dockutil 1.1.2 released

No feature changes, just a few bug fixes:

  • fix issue with replacing a url dock item
  • add legacy support –hupdock option for backward compatibility
  • fix paths with spaces when passing full path to plist


Get and use secure supported LDAP SASL authentication mechanisms

You don’t have to use insecure clear text Simple BIND authentication for accessing your LDAP servers.

Get list of supported authentication mechanisms:

ldapsearch -h -x -b "" -s base -LLL supportedSASLMechanisms

Kerberos GSSAPI Example:

ldapsearch -v -Y GSSAPI -h -b "DC=example,DC=com" "(sAMAccountName=someusername)"

DIGEST-MD5 Example:

ldapsearch -v -Y DIGEST-MD5 -h -U someusername -R -b "DC=example,DC=com"\
Note: For Active Directory Digest Authentication to work, you may need to enable Reversible encryption on the account’s password and change the user’s password once.

Fix Apache mod_jk or mod_proxy serving stale content

If your web app starts serving stale cached content when run behind mod_jk or mod_proxy with apache, it may be due to apache inserting a default expiration header.

You can confirm this by comparing the headers returned from apache and directly from your web app.  curl -i will show response headers:

curl -i | head -20

To disable apache’s content expirations, add the following to your virtual host:

ExpiresActive Off

Here is the official Apache Documentation.

MIME type issue with Apache mod_jk and mod_proxy serving plain text

Some apps do not properly set mime types of content they serve, but still may work properly when served standalone because client applications like browsers are able to interpret the type of the content.  But when served behind Apache, these apps will not behave correctly because Apache will provide a default type of text/plain.

The solution is to add a DefaultType None line to your apache virtual host for these web apps:

DefaultType None

Here are the docs

Snow Leopard Apache Web Server SSL Pass phrase Error

If you are getting errors “Pass phrase incorrect” in your apache logs on Snow Leopard server, it is because the key is protected by a password.  I found the answer here.

The password for the key is stored in the System Keychain.  It is a password entry called “Mac OS X Server certificate management”.  You can open the entry and select “Show Password”.  You may also use the security command line tool to dump the password.

security find-generic-password -l "Mac OS X Server certificate management" -g


security dump-keychain -d # look in data for password which will look like a GUID

Once you have the password, you can create a copy of the key without the password using openssl:

openssl rsa -in /etc/certificates/ \
 -out /etc/certificates/

You can then replace the password protected key with the passwordless key or point apache to the passwordless key in your /etc/apache2/sites/sitename.conf file.

Tips for writing command line tools in ruby

  1. Option parsing: Read this article by Allen Wei on RubyLearning Blog for a great overview.  I recommend sticking with the built-in OptionParser if you want to reduce dependencies.
  2. If you want your code to be loadable so you can access functions and classes in the irb console for testing, use the following pattern:
    def main
     #option parsing and execution code here
    if __FILE__ == $0

    This way the main function will only be automatically called if the script is being executed on the command line.
    And in irb, you can call your functions and classes as you see fit for testing without triggering your whole script to run.

    Note that this is similar to the python __main__ test if you are coming from a python background.

  3. Naming without ruby’s.rb extension: You can name your executable without the rb extension if you wish, just be sure to include your shebang (#!)

    To use the user’s default ruby, use:
    #!/usr/bin/env ruby
    But in some cases you may want the specify the path to ruby so you can use macruby or rubycocoa if you are need those frameworks to be available

    When testing in irb,
    require 'script-name'
    won’t work without the rb extension, but
    load 'script-name'
    does work.
  4. Use exit codes. When your script fails or needs to communicate status at exit, use standard exit status codes.
    Exit zero for default success status
    exit 0
    Exit any other number for a failure or warning status. You choose the exit codes for your tool, but be sure to document them if they require more explanation than simple success or failure.
    exit 27
  5. Output to stderr using:
    $stderr.puts "error: problem ...."