Sunday, May 24, 2009

Framework and Data Services for Sun Cluster 3.2

As you know by now, the company (Azimuth Labs) I work for is a partner of Sun Microsystems. We carried out Professional Services on behalf of Sun.

Yesterday, I went to perform a Sun Cluster 3.2 Data Service for SAP on Solaris 10 for one of the national healthcare group in Singapore.

It was supposed to be a breeze job for me. However, when I arrived, I realized the EIS was not performed. I spent a couple of minutes to explain to the anxious customer who insisted that the SAP had to be clustered by end of the day.


To get Sun Cluster to be fully functional, 2 tasks are involved:
  • Installation of Sun Cluster Framework (Cluster binary install; Volume Manager install & configuration)
  • Configuration of Sun Cluster Data Service

Here's the difference between Framework and Data Services for any Sun Cluster implementation:
  • EIS ("Enterprise Installation Service") is a comprehensive installation service that comes packaged with your Solaris OS, Sun Cluster and Volume Manager (Solaris or Veritas) purchase.
  • Data Service is a configuration service that comes packaged with your specific Cluster Agent purchase. (in this case, customer bought Oracle HA agent, SAP agent, NFS agent, and Generic Data Service agent for her SAP systems)

Now, the next thing to understand is:

  • EIS is carried out by the SS (System Service) team from Sun and is time-consuming
  • Data Service is carried out by the PS (Professional Service) team from Sun - this is where I play my part

As such, we went to the extend to activate the SS team from Sun to perform the EIS for Sun Cluster framework installation. It took many hours before I could continue with my Data Service implementation.

Wednesday, May 20, 2009

ldap_modify: Operation not allowed on RDN

I was trying to change the value for an attribute "cn" and I encountered the error:

    ldap_modify: Operation not allowed on RDN

A Google search on RDN returns the following:

The relative distinguished name (RDN) is the leftmost element in an entry distinguished name (DN). For example, the RDN for uid=Marcia Garza,ou=People,dc=example,dc=com is uid=Marcia Garza. To change an RDN, use the changetype:moddn LDIF update statement.

So, here we go if we need to change a RDN value:

bash-3.00# ldapmodify -D "cn=Directory Manager" -w 1234
dn: cn=Bronze(50MB/No IMAP),o=mailuser,o=cosTemplates,o=isp
changetype: moddn
newrdn: cn=Bronze[50MB/No IMAP]
deleteoldrdn: 1

modifying RDN of entry cn=Bronze(50MB/No IMAP),o=mailuser,o=cosTemplates,o=isp


The modification takes into effect:

bash-3.00# ldapsearch -D "cn=Directory Manager" -w 1234 -b o=isp "(&(objectclass=ldapsubentry)(cn=Bronze[*))"
version: 1

dn: cn=Bronze[50MB/No IMAP],o=mailuser,o=cosTemplates,o=isp
objectClass: top
objectClass: LDAPsubentry
objectClass: extensibleobject
objectClass: cosTemplate
mailMsgMaxBlocks: 5000
mailQuota: 50M
mailMsgQuota: 10000
mailAllowedServiceAccess: +pop:ALL$+smtp:ALL$+http:ALL
daservicetype: mail user
cn: Bronze[50MB/No IMAP]


Status: 5.2.3 (user limit of 1000 kilobytes on message size exceeded)

As you know by now, our company provides Corporate Email Hosting (OpenMail.SG) running on Sun Java System Messaging Server.

Today, one of our clients received this error:

   Status: 5.2.3 (user limit of 1000 kilobytes on message size exceeded)


This is actually one of the feature we set on the MTAs to restrict emails with huge attachments from reaching our clients' mailboxes, thus preventing their email accounts from hitting over-quota limit easily.

It's fairly easy for us to change this limit per system-wide, per domain or even per user level. For this particular client, his company's policy was to restrict emails larger than 1 MB.

To resolve this issue on Sun Java System Messaging Server, we can modify the attribute MsgMaxBlocks in his LDAP profile.

bash-3.00# ldapsearch -D "cn=Directory Manager" -w 12345 -b o=hisdomain.sg,o=isp uid=his.uid mailMsgMaxBlocks
version: 1
dn: uid=his.uid,ou=People,o=hisdomain.sg,o=isp
mailMsgMaxBlocks: 1000

bash-3.00# ldapmodify -D "cn=Directory Manager" -w 12345 
dn: uid=his.uid,ou=People,o=hisdomain.sg,o=isp
changetype: modify
replace: mailMsgMaxBlocks 
mailMsgMaxBlocks: 5000


Note: Messaging Server has a LDAP cache, so any user LDAP modifications may take up to 15 minutes (by default) to take effect. Restart the MTA to flush the cache (./imsimta restart) if you want immediate effect, which I do not recommend.


