[Network Administration]: OS X Contacts and LDAP

I updated my LDAP accounts with information to pull into the OS X for contacts. I’ve already got my network users in my LDAP directory available to OS X and I can now use this for managing my contacts.

First I need to extend the information that I want to make available in the directory. The inetOrgPersion object from the inetorgperson schema provides a whole slew of attributes and the apple schema for LDAP already provides even more. I added two attributes to my accounts in particular:

  • mail – Email address
  • jpegPhoto – Image in JPEG format

The two are pretty basic. I wanted to add mail to the account for other reasons already.

As an aside, the directory can store contact information for not just users. The objects can also be used to store other contact information in the directory without the user account information. Such people can be stored in a separate sub-tree such as ou=people,dc=example,dc=com. I don’t have any like this, but I don’t see any reason why it wouldn’t be the case.

To get this to work with OS X, the mapping needs to be extended. I added the following two mappings

  • EMailAddress -> mail — This is listed as “work” email under the contacts app in OS X
  • JPEGPhoto -> jpegPhoto — This is the photo associated with the contact

There are more that can be added such as:

  • RealName -> cn — Doesn’t seem to be used
  • RecordName -> cn
  • FirstName -> givenName — Contact’s first name
  • LastName -> sn — Contact’s last name
  • HomePhoneNumber -> homePhone — Listed as “home” phone number
  • PhoneNumber -> telephoneNumber — Listed as “work” phone number
  • MobileNumber -> mobile – Listed as “mobile” phone number
  • EMailAddress -> mail — Listed as “work” email address
  • AddressLine1 -> street – Doesn’t seem to be used
  • Street -> street — Listed as part of “work” address
  • City -> l — Listed as part of “work” address
  • State -> st — Listed as part of “work” address
  • PostalCode -> postalCode — Listed as part of “work” address
  • PostalAddress -> postalAddress — Doesn’t seem to be used
  • CreationTimestamp -> createTimestamp
  • ModificationTimestamp -> modifyTimestamp

There are more possible attributes to add. In creating the mapping in Directory Utility, there is a list of attributes that can be associated with the different records, for example, the users certificate can be added into their entry. Adding the email address attribute was straightforward, but for the image it was more complex. The image binary needs to be written straight into the attribute. I used a piece of code with ldapmodify like:

n: uid=testuesr,ou=users,dc=example,dc=com
changetype: modify
replace: jpegPhoto
jpegPhoto:< file:///tmp/image.jpg

This will write the contents of the file into the attribute.

At this point I needes to push this out to a couple of OSX machines to update the mapping. I disnt really want to load the new twmplate onto each one, so instead I wrote the mapping to the server.

[AWS] Mail Relay

I got my AWS account up and running.

Getting set up

First, I got an AWS account on the site. It was pretty easy, and free to start. I don’t expect to have any issues in terms of compute time, so it should be really cheap.

I did use IAM to setup some other accounts so that I don’t need to use my AWS account every time I wanted to log in. There is a user guide here. Following that, I gave myself an admin account that I could then use to administer everything else. I’m planning on using it for some other items than just an MTA, so I wanted to separate them.

After getting my accounts setup, I needed to find a suitable AMI to run. What I eventually want is an Ubuntu image that I can load postfix onto. There is a Ubuntu community page to find a suitable image to run on the EC2 machines that you can search by release. There are a number of official releases that they provide for EC2 use. I’m using ami-1cf1db59, which is a 64-bit 12.04 LTS release

Now that I’ve picked out my AMI, I launched it into their farm. My account only supports VPC, so that’s where it’s going. I just used the web console for this. I selected a t1.micro machine. At the end, I got a key pair(.pem RSA private key) that I downloaded to my machine. I’ll need that in a little bit.

[Update]: You can also bring up a new AMI from the command line using a command like:

$EC2_HOME/bin/ec2-run-instances ami-acf9cde9 -g <SECURITY_GROUP> -k <KEY_PAIR>

[Update]: For t1.micro instances, you’ll have to pass it on the command line as the m1.small instance is the default:

$EC2_HOME/bin/ec2-run-instances ami-acf9cde9 --instance-type t1.micro -g <SECURITY_GROUP> -k <KEY_PAIR>

The key pair is the one that will be loaded that allows you to SSH into the instance. You will need to create one beforehand. You can do this with the ec2-add-keypair command. The security group describes the ports that are open. If you are using the default, you may need to open ports to communicate with it. You can use the command ec2-authorize, or ec2-modify-instance-attribute to change the security group after the fact. Note, if you use ec2-modify-instance-attribute to change the security group, you need to give it the ID, and not the name. You can get the ID from the ec2-describe-group command.

Getting the command line working

It took me a while to get the command line tools working. I installed the EC2 command line tools which I got from the Amazon website. It doesn’t have any real instructions. There are some on the web that you can find.

I had to add some information into my csh environment.

AWS stuff
# Tell it where java is
setenv JAVA_HOME /usr
# Optionally, set up paths for command line tools.
setenv AWS_HOME /usr/local/aws
setenv EC2_HOME $AWS_HOME/ec2

# Setup ec2 wide env
setenv EC2_URL https://ec2.us-west-1.amazonaws.com

# Load the access keys into the environment for EC2 command line tools.
setenv AWS_ACCESS_KEY
setenv AWS_SECRET_KEY

Most of the stuff that I found on the web used EC2_PRIVATE_KEY and EC2_CERT, but according to the EC2 user guide, these are deprecated, and should no longer be used. The new options to use AWS_ACCESS_KEY and AWS_SECRET_KEY instead. Personally, I find this a little annoying as this means that my keys are in my environment instead of read from a file.

I did have to add the EC2_URL env variable so that I can connect with the us-west-1 server farm which I’m using. The default is the east coast one. I’m in California, so it’s the closest to me.

IP addresses

I got an elastic IP address from amazon. I can now assign this to my instance. This is a static IP address that is associated with my account. I can move this from instance to instance as I need. It’s kinda like a static IP address that I get from Amazon that I can use as I see it.

I got an EIP with the allocate address command
ec2-allocate-address -d vlc

I had to add the VPC option as the domain since that’s what I’m using.
I then associate this with the instance
ec2-associate-address -i <INSTANCE-ID> <IP_ADDRESS>

The address in the command above is what is returned from the allocate address command in the previous step. The instance ID can be determined either from the EC2 web console, or from the ec2-describe-instances command.

After this, I updated my DNS records for my domain to point at the EIP that I associated with my running instance.

Getting into the machine

I can now ssh into my machine.
ssh -i <PRIVATE_KEY> <USER@SERVER>

The private key is what was generated when the instance was started. It should be a .pem file. In my case the user to log in was “ubuntu”, but it probably depends on the image that you’re using.

apt-get install postfix
configure as internet to smarthost

http://www.postfix.org/STANDARD_CONFIGURATION_README.html#firewall

References

Google Maps April Fool’s

I love this April Fool’s from Google. Who doesn’t have fond memories for a childhood staring at an NES system. My favorite part is “Blow on the cartridge to fix bugs.” and the 56K modem sound that it makes. Why did modems even make that sound. Was there even a reason to have a speaker on the modem card? There is probably a large portion of on-line citizens that have no idea what I’m even talking about.