPU  
power of your OD server is not max'ed out, your clients still may be  
acting erratically because some LDAP queries are taking too long to  
return.

You can add more indices to the slapd configuration to alleviate the  
problem by performing the following procedure.

1) Shut down the LDAP service:

sudo launchctl unload /System/Library/LaunchDaemons/ 
org.openldap.slurpd.xml
sudo launchctl unload /System/Library/LaunchDaemons/ 
org.openldap.slapd.xml

2) Edit the config file to add the necessary indices.

Add the following lines to /etc/openldap/slapd_macosxserver.conf, down  
near the end with the other index statements:

index   apple-computers     eq
index   apple-mcxflags       sub

3) Run the slapindex command.

sudo slapindex

Of interest is the following statement from the slapindex man page:

        This command provides ample opportunity for  the  user  to   
obtain  and
        drink their favorite beverage.

It actually doesn't take that long, a matter of only a five or ten  
minutes at most on the ones that I have done, some of which had  
several thousand entries.

4) Restart the LDAP service

sudo launchctl load /System/Library/LaunchDaemons/org.openldap.slapd.xml
sudo launchctl load /System/Library/LaunchDaemons/ 
org.openldap.slurpd.xml


Xsan and Apple Retail
-----------------------

I went by my local Apple retail store the other day; I was in a grumpy  
mood from trying to do some tricky stuff with Xsan 2 and a load  
balancer for AFP, so I was a bit sarky when the nice lady who greeted  
me as I stepped in the door asked me, "is there anything I can help  
you with today?" I answered, "can you help me figure out why an Xsan  
volume being shared out via AFP through a load balancer doesn't show  
up correctly?" Her reply: "The only thing I know about Xsan is that  
it's the most frequently stolen item from our shelves." I burst out  
giggling uncontrollably! :-D For the record, the second-most-stolen  
item is Apple Remote Desktop and the third-most-stolen item is Mac OS  
X Server.


MOSXSWebPassword, v1.5L
----------------------------

I recompiled MOSXSWebPassword, so that it works properly on Leopard.  
The app hasn't changed significantly under the hood, but the final  
redirect had to be re-done, as WebObjects was throwing an exception  
after a successful password change. Leopard's limited admin users may  
override some of the MOSXSWebPassword functionality, but the web app  
still is a bit more fine-grained. It's posted to my web site at:

<http://ps-enable.com/software/MOSXSWebPassword1.5L.dmg/view>


Training at Tech 2000
--------------------------------------

I'm teaching the Apple Training courses again at Tech 2000, located in  
Herndon, VA. You can reach them at

Tech 2000, Inc.
459 Herndon Parkway, Suite 8
Herndon, VA 20170
Phone: 703.467.8600
Fax: 703.471.8364
Toll Free Registration Line: 800.433.1482

Sales@t2000inc.com
http://www.t2000inc.com/


--Paul


Paul Suh                                         http://www.ps-enable.com/
paul.suh@ps-enable.com                           (240) 672-4212




-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2615 bytes
Desc: not available
Url : http://lists.ps-enable.com/pipermail/newsletter/attachments/20080611/76fe4711/smime.bin