ldap password never expires – objectClass organizationalPerson and inetOrgPerson

July 4th, 2012

Let's assume that your application software like IBM websphere was using ldap for authentication, and you don't want the user "wasadm" in a position that it's password expires someday as a result of conforming to PAM policy. To do this, you should consider using ldap objectClass organizationalPerson and inetOrgPerson(this is sub of organizationalPerson) instead of posixAccount and shadowAccount.

If you're using ldap tool JXplorer to communicate with ldap server, you'll find there're ldap Attributes such as userPassword, shadowLastChange etc when you are using objectClass posixAccount and shadowAccount for the entry. But after you removed objectClass posixAccount and shadowAccount, and add organizationalPerson and inetOrgPerson for the entry, you'll find these Attributes evaporate which implicate the password will no longer needed for this entry. After this, our goal of setting account never expire has been achived.

Here's two snapshots:


using objectClass posixAccount shadowAccount


using objectClass organizationalPerson and inetOrgPerson


  1.  Here's a resource where you can check hierarchy of ldap Attributes, objectClass and their description. http://www.zytrax.com/books/ldap/ape/
  2. For full LDAP info, I would recommend you read the following online book: http://www.zytrax.com/books/ldap/
  3. Here's a good document about ldap with details on integration ldap with sendmail/squid etc. download ldap integration.zip
Categories: IT Architecture Tags:

Resolved – bash /usr/bin/find Arg list too long

July 3rd, 2012

Have you ever met error like the following?

root@doxer# find /PRD/*/connectors/A01/QP*/*/logFiles/* -prune -name "*.log" -mtime +7 -type f |wc -l

bash: /usr/bin/find: Arg list too long


The cause of issue is kernel limitation for argument count which can be passed to find (as well as ls, and other utils). ARG_MAX defines

the maximum length of arguments for a new process. You can get the number of it using command:

root@doxer# getconf ARG_MAX

To quickly fix this, you can move your actions into the directory(replace * with subdir_NAME):

cd /PRD/subdir_NAME/connectors/A01/QP*/*/logFiles/;find . -prune -name "*.log" -mtime +7 -type f |wc -l



  1. you can get all configuration values with getconf -a.
  2. For more solutions about the error "bash: /usr/bin/find: Arg list too long", you can refer to http://www.in-ulm.de/~mascheck/various/argmax/
Categories: IT Architecture, Kernel, Linux, Systems Tags:

trap bash shell script explanation and example

July 2nd, 2012

If you want to give some information on standard output when the user press ctrl+c on the bash script, or you want to print something when the script completes, then you should consider using trap to implement this.

Here's an example which will print something to end user when the user print ctrl+c(SIGINT is equal to number 2):

trap "echo 'you typed ctrl+c'" 2
sleep 5
And if you want print something when the script ends, you can use the following as an example:

trap "echo 'script ends'" 0
sleep 5


apache rewrite with and without ending slash

July 1st, 2012

Due to implementing one of redirects noticed about existing a lot of duplication entries on redirect config files, only different on which is one of them is followed by ‘/’ and other not.
Apache mod_rewrite use the regular expressions, and it can be filled more accurately.

To prevent duplication entries if you asked redirect with ‘/’ and without it may be used quantifier ‘?’ which mean existing 0 or 1 character after which it followed.

You can find a bit more information about mod_rewrite and regular expressions following to link:


For example, to rewrite http://www.doxer.org/test and http://www.doxer.org/test/ to http://test.doxer.org, you can just do the following:

RewriteRule ^/test/?$ http://test.doxer.org [L,R=301,NC]

instead of the following:

RewriteRule ^/test$ http://test.doxer.org [L,R=301,NC]
RewriteRule ^/test/$ http://test.doxer.org [L,R=301,NC]

Categories: IT Architecture Tags:

vmware vsphere esx cloud computing terminology

June 25th, 2012

Here's some terminologies related to vmware vsphere/esx:

Relationships Between the Component Layers of VMware vSphere

What is a datastore?

A datastore is a logical container that holds virtual machine files and other files necessary for virtual machine operations. Datastores can exist on different types of physical storage, including local storage, iSCSI, Fibre Channel SAN, or NFS. A datastore can be VMFS-based or NFS-based.

You can create a new datastore by formatting LUNs or by mounting NFS volumes to an existing host. In addition, you can add a host with existing datastores to the inventory.

What is a datacenter?

A datacenter is the primary container of inventory objects such as hosts and virtual machines. From the datacenter, you can add and organize inventory objects. Typically, you add hosts, folders, and clusters to a datacenter.

vCenter Server can contain multiple datacenters. Large companies might use multiple datacenters to represent organizational units in their enterprise.

Inventory objects can interact within datacenters, but interaction across datacenters is limited. For example, you can move a virtual machine with vMotion technology across hosts within a datacenter but not to a host in another datacenter.

 What is a Folder?

A folder is a container used to group objects and organize them into hierarchies. Folders provide a natural structure upon which to apply permissions.

The folder structure you see in the inventory varies depending on the inventory view.

 What is a host?

A host is a computer that uses virtualization software, such as ESX or ESXi, to run virtual machines. Hosts provide the CPU and memory resources that virtual machines use and give virtual machines access to storage and network connectivity.

What is a host profile?

