Archive for August, 2006

When configuring the ic5141 package from Cadence, it asks if you would like to enter an LDV installation directory. We did not get an LDV package to install from Cadence. I’m guessing that this is because they changed the name of the package or incorporated it into another package. When I selected to add another package, it asked for the path as provided by the ncroot command. So I searched the entire cad.rh directory for ncroot and found it in the IUS package. I tried to use the ius directory, but it failed. I think this is because I hadn’t yet configured the ius package.

After configuring the ius package, I could go back and configure again the ic package. Now, when it asks for and LDV path, I added /net/sw/cad.rh/ius/ius55 and it accepted it. I could then also compile all the libraries included in the ic package.

Posted by maryh on August 11, 2006 at 10:35 am under Cadence.
1 Comment.

On the HP, here are the environment variables that are currently set:


# Cadence
export CDS_INST_DIR=/net/sw/cad/ic/ic5141
export CDS_LIC_FILE=5280@mentor
export CDSDOC_PROJECT=/net/sw/cad
export LD_LIBRARY_PATH=/net/sw/cad/ic/ic5141:/net/sw/cad/ic/ic5141/tools/lib:$LD_LIBRARY_PATH
export SHLIB_PATH=$LD_LIBRARY_PATH
export CDSHOME=/net/sw/cad/ic/ic5141
#export LDVHOME=/net/sw/cad/ldv51
export ICCHOME=/net/sw/cad/icc/icc11241
export ICHOME=/net/sw/cad/ic/ic5141
export SOCHOME=/net/sw/cad/soc/soc42
export SPRHOME=/net/sw/cad/spr/spr50
export ASSURAHOME=/net/sw/cad/assura/assura314

In the user’s .tcshrc file, the following are set:

# For Cadence
setenv AMSHOME /net/sw/cad/ldv51
setenv CDSHOME /net/sw/cad/ic5141
setenv LD_LIBRARY_PATH ${AMSHOME}/tools/lib:${CDSHOME}/tools/lib
#setenv MANPATH ${MANPATH}:${CDSHOME}/tools/dfII/man

setenv CDS_TEXT_EDITOR dtpad
setenv CDS_Netlisting_Mode “Analog”

Some of these settings need to change for linux, like the text editor and directory locations. I need to come up with a way to generate files that can be sourced which setup these variables for each Cadence package.

Posted by maryh on August 11, 2006 at 10:03 am under Cadence.
Comments Off on Current Cadence Settings.

Now installing all the Cadence software on our sw disk partition. Since I’m not sure exactly which programs Tang is using right now, I’m installing everything. Hopefully, I’ll be able to set everything up so that it works as it does on the HPs. I have changed all users shells to tcsh because that works better with Cadence than bash.

Software is located in: /net/sw/cad.rh According to the Cadence website, I should have been able to install packages with the same name in the same directories. But, I seem to recall trying that a while back and it didn’t work properly. I decided that I’d just make a new directory for the RedHat files. Then, when we finish with the HPs, I can just delete the old /net/sw/cad directory and not affect the RedHat stuff at all.

Posted by maryh on August 10, 2006 at 4:25 pm under Cadence.
Comments Off on Cadence on RedHat.

Now, I need to get SASL working with ldap. Added the following to /etc/openldap/slapd.conf

TLSCertificateFile /etc/pki/tls/certs/slapd.pem
TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
TLSCipherSuite HIGH:MEDIUM:+SSLv2

Restarted ldap and ran the following:

ldapsearch -H ldaps://ibmprint.uchicago.edu:636 -x -b ‘dc=ibmprint,dc=uchicago,dc=edu’

Get the error:

ldap_bind: Can’t contact LDAP server (-1)
additional info: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Questions:
1. I’m not getting any logging info in /var/log/messages. Where can I specify a separate log file?
2. I had tcpdump open on the ports I was trying to connect to. How come I saw absolutely no packets on that port?

Posted by maryh on August 3, 2006 at 3:59 pm under Ldap.
Comments Off on Ldap and SASL.

In order to use ldap for user authentication, need to add some lines to /etc/openldap/slapd.conf.


include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/nis.schema
index cn,uid eq
index uidNumber eq
index gidNumber eq
loglevel 296

Now, convert existing user account data to ldif format. I created a test user, called user1. I’ll use the script migrate_passwd.pl to convert /etc/passwd to passwd.ldif. All the migration scripts are in /usr/share/openldap/migration. In this directory, edit migrate_common.ph and change the following:
$DEFAULT_BASE =”ibmprint.uchicago.edu”
$DEFAULT_MAIL_DOMAIN=”dc=ibmprint,dc=uchicago,dc=edu”
$DEFAULT_MAIL_HOST=”ibmprint.uchicago.edu”

Now in /usr/share/openldap/migration, run:

./migrate_passwd.pl /etc/passwd /tmp/passwd.ldif

Now that I have these new ldif files, I need to add them to the database.

I edited /tmp/base.ldif so that it looks like this:

dn: ou=People,dc=ibmprint,dc=uchicago,dc=edu
ou: People
objectClass: top
objectClass: organizationalUnit

Then added it with:

ldapmodify -D “cn=Manager,dc=ibmprint,dc=uchicago,dc=edu” -W -x -a -f /tmp/base.ldif

Now do the same with the passwd.ldif file

ldapmodify -D “cn=Manager,dc=ibmprint,dc=uchicago,dc=edu” -W -x -a -f /tmp/passwd.ldif

Stupidly, I forgot to delete all the other accounts from passwd.ldif before importing. So now I need to figure out how to delete accounts.

