ResourceSpace cron and database notes

Ran into a couple of issues today:

Note: system setup is Debian 9 with standard options (Apache 2.4, PHP 7.0, MariaDB 10.1)

Cron

The documentation implies you should run cron_copy_hitcount.php as a cron job. However, the new correct way seems to be to run batch/cron.php, which runs a bunch of sub-jobs. I’ve got this set up in cron.daily as:

#!/bin/sh
wget -q -r http://localhost/resourcespace/batch/cron.php

We’ll see if this works. Certainly running it directly by browsing to it seems to work.

LDAP

Trying to activate the simpleldap plugin threw up two problems:

php-ldap wasn’t installed – easy enough. Note apache needs a restart after installing…

Second error was a problem with the database – the plugin couldn’t create a table, with error

Specified key was too long; max key length is 767 bytes

This seems to be because when I created the database the character set used was utf8mb4_general_ci, which in the worst case uses 4 bytes per character. If you try to create a index key with 255 characters you run into this limit.

The solution was to change the database to use utf8_general_ci. This allowed the plugin to create the simpleldap_groupmap table with utf8_general_ci. The rest of the database is still utf8mb4_general_ci, but as it has been created already without an issue we should be ok.

Notes on getting Ubuntu 16.04 to work with NIS

Note – this only sets up the system to use user and group logons, not automounting home directories. I haven’t figured out how to make this work in Ubuntu 16.

Install package nis

Probably a good idea to set network address statically in /etc/network/interfaces (NetworkManager should recognise this and then leave it alone)

Probably also a good idea to check that /etc/hosts has the domain name for the system, i.e.

127.0.1.1 domain.name.machinename machinename

Add yp server to /etc/yp.conf

Edit /etc/nsswitch.conf to add nis for passwd, group and shadow. Note that compat should include nis by default.

Add a dependency to make the rpcbind service start at boot

systemctl add-wants multi-user.target rpcbind.service

(See this Debian bug report or this Ubuntu one)

Note that this is not a complete fix – it is reported that if the network does not come up fast enough things still break.

For users that need to log on to the system, create home directories

mkhomedir_helper <username>

Remember to reboot to check everything is working:

yptest

if that fails check if the bind services are running

systemctl status rpcbind
systemctl status ypbind

WordPress login time with the wpDirAuth plugin

The WordPress wpDirAuth plugin currently has a hard coded session time of 1 hour for directory authenticated (LDAP etc.) users. Hopefully at some point in the future this will become configurable. Discussion here.

On a related note, inserting

define( 'AUTOSAVE_INTERVAL', 60 ); // Seconds

in wp-config.php changes the autosave interval (default is 60 seconds).

Edit: Fixed in V1.9.3 thanks to patch submitted by Sean Leavey – time is now configurable.

User missing from login screen – OSX with FileVault

Situation: new MacBook with OSX Sierra. Set up with an admin account, enable FileVault (taking note of recovery key obviously!) and install the necessary. Create account for end user and give it to them. All is well (after getting some USB-A to USB-C converters…)

User restores all his stuff from a Time Machine backup to the account on the new system – this overwrites all the current user settings. After rebooting the system, his account has disappeared from the login screen.

Solution: Log on as the other administrative user (luckily we have one!) and open the Settings – Security & Privacy – FileVault. A notice at the bottom of the dialog box appears informing you that there are some users that are not enabled to use FileVault, with a button to enable the users. This brings up a list showing the missing user. To enable the user their password needs to be entered.

Checking out SVN in a new directory and getting a ‘working copy too old’ (or similar) error

Had a situation today where we were trying to check out a SVN repository and kept getting

Check Out: Cleanup with an older 1.7 client before upgrading with this client

both with SmartSVN and the OSX command line svn – into a new clean directory.

The problem turned out to be an old .svn metadata folder in the directory above which should have been deleted when rearranging folders. This seemed not to affect existing working copies below this, but it looks like it did cause problems with creating new working copies. Deleting the rogue .svn directory made things work.

Opening Dell P2241Hb TFT monitor

Note that you get into this via the front bezel (there’s no handy pry gaps or slots unfortunately). The grey surround and the back are not meant to come apart.

Note that the electronics box is attached to the lcd by a couple of bits of tape only. It’s attached to the back by four screws.

Enable pfSense web administration from WAN

N.B. you should only do this if the WAN interface is actually on a protected network!

Set up a new firewall rule on the WAN:

  • First section should be Pass, WAN, IPv4, TCP
  • Source: Restrict as appropriate (note – need multiple rules if wanting to allow multiple subnets through).
  • Destination: WAN address
  • Destination port range: HTTPS (443)

Save this.

Note that if your WAN network has private addresses on it then you also need to configure the WAN interface to allow this (bottom of configuration page, uncheck Block private networks and loopback addresses). Note that you will then see this rule removed from the firewall WAN list.