A host profile captures the configuration of a specific host and allows you to duplicate the configuration to other hosts or clusters or to validate that a host's configuration meets datacenter needs. Host profilers help reduce manual steps in cluster host configuration.

You can attach and apply host profiles to hosts or clusters in this view or in the Hosts and Clusters view. When you perform host profile operations in the Hosts and Clusters view, you can right-click individual hosts or clusters in the inventory for some operations or use the Profile Compliance tab for cluster-level host profile operations when a cluster is selected.

What is a Template?

A template is a master image of a virtual machine that can be used to create new virtual machines. This image typically includes an operating system, applications, and configuration settings for the virtual machine.

Use templates to create virtual machines by deploying the template as a virtual machine. When complete, the new virtual machine is added to the folder that was selected when the template was deployed. You can use a template to create identical new virtual machines.

What is a Virtual Machine?

A virtual machine is a software computer that, like a physical computer, runs an operating system and applications. An operating system installed on a virtual machine is called a guest operating system.

Because every virtual machine is an isolated computing environment, you can use virtual machines as desktop or workstation environments, as testing environments, or to consolidate server applications.

In vCenter Server, virtual machines run on hosts or clusters. The same host can run many virtual machines.

What is a Resource Pool?

Resource pools can be used to hierarchically partition available CPU and memory resources of a standalone host or a cluster.

Creating multiple resource pools allows you to think more about aggregate computing capacity and less about individual hosts. In addition, you do not need to set resources on each virtual machine. Instead, you can control the aggregate allocation of resources to the set of virtual machines by changing settings on their enclosing resource pool.

What is a Cluster?

A cluster is a group of hosts. When you add a host to a cluster, the host's resources become part of the cluster's resources. The cluster manages the resources of all hosts within it.

Clusters enable the VMware High Availability(HA) and VMware Distributed Resource Scheduler(DRS) solutions.

What is the Hosts & Clusters view?

This view displays the set of computing resources that run on a particular host, cluster, or resource pool. Using the Hosts & Clusters view, you can manage and organize your inventory of computing resources.

What is the Virtual Machines & Templates View?

This view displays all virtual machines and templates in the inventory, arranged by datacenter. Through this view you can organize virtual machines into folder hierarchies.

What is the Datastores view?

This view displays all datastores in the inventory, arranged by datacenter. Through this view, you can organize datastores into folder hierarchies, manage existing datastores, and add and remove datastores to your inventory.

What is the Networks view?

This view displays the set of networking objects available on vCenter. Using the Networking view, you can create and manage networking with vNetwork Distributed Switches and view networking with Standard Switches configuration.

vSphere provides two types of network architecture. Networking with vNetwork Distributed Switches manages virtual machine and host networking at the datacenter level, while networking with Standard Switches manages virtual machine and host networking at the host level.

What is a Standard Switch network?

A network with Standard Switches is a network of virtual machines running on a single physical machine that are connected logically to each other so that they can send data to and receive data from each other. A network and its associated vSwitches provide the interface between virtual machine NICs and physical network adapters.

What is the Virtual Machine Port Group/VMkernel Port/Service Console port?

There are three types of network connections:

  1. Service console port – access to ESX Server management network
  2. VMkernel port – access to VMotion, iSCSI and/or NFS/NAS networks
  3. Virtual machine port group – access to VM networks

More than one connection type can exist on a single virtual switch, or each connection type can exist on its own virtual switch. For more information, you can refer to the following pdf file:


 What is the Host Profiles view?

The Host Profiles view is the management area of the vSphere Client for host profiles. This view allows administrators to create, edit, or delete host profiles.

You can attach and apply host profiles to hosts or clusters in this view or in the Hosts and Clusters view. When you perform host profile operations in the Hosts and Clusters view, you can right-click individual hosts or clusters in the inventory for some operations or use the Profile Compliance tab for cluster-level host profile operations when a cluster is selected.


More info here http://pubs.vmware.com/vsphere-50/index.jsp?topic=%2Fcom.vmware.vsphere.doc_50%2FGUID-553E2EBD-6D19-4873-98FD-265B3A92F1F0.html

ORA-00600 internal error caused by /tmp swap full

June 22nd, 2012

Today we encountered a problem when oracle failed to functioning. After some checking, this error was caused by /tmp running out of space. This also confirmed by OS logs:

Jun 20 17:43:59 tmpfs: [ID 518458 kern.warning] WARNING: /tmp: File system full, swap space limit exceeded

Oracle uses /tmp to compile PL/SQL code, so if there no space it unable to compile/execute. Which causing functions/procedures/packeges and trigers to timeout. The same also described in oracle note: ID 1389623.1

So in order to prevent further occurrences of this error, we should increase /tmp on the system to at least 4Gb.

There is an Oracle parameter to change the default location of these temporary files(_ncomp_shared_objects_dir), but it's not a dynamic parameter. And also, while there is a way to resize a tmpfs filesystem online but it's somehow risky. So the best idea is that, we firstly bring down Oracle DB on this host, then modify /etc/vfstab, and then reboot the whole system. This way will protect our data against the risk of corruption or lost etc, also it'll have some outage time.
So finally, here's the steps:
Amend the line in /etc/vfstab from:

swap - /tmp tmpfs - yes size=512m


swap - /tmp tmpfs - yes size=4096m

Reboot machine and bring up oracle DB