Monday, May 18, 2009

Domain of sender address test@example.sg does not resolve

Recently, we decided to move our servers to a new data-center to meet our expansion needs. With the move, our assigned IP addresses changed.

A few days after the move, one of our customers called to highlight that her emails could not be sent to some banks in Singapore. From the logs generated by Sun Java System Messaging Server, we saw the following error:

smtp;451 4.1.8 Domain of sender address test@example.sg does not resolve

We then realized that the PTR record for this customer's domain has not been updated. The problem is fixed once we updated the PTR record to point to our new IP addresses.


How does PTR (aka Reverse DNS Lookup) works in simple terms?

If you configure your email client to send emails via SingNet's MTA, then the IP address of SingNet's MTA(s) must resolve on the receiving party's MTA.

c:\ nslookup
> set type=mx
> singnet.com

Non-authoritative answer:
singnet.com MX preference = 10, mail exchanger = mx16.singnet.com.sg
singnet.com MX preference = 10, mail exchanger = mx17.singnet.com.sg
singnet.com MX preference = 10, mail exchanger = mx18.singnet.com.sg
singnet.com MX preference = 10, mail exchanger = mx11.singnet.com.sg
singnet.com MX preference = 10, mail exchanger = mx12.singnet.com.sg
singnet.com MX preference = 10, mail exchanger = mx13.singnet.com.sg
singnet.com MX preference = 10, mail exchanger = mx14.singnet.com.sg
singnet.com MX preference = 10, mail exchanger = mx15.singnet.com.sg

mx17.singnet.com.sg internet address = 165.21.74.117
mx18.singnet.com.sg internet address = 165.21.74.118
mx11.singnet.com.sg internet address = 165.21.74.121
mx12.singnet.com.sg internet address = 165.21.74.122
mx13.singnet.com.sg internet address = 165.21.74.113
mx14.singnet.com.sg internet address = 165.21.74.114
mx15.singnet.com.sg internet address = 165.21.74.115
mx16.singnet.com.sg internet address = 165.21.74.116

Let's do a reverse DNS lookup on mx17.singnet.com.sg's IP address (165.21.74.117):

c:\ nslookup
> set type=ptr
> 165.21.74.117

Non-authoritative answer:
117.74.21.165.in-addr.arpa name = mx17.singnet.com.sg

It should resolve, otherwise the above error will be encountered.

.

Sunday, May 17, 2009

Corporate Email Hosting on Sun Java System Messaging Server

Our company provides Corporate Email Hosting (OpenMail.SG - Enterprise Messaging Server). It is a hosted environment with backend being Sun Java System Messaging Server.

We used to be running Postfix and Squirrelmail as the web interface. A decision was made a year ago to make the switch considering the fact that:
  • Our company (Azimuth Labs) has been Sun's Partner for the past 5 years focusing on Portal, Messaging, and Identity
  • We have architect and deployed numerous Messaging systems in the Asia-South region
  • We are already the domain expert - so why not?

Besides, we already have a team of support engineers providing Sun Java System Messaging support to one of the government-link company ("GLC") in Singapore.

  • So, why do we need the same team to support 2 different platforms? It does not support economy of scales.


After the switch, we are getting positive feedbacks from customers, as well as, our own support engineers.

Customers' feedback

  • The web interfaces have improved by a lot (There are 2 interfaces to choose from - Convergence or Communications Express)
  • Finding co-workers via Corporate Address Book is easier
  • Premium customers have integrated Calendar support (based on again Sun Java System Calendar Server). They can set events and email notifications.

Support Enginners' feedback

  • Configuring vacation message autoresponder in Squirrelmail was a pain. This feature is available out-of-the-box in Sun Java System Messaging Server.
  • Managing domains and users is easier now with Sun Java System Delegated Administrator - a convenient web interface for our backend engineers
  • The team is now more focus since they no longer need to support Postifx/SqurrielMail

SideTrack: I'm keeping my fingers crossed that Oracle will not throw away Sun Convergence. Convergence, by far, is one of the better web interfaces I have come across from Sun. On the ground, it does create a "WOW" impression when we present Convergence to customers.


Saturday, May 16, 2009

. MacBook, E71, Sun Java System Calendar . Sync Issue

In my work, I am always on the move. I recently get myself a Nokia E71 and subscribed to M1 SunSurf 22 data plan. This allows me to read/send emails with ease whenever I am.

Now, that solves the emailing problem. How about calendaring? This is not so simple given the fact that I am using:

  • MacBook
  • Nokia E71
  • Sun Java System Calendar Server

To sync E71 with MacBook, Nokia provides a nice little plug-in to iSync. But, iSync only extracts data from iCal.

I am a long-time Thundbird fan and I use Lightning. Both have been working perfectly on my MacBook until I bought my E71.

There are 2 things I can do:

  1. find a way to sync Lightning with E71;
  2. find a way to sync iCal with E71