I know that this isn't completely tested to see if it is a consistent behavior, but I ran into an issue after upgrading a Leopard server to Snow. The server was running mail services utilizing both the standard spool location and an alternate mail store. 

 After the upgrade all seemed to be well, but we shortly discovered that the users who used the alternate mail store didn't have access to their existing mail. The users in the standard location were just fine.

 After poking around I saw that the alternate store contained two sets of user mail directories within the dovecot directory. One was named with the users shortname, ala Cyrus and the other used a GUID, ala Dovecot. Apparently during the upgrade the existing folders were converted to Dovecot format, yet new folders were also made. By renaming the folders with the shortnames to the GUID, proper functionality was restored to the users mailboxes.

 It was a simple fix, but it took some poking to figure it out. Also being new to Dovecot it took me longer than it probably should have to resolve. Hopefully this will save someone else some time. 

Going to be in the San Francisco area next week? Bummed out that you couldn't afford/con your boss into buying you a Macworld Conference pass for 2010? Well you are in luck!

We've managed to score a limited number of full conference passes for the show next week. These aren't the expo floor only passes, these are the conference passes so you can go join your Mac sysadmin peers and learn all sorts of fun new stuff.

Because this is all on very short notice we are going to do the contest that everyone hates. The email race.

The first six(6) people to get an email to: mw2010ticket@afp548.com will get one of the passes. Use "MW2010 Email Race" for the subject line.

On your marks. Get set. GO!

And we have our winners!

If it wasn't you then keep your eyes peeled. We are digging around for more passes...

GroupLogic is working to bridge the gap between corporate mass archival solutions and Mac OS X. With a new product called ArchiveConnect, the makers of Extreme Z-IP now have a product that provides the ability to fully integrate CommVault's Simpana. This allows you to reduce the required footprint of on-line disk capacity while being able to meet compliance and data retention requirements. Check out their webinar at: http://www.commvault.com/webinars/details.asp?id=1083 

 

 

You may have noticed that your Mac OS X Server has become a bit aggressive about flagging e-mail as spam. This is because the default ruleset was created long enough ago that any e-mail from the year 2010 was obvious spam, or sent by time traveling robots.

All you need to do to correct the issue is to update the future date rule.

We were about to post our own article on this topic when Apple went and posted an official one. This fix should work any SpamAssassin setup that you have.

Enjoy!

Apple TS3187: Mac OS X Server may classify some inbound messages sent on or after January 1, 2010 as spam

 

 

Part four in our continuing saga of getting some business continuity for ourselves. This article is of a more personal nature as it covers one of the mainstays of the AFP548 worldwide disaster recovery solution. Every morning at 4 am we take a copy of MySQL database that holds the past 8 years of content here and move it from the wilds of Illinois to relaxed saftey of the MacMiniColo.net data center in Las Vegas.

Read on for how we're doing this...

The Enterprise Desktop Alliance has their survey for 2010 out.

This one focuses on support costs and ratios.

Find it here.

For several months I've been searching for a complete solution that can offer access control, authentication, integrated search indexing of all content and content management itself for a company intranet that can dispense the following to our internal users:

• Training videos, shared contacts, job aid resources and content management
  
• A PHP based web front end to access our databases of clients, cases, task management, etc.

We're running Leopard Server, Kerberos, LDAP and all that other fun stuff. But we also are a mixed platform environment with remote branch offices running isolated windows domain workgroups, accessing our intranet from across a VPN. (not my doing)

The problem that I'm having is that I cannot find any one great solution, application or API that can integrate our intranet with our LDAP on Leopard Server for authentication on a remote intranet proxy. I don't just want to rely on creating a secured realm, I want something smarter. I also want this solution to be as simple as possible from the end user's perspective and do things like allow local unauthenticated (or kerberos) access from workstations on our LAN or workstations on our site to site VPN, that traffic is trusted and should be able to totally bypass authentication or at least allow authentication to happen in the background.

 Maybe I'm asking for too much in search of a solution but I don't want to make our users re-signon when they want to switch from our database front end to view training materials, or to access webmail, or view the collaboration wiki content. I also don't want users to have to rely on 5 different methods of searching our intranet to find what they're looking for as well.

I figure that for what I want to do, I will have to:

1. Come up with a custom spotlight search API for Apache, that will not only singularly index web content, but integrate database content as well.
2. Figure out how to modify apache to openly serve the site to trusted internal IP addresses or use WebDAV with kerberos single sign-on.
3. Come up with a public web proxy where remote users can authenticate with their LDAP credentials and then access the intranet from remote locations.

So if anybody has a suggestion to accomplish any of this on Leopard Server, or knows of a great resource on how to do any of the following, like: modify the spotlight search plugin for apache, integrate LDAP authentication within a web page, modify apache to only allow certain IP addresses to access a site, use one authentication session ID to access other secured sites, view PDF, word, excel files on a shared volume through a web front end or how to create a remote sign-on proxy. If you have any thoughts on this or know something that would help, let me know.

 

If you are getting an error "Can't assign requested address" you may have a problem with the mysql port.  I had just moved my server to a MacMini running Mac OS X 10.6 and mysql_connect was giving this error.  Going into the /etc/php.ini file and setting the default port number to 3306 fixed the problem. 

mysql.default_port = 3306

The php.ini file suggests that PHP will select the port by using the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services, but in this case it is not so.  /etc/services on my machine has 3306 listed, but it didn't get picked up.

Part three in our continuing saga of getting some business continuity for ourselves. After a long hiatus, we now return to our story and begin knocking down the basics of continuity. In this episode it will be a quicky as we tackle DNS.

It's always been on the to do list to set up a Disaster recovery site for AFP548.com there just hasn't been enough time to really do it. Well, that's all changed now. Through the generous help of MacMiniColo.net we now have a Mac Mini humming away in Vegas, perhaps having more fun then we are...

Read on for what we're doing with it...