First find out what version of bdb (Berkely DB) slapd is using:
apt-cache show slapd
[snip]
Depends: libc6 (>= 2.4), libdb4.2, libgcrypt11 (>= 1.4.0), libgnutls26 (>= 2.4.0-0), libldap-2.4-2 (= 2.4.11-0ubuntu6), libltdl7 (>= 2.2.4), libperl5.10 (>= 5.10.0), libsasl2-2, libslp1, libtasn1-3 (>= 0.3.4), libwrap0 (>= 7.6-4~), unixodbc (>= 2.2.11-1), zlib1g (>= 1:1.1.4), coreutils (>= 4.5.1-1), psmisc, perl (>> 5.8.0) | libmime-base64-perl, adduser
[snip]
Then install the appropriate version of dbX.Y-util:
apt-get install db4.2-util
The utilities like db_recover and db_verify are actually named db4.2_verify and db4.2_recover. You can see a list with:
dpkg -L db4.2-util

Serving gem’s locally isn’t too hard these days.

sudo apt-get install rubygems

Populate /etc/init.d/gem-server with:

#!/bin/sh

### BEGIN INIT INFO
# Provides:          gem-server
# Required-Start:    $network $local_fs $remote_fs
# Required-Stop:     $network $local_fs $remote_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: start local gem server
### END INIT INFO

PATH=/sbin:/bin:/usr/sbin:/usr/bin

DAEMON="/usr/bin/gem"
OPTIONS="server --daemon"

# clear conflicting settings from the environment
unset TMPDIR

# See if the daemon is there
test -x $DAEMON || exit 0

. /lib/lsb/init-functions

case "$1" in
	start)
    PID=$(ps ax -o pid,command | grep "gem server" | grep daemon | awk '{print $1}')
    if test -n "$PID" ; then
		  log_daemon_msg "Ruby Gem server already running : PID $PID" "gem-server"
    else
		  log_daemon_msg "Starting the Ruby Gem server" "gem-server"
		  $DAEMON $OPTIONS
    fi

		log_end_msg $?
		;;

	stop)
    PID=$(ps ax -o pid,command | grep "gem server" | grep daemon | awk '{print $1}')
    if test -n "$PID" ; then
	  	log_daemon_msg "Stopping the Ruby Gem server" "gem-server"
      kill $PID
    else
	  	log_daemon_msg "Ruby Gem server not running" "gem-server"
    fi

		log_end_msg $?
		;;

	restart|force-reload)
		$0 stop && sleep 2 && $0 start
		;;

	*)
		echo "Usage: /etc/init.d/gem-server {start|stop|restart|force-reload}"
		exit 1
		;;
esac

Then use the initscript to start it. If you want to serve gem’s out of a directory other than the default /var/lib/gems/1.8, then add “-d DIRECTORY” to the OPTIONS variable in the init script. Then install locally sourced gem’s with:

sudo gem install --source http://hostname:8808 gem_package

I’ve seen this perl error for a while and ignored it but it was stopping postgres from starting. This is on Ubuntu Intrepid 8.10, specifically a JeOS install made by vm-builder, which is the key.

$ sudo /etc/init.d/postgresql-8.3 start
 * Starting PostgreSQL 8.3 database server
 * perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
	LANGUAGE = (unset),
	LC_ALL = (unset),
	LANG = "en_US.UTF-8"
    are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
The PostgreSQL server failed to start. Please check the log output:
FATAL:  invalid value for parameter "lc_messages": "en_US.UTF-8"

The solution:

sudo apt-get install language-pack-en

Subject Alternative Names are a X509 Version 3 (RFC 2459) extension to allow an SSL certificate to specify multiple names that the certificate should match. SubjectAltName can contain email addresses, IP addresses, regular DNS host names, etc. There’s a clean enough list of browser compatibility here.

Changing /etc/ssl/openssl.cnf isn’t too hard. Although most the documentation is hard to grasp, especially if you’re only trying to make requests. From this, I developed these changes to a standard config provided by debian/ubuntu. Edit openssl.cnf and uncomment “x509_extensions = v3_ca” in the [ req ] section.

Annoyingly, nobody appears to have figured out how to get openssl to ask you for this value.

I thought I was clever putting ‘subjectAltName=email:move’ in the v3_req section, which would put the email address you type in the subjectAltName field. I’d put in “foo@example.org, DNS:www1.example.org, DNS:www2.example.org” in the email field when ‘openssl req’ asked for it. Visually it worked, but the browsers didn’t like it. This appears to be functionality to deal with part 4.1.2.6 of the RFC, moving email address into subjectAltName.

I thought about writing a script that would copy openssl.cnf, ask me for the value of SubjectAltName, run sed against it, then start openssl. It would appear seamless, but of course be a hack.