To delete, create a file (/tmp/delmods) with the following:

dn: uid=sshd,dc=ibmprint,dc=uchicago,dc=edu
changetype: delete

Then, to actually delete, use:

ldapmodify -f /tmp/delmods

Here’s how I deleted a bunch of files:

ldapsearch -x -b “dc=ibmprint,dc=uchicago,dc=edu” > /tmp/x
grep dn: /tmp/x > /tmp/y
awk ‘{ print $0 “\nchangetype:delete\n” }’ /tmp/y > /tmp/x

Edit /tmp/x and take out the stuff that you don’t want to delete.

ldapmodify -D “cn=Manager,dc=ibmprint,dc=uchicago,dc=edu” -W -x -a -f /tmp/x

Now I have just a single user, user1 in the database.

Posted by maryh on August 3, 2006 at 1:55 pm under Ldap.
Comments Off on Ldap for User Authentication.

I need to restart my ldap setup and check that ldap itself is working. So, basically, I’m starting over. The directory with my ldap database is /var/lib/ldap. I’m going to delete everything there.

1. In /etc/openldap, there is a file called DB_CONFIG.example. Copy this file to /var/lib/ldap/DB_CONFIG.

2. Edit the file /etc/openldap/slapd.conf

include /etc/openldap/schema/core.schema

database bdb
suffix “dc=ibmprint,dc=uchicago,dc=edu”
rootdn “cn=Manager,dc=ibmprint,dc=uchicago,dc=edu”
rootpw password
directory /var/lib/ldap

3. Start ldap /etc/rc.d/init.d/ldap

4. Create a file (/tmp/entry0) with the following:

dn: dc=ibmprint,dc=uchicago,dc=edu
objectclass: dcObject
objectclass: organization
o: eshop
dc: ibmprint.uchicago.edu

dn: cn=Manager,dc=ibmprint,dc=uchicago,dc=edu
objectclass: organizationalRole
cn: Manager

5. Add these entries:

ldapadd -x -D “cn=Manager,dc=ibmprint,dc=uchicago,dc=edu” -W -f /tmp/entry0

Here, I got an error:

adding new entry “dc=ibmprint,dc=uchicago,dc=edu”
ldap_add: Naming violation (64)
additional info: naming attribute ‘dc’ is not present in entry

SOLUTION: It didn’t like the dc: ibmprint.uchicago.edu line. If I changed it to ibmprint, it worked fine.

6. Now search and see if the entries I just made are really there.

ldapsearch -x -b ‘dc=ibmprint,dc=uchicago,dc=edu’ ‘(objectclass=*)’

In my result, I see both the ibmprint entry and the Manager entry. So, basic ldap is working. Now, let’s see if I can add another user, while ldap is running.

7. Use ldapmodify to add another file (/tmp/entry1) of user data to the database.

ldapmodify -D “cn=Manager,dc=ibmprint,dc=uchicago,dc=edu” -W -x -a -f /tmp/entry1

Returned that it added new entry test1 and test2. If I do the ldapsearch command again, I do get the new users. So, it all appears to be working.

Posted by maryh on August 3, 2006 at 1:12 pm under Ldap.
Comments Off on Ldap, Going Back to Basics.

I created a dummy user, test1, on the ldap server. I then exported the /etc/passwd file to an ldif file. I can’t find my old notes showing the command I used, but here is what the ldif file looked like (after I deleted all the other accounts):

dn: uid=test1,ou=edg,dc=ibmprint,dc=uchicago,dc=edu
uid: test1
cn: test1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}bunch of characters
shadowLastChange: 13350
loginShell: /bin/bash
uidNumber: 100
gidNumber: 100
homeDirectory: /home/test1

I now want to add this account to my currently running ldap server. From the book, here’s the command I should use:

ldapmodify -D “cn=test1,dc=ibmprint,dc=uchicago,dc=edu” -w secret > -x -a -f /tmp/passwd.ldif

I get this error: ldap_sasl_interactive_bind_s: Confidentiality required (13)
additional info: confidentiality required

I think this has to do with the pam stuff that is supposed to keep everything encrypted. So, now I’ll look into that.

I have the package nss_ldap installed. This package contains nss_ldap and pam_ldap, so I think I have everything that I need installed.

Posted by maryh on August 3, 2006 at 10:48 am under Ldap.
Comments Off on Ldap, Setting up the Database.

Our hp 5200dtn printer works with RHEL3, provided that the generic postscript driverHP 5100 driver is used. Also, it needs to be configured to do duplexing. That’s it.

Posted by maryh on August 2, 2006 at 3:12 pm under Printing.
Comments Off on RHEL & HP5200DTN.

We currently use the bash shell for just about everyone. But when calling Cadence for help, they are only able to give help with tcsh. So, find tcsh for HP-UX and install it to the hps. Also make sure that the new linux machines have tcsh installed.

Tcshrc also required libiconv, which I also downloaded from the HPUX Porting Centre.

Posted by maryh on August 1, 2006 at 1:59 pm under Cadence, Software.
Comments Off on Cadence Wants Tcsh.