For security reasons, I created a script to notify me when someone(ME) access my server.

I created slack notification script, I will not explain about how to create slackbot here. You can have a good time to configuring slack bot.

/etc/pam.d/sshd

Append follow line to /etc/pam.d/sshd

Creating Hugo Website for the first time

I configured iMac to use My OpenLDAP server. There were several problems.

I will not talk about configuring ‘Directory Utility’. (If you know how to configure LDAP server and the basic method of configuring LDAP client, you will not have much difficulty in configuring LDAP client using ‘Directory Utility’)

1. First, try to switch user using sudo su command like 'sudo su - dgkim', there was problem accessing dgkim's home directory. no such directory.

  1. /home directory is reserved by mac os, so you need to change home directory to '/Users'

    1. Change mapping for 'Users/NFSHomeDirectory' using 'Directory Utility' : Change Users/NFSHomeDirectory from 'homeDirectory' to '#/Users/$uid$'
    2. See the page [1]
    3. there were several other topics, to use auto_mount NFS volume as home directory(this case I need NFS server that I don't have), or disable auto_mount and symlink /Users to /home (but it wasn't the answer what I was looking for.)


  2. /Users/dgkim directory will not be created automatically

    1. Use LoginHook to create user's home directory. login hook can be created with 'defaults write com.apple.loginwindow LoginHook /path/to/hookscript.sh'
  2. I followed instructions on page [1] YOU SHOULD KNOW WHAT THE SCRIPT DOING.
  3. This only works with login screen, it means if you try to access via ssh for the first time, it will not work.

2. Second, try to su from local user like 'su - dgkim', the password authentication failed.

  1. The mac os tries to authenticate the user with mechanism that can't be used at server. It may not be the problem of mac os, It may caused by openldap. I don't exactly know clean answer. [2]
  2. This problem was long unsolved problem for me. When I change olcSaslSecProps, the EXTERNAL method is blocked. (it isn't acceptable.)
  3. I tried first method of [2], I configured 'olcSaslSecProps', then the local command like 'ldapsearch -Y EXTERNAL', stopped working. It means the root user can't change or control, the server configuration(by ldapmodify). It took several hours, I researched "How can I disable only '*-MD5' and use only 'LOGIN or PLAIN'"
  4. but the answer was below, in the page [2], there is a instruction to change access control list.
  5. The page [2] shows static config (like 'slapd.conf'), but I uses dynamic(?) configuration '/etc/ldap/slapd.d/cn=config'. Modifying using ldif file can't be difficult.
  6. The page [3] is similar answer.

[1] : https://docs.foxpass.com/docs/mac-os-x-logins-over-ldap [2] : https://serverfault.com/questions/916745/unable-to-authenticate-openldap-users-on-macos-clients-user-not-found-no-secre [3] : https://www.chriscantwell.co.uk/2009/12/mac-osx-authentication-against-openldap/

How to add root dn for cn=config

This document describes how to add root dn and password for cn=config base.

• manager.ldif

  text

  Read more...

   Ldap

As I previously posted, I made a WiFi AC remote controller project. see telegram bot for HVAC

Today, I begin a new project to go further.

I purchased another Raspberry Pi 3 Model B, AND Raspberry Pi Sensor Kit. (http://m.eleparts.co.kr/goods/view?no=3730500 and http://m.eleparts.co.kr/goods/view?no=3030452)

(I just wanted to purchase sensor only, but I can’t sure, I could attach these sensors to my existing RPi, so I posted a question to a forum https://www.cooking-hacks.com/forum/viewtopic.php?f=43&t=19434&sid=d89e064868d4a0dce0c58ea7a6490bde)

And, I tested DHT11 as https://github.com/deokgonkim/rpi_sensor

My next step will be,

1. set up a messaging queue, like Rabbit MQ

2. set up a web/api server for gathering the data and the controll center.

3. my existing bot code shoud be migrated to a new server, and these two RPi should listen to MQ for commands, and should send data to MQ.

To be continued…

My first Apple Watch died. (1st generation 42mm stainless steel)

I have worn it for about 3.5 years. (since 2015.08. ~ 2019.02. )

Yesterday, I noticed top panel is popped up.

So, I googled some known issues like this kind of accident. and I found there was an issue regarding battery swollen.

(you may see the swollen battery or not. I think it is swollen.)