A better answer lies here, you can configure openssl to use environment variables. At the top of openssl.cnf under where it set’s HOME=”…” I added

SAN="email:noc@example.com"

And in [ v3_req ] I added:

subjectAltName=${ENV::SAN}

So if you run openssl like this:

SAN="DNS:www.1example.org, DNS:www2.example.org" \
  openssl req -new -key www.example.org.key -out www.example.org.csr

It will fill in subjectAltName with the contents of the SAN variable, otherwise will fill it with the contents specified at the top of the file. There’s no way to use conditionals (I assume).If you just leave it blank, or leave it out altogether, you get these errors:

Unable to load config info from /usr/lib/ssl/openssl.cnf

and respectively,

Error Loading request extension section v3_req
27687:error:2206D06C:X509 V3 routines:X509V3_PARSE_LIST:invalid null name:v3_utl.c:327:
27687:error:22097069:X509 V3 routines:DO_EXT_NCONF:invalid extension string:v3_conf.c:139:name=subjectAltName,section=
27687:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:93:name=subjectAltName, value=

I have a nice ssh-key system setup for connecting to KVM hosts, and through permission settings on:

/var/run/libvirt/libvirt-sock
/var/run/libvirt/libvirt-sock-ro

I managed access to the guests. Recently upgrading to intrepid brought along a new version of virt-manager, that whenever you add a QEMU+SSH libvirt instance in, it forcibly adds ‘root@’ to the URI where before the username was left out. If you add a URI like ‘bryanm@host’ it becomes ‘root@bryanm@host’.

Use gconf-editor, under apps -> virt-manager -> connections add new URI’s by hand rather than using the virt-manager interface as a workaround.

edit: launchpad bug #294965, Red Hat bug #470416.

A while back I moved my rt instance, mostly debianized it, and stabilized on RT 3.6.7 (decompressed on top of the 3.6.5 deb). I recently found that external emails were no longer creating new accounts.

It’s possible that I fixed the problem along the way and that my email account I was testing from was sending my ‘RealName’ and we were matching on that.

[Thu Nov  6 01:54:45 2008] [error]: RT could not load a valid user, and RT's configuration does not allow
for the creation of a new user for your email. (/usr/share/request-tracker3.6/lib/RT/Interface/Email.pm:243)
[Thu Nov  6 01:54:45 2008] [error]: Could not record email: Could not load a valid user (/usr/share/request-tracker3.6/html/REST/1.0/NoAuth/mail-gateway:75)
[Thu Nov  6 02:09:46 2008] [crit]: User creation failed in mailgateway: Name in use (/usr/share/request-tracker3.6/lib/RT/Interface/Email.pm:243)
[Thu Nov  6 02:09:46 2008] [crit]: User  'test@example.org' could not be loaded in the mail gateway (/usr/share/request-tracker3.6/lib/RT/Interface/Email.pm:243)
[Thu Nov  6 02:09:47 2008] [err]: Couldn't load  from the users database. (/usr/share/request-tracker3.6/lib/RT/CurrentUser.pm:147)
[Thu Nov  6 02:09:47 2008] [err]: Couldn't load  from the users database. (/usr/share/request-tracker3.6/lib/RT/CurrentUser.pm:147)
[Thu Nov  6 02:09:47 2008] [error]: Couldn't create ticket from message with commands, fallback to standard mailgate.

Error: No permission to create tickets in the queue 'lposupport' (/usr/share/perl5/RT/Interface/Email/Filter/TakeAction.pm:504)
[Thu Nov  6 02:09:47 2008] [crit]: Couldn't create ticket from message with commands, fallback to standard mailgate.

Error: No permission to create tickets in the queue 'lposupport' (/usr/share/request-tracker3.6/lib/RT/Interface/Email.pm:243)
[Thu Nov  6 02:09:47 2008] [error]: RT could not load a valid user, and RT's configuration does not allow
for the creation of a new user for this email (test@example.org).

You might need to grant 'Everyone' the right 'CreateTicket' for the
queue lposupport. (/usr/share/request-tracker3.6/lib/RT/Interface/Email.pm:243)

I had to reconfigure my configs during the move. Of course I checked the queue permissions, then expected that $AutoCreateNonExternalUsers was not set to 1. Neither was the solution. I installed the latest versions of RT and ExternalAuth from source. Still not working. The trick? I found a recommended change to the LDAP attr_match_list, reducing it to just Name and EmailAddress. This makes sense from the newer logs I saw in debugging.

