What if my tweets can be heard

Install rainbowstream

rainbowstream is a twitter client for linux cli.

• prepare python venv

python3 -m venv venv
source venv/bin/activate

• install rainbowstream

pip install rainbowstream

• run rainbowstream

rainbowstream
# you will be asked to login to twitter

Install espeak

espeak is TTS software for linux

Here is how I prepare python projects.

Assuming Python3 is already installed

I uses python3 installed by default via OS package. or brew python3 (But if I have a chance to use conda and the others, I may try)

Create python3 virtual environment

I uses venv module

• Create venv
  bash

  python3 -m venv venv

• Activate venv
  bash

  source venv/bin/activate

• Here you have Isolated environment you can experiment, not affecting entire OS.

Install pip and pip-tools

• Upgrade pip to latest version
  bash

  pip install --upgrade pip

• Install pip-tools for dependencies management
  bash

  pip install pip-tools

• for more information about pip-tools see https://pypi.org/project/pip-tools/

Installing libraries

• Create requirements.in file.
  text

  django>=2.2,<3.0

• Run pip-compile
  text

  pip-compile

• You can check cat requirements.txt
  text

  #
  # This file is autogenerated by pip-compile with python 3.10
  # To update, run:
  #
  #    pip-compile
  #
  django==2.2.28
      # via -r requirements.in
  pytz==2022.1
      # via django
  sqlparse==0.4.2
      # via django

• Install libraries using pip install
  bash

  pip install -r requirements.txt

• You can check installed libraries by pip list
  text

  Package    Version
  ---------- -------
  build      0.8.0
  click      8.1.3
  Django     2.2.28
  packaging  21.3
  pep517     0.13.0
  pip        22.2.2
  pip-tools  6.8.0
  pyparsing  3.0.9
  pytz       2022.1
  setuptools 59.6.0
  sqlparse   0.4.2
  tomli      2.0.1
  wheel      0.37.1

For security reasons, I created a script to notify me when someone(ME) access my server.

I created slack notification script, I will not explain about how to create slackbot here. You can have a good time to configuring slack bot.

/etc/pam.d/sshd

Append follow line to /etc/pam.d/sshd

session required pam_exec.so /etc/pam.scripts/noti_slack.sh

/etc/pam.scripts/noti_slack.sh

Create /etc/pam.scripts/noti_slack.sh file. and make the file executable chmod +x /etc/pam.scripts/noti_slack.sh

Creating Hugo Website for the first time

hugo new site www

Creating first page

hugo new posts/creating-hugo.md

I configured iMac to use My OpenLDAP server. There were several problems.

I will not talk about configuring ‘Directory Utility’. (If you know how to configure LDAP server and the basic method of configuring LDAP client, you will not have much difficulty in configuring LDAP client using ‘Directory Utility’)

1. First, try to switch user using sudo su command like 'sudo su - dgkim', there was problem accessing dgkim's home directory. no such directory.

  1. /home directory is reserved by mac os, so you need to change home directory to '/Users'

    1. Change mapping for 'Users/NFSHomeDirectory' using 'Directory Utility' : Change Users/NFSHomeDirectory from 'homeDirectory' to '#/Users/$uid$'
    2. See the page [1]
    3. there were several other topics, to use auto_mount NFS volume as home directory(this case I need NFS server that I don't have), or disable auto_mount and symlink /Users to /home (but it wasn't the answer what I was looking for.)


  2. /Users/dgkim directory will not be created automatically

    1. Use LoginHook to create user's home directory. login hook can be created with 'defaults write com.apple.loginwindow LoginHook /path/to/hookscript.sh'
  2. I followed instructions on page [1] YOU SHOULD KNOW WHAT THE SCRIPT DOING.
  3. This only works with login screen, it means if you try to access via ssh for the first time, it will not work.

2. Second, try to su from local user like 'su - dgkim', the password authentication failed.

  1. The mac os tries to authenticate the user with mechanism that can't be used at server. It may not be the problem of mac os, It may caused by openldap. I don't exactly know clean answer. [2]
  2. This problem was long unsolved problem for me. When I change olcSaslSecProps, the EXTERNAL method is blocked. (it isn't acceptable.)
  3. I tried first method of [2], I configured 'olcSaslSecProps', then the local command like 'ldapsearch -Y EXTERNAL', stopped working. It means the root user can't change or control, the server configuration(by ldapmodify). It took several hours, I researched "How can I disable only '*-MD5' and use only 'LOGIN or PLAIN'"
  4. but the answer was below, in the page [2], there is a instruction to change access control list.
  5. The page [2] shows static config (like 'slapd.conf'), but I uses dynamic(?) configuration '/etc/ldap/slapd.d/cn=config'. Modifying using ldif file can't be difficult.
  6. The page [3] is similar answer.

[1] : https://docs.foxpass.com/docs/mac-os-x-logins-over-ldap [2] : https://serverfault.com/questions/916745/unable-to-authenticate-openldap-users-on-macos-clients-user-not-found-no-secre [3] : https://www.chriscantwell.co.uk/2009/12/mac-osx-authentication-against-openldap/

How to add root dn for cn=config

This document describes how to add root dn and password for cn=config base.

• manager.ldif

  text

  dn: olcDatabase={0}config,cn=config
  changetype: modify
  add: olcRootDN
  olcRootDN: cn=admin,cn=config
  -
  add: olcRootPW
  olcRootPW: {SSHA}blablabla

• ldapmodify