Upgrading also led me to a new error about d_filter not being set. I used the following, taken from this thread:

'd_filter' => '(userAccountControl:1.2.840.113556.1.4.803:=2)',

And the logs:

[Thu Nov  6 05:02:00 2008] [debug]: Going to create user with address 'test@example.org' (/opt/rt3/bin/../lib/RT/Interface/Email/Auth/MailFrom.pm:94)
[Thu Nov  6 05:02:00 2008] [debug]: RT::User::CanonicalizeUserInfo called by RT::User /opt/rt3/bin/../lib/RT/User_Overlay.pm 128 with: Comments: Autocreated
on ticket submission, Disabled: 0, EmailAddress: test@example.org, Name: info@imob.org, Password: , Privileged: 0, RealName: Bryan McLellan (/usr/share/perl5/RT
/User_Vendor.pm:400)
[Thu Nov  6 05:02:00 2008] [debug]: Attempting to get user info using this external service: My_LDAP (/usr/share/perl5/RT/User_Vendor.pm:408)
[Thu Nov  6 05:02:00 2008] [debug]: Attempting to use this canonicalization key: Name (/usr/share/perl5/RT/User_Vendor.pm:417)
[Thu Nov  6 05:02:01 2008] [debug]: LDAP Search ===  Base: dc=corp,dc=example,dc=org == Filter: (&(objectclass=user)(sAMAccountName=test@example.org)) == Attrs
: l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName (/usr/share/perl5/RT/User_
Vendor.pm:538)
[Thu Nov  6 05:02:01 2008] [info]: RT::User::LookupExternalUserInfo : Returning:  EmailAddress: , Name: , RealName:  (/usr/share/perl5/RT/User_Vendor.pm:703)
[Thu Nov  6 05:02:01 2008] [debug]: RT::User::LookupExternalUserInfo No user was found this time (/usr/share/perl5/RT/User_Vendor.pm:706)
[Thu Nov  6 05:02:01 2008] [debug]: Attempting to use this canonicalization key: EmailAddress (/usr/share/perl5/RT/User_Vendor.pm:417)
[Thu Nov  6 05:02:02 2008] [debug]: LDAP Search ===  Base: dc=corp,dc=example,dc=org == Filter: (&(objectclass=user)(mail=test@example.org)) == Attrs: l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName (/usr/share/perl5/RT/User_Vendor.pm:538)
[Thu Nov  6 05:02:02 2008] [info]: RT::User::LookupExternalUserInfo : Returning:  EmailAddress: , Name: , RealName:  (/usr/share/perl5/RT/User_Vendor.pm:703)
[Thu Nov  6 05:02:02 2008] [debug]: RT::User::LookupExternalUserInfo No user was found this time (/usr/share/perl5/RT/User_Vendor.pm:706)
[Thu Nov  6 05:02:02 2008] [debug]: Attempting to use this canonicalization key: RealName (/usr/share/perl5/RT/User_Vendor.pm:417)
[Thu Nov  6 05:02:03 2008] [debug]: LDAP Search ===  Base: dc=corp,dc=example,dc=org == Filter: (&(objectclass=user)(cn=Bryan McLellan)) == Attrs: l,cn,st,mail,sAMAccountName,co,streetAddress,postalCode,telephoneNumber,sAMAccountName,physicalDeliveryOfficeName,sAMAccountName (/usr/share/perl5/RT/User_Vendor.pm:538)
[Thu Nov  6 05:02:03 2008] [info]: RT::User::LookupExternalUserInfo : Returning:  Address1: , City: , Country: , EmailAddress: bryanm@widemile.com, ExternalAuthId: bryanm, Gecos: bryanm, Name: bryanm, Organization: , RealName: Bryan Mclellan, State: , WorkPhone: 206-985-7171 x117, Zip:  (/usr/share/perl5/RT/User_Vendor.pm:703)
[Thu Nov  6 05:02:03 2008] [info]: RT::User::CanonicalizeUserInfo returning Address1: , City: , Comments: Autocreated on ticket submission, Country: , Disabled: 0, EmailAddress: bryanm@widemile.com, ExternalAuthId: bryanm, Gecos: bryanm, Name: bryanm, Organization: , Password: , Privileged: 0, RealName: Bryan Mclellan, State: , WorkPhone: 206-985-7171 x117, Zip:  (/usr/share/perl5/RT/User_Vendor.pm:444)
[Thu Nov  6 05:02:03 2008] [crit]: User creation failed in mailgateway: Name in use (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244)
[Thu Nov  6 05:02:04 2008] [warning]: Couldn't load user 'test@example.org'.giving up (/opt/rt3/bin/../lib/RT/Interface/Email.pm:806)
[Thu Nov  6 05:02:04 2008] [crit]: User  'info@imob.org' could not be loaded in the mail gateway (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244)
[Thu Nov  6 05:02:04 2008] [error]: RT could not load a valid user, and RT's configuration does not allow
for the creation of a new user for this email (test@example.org).

You might need to grant 'Everyone' the right 'CreateTicket' for the
queue lposupport. (/opt/rt3/bin/../lib/RT/Interface/Email.pm:244)