January 26, 2007
General update
I've been busy again (who isn't, these days?) And likely to be more so until we can hire someone to replace Shaun Gatherum, who will be missed around here.
The web conversion is moving along, mostly in the hands of individual people in various departments. I'm working on a way to make the new template function on our database server; right now, a lot of our database applications like the faculty/staff directory and the account lookup system still use the old template. I can make the new template work for non-secure connections to the database, but not secure ones as yet. This may not be fixable until the database server upgrade, but we'll see.
My other big project at the moment is trying to automate Windows domain user creation. You may or may not know that your WOU network usernamer and password actually apply to two different accounts; there's the Windows Domain account, which you use to log into your computer and access network drives, and there's also your LDAP account, which provides access to your email, and your blog, and secure folders on the website, and the forums, and most anything else on any of our servers.
The LDAP account is created automatically, but until recently we have had to create the matching domain account by hand, which is a pain. However, I recently found a way to automate at least part of the process, and am looking to automate the whole thing soon. This probably won't make much difference to anyone outside UCS, except that it might free up more of our time to help you.
Posted by swartzer at 12:07 AM | Comments (0)
January 11, 2007
Site security
We're changing some of our web shortcuts (such as http://www.wou.edu/blogadmin and http://www.wou.edu/newmail) to use the https protocol.
This is the same protocol that is used for financial transactions on websites such as PayPal and Amazon; it means that all information you send is encrypted so that it cannot be intercepted en route.
However, this seems to have exposed a bug in our blog server; when you go to post an entry, the system returns you to the login page. If this happens, you can change the "http:" in the page address to "https:" and you should be good to go. (You may have to do this twice when posting a blog entry.)
I'm working on a fix for this, though it might wait until I get the blog server software updated.
Posted by swartzer at 2:09 PM | Comments (0)
May 8, 2006
Another vacation?!?!
Well, this is extremely short notice, but I'm off to Crater Lake for the rest of the week. There's a place down there that we thought was going to come available next month, but it turns out the only time we can get is... this week!
So I'm working frantically to try to get stuff done that I'd promised would be "this week". We'll see how it goes.
Posted by swartzer at 3:59 PM | Comments (0)
January 11, 2006
Busy again
I got back from my vacation in the middle of last week and found myself busy again, needless to say.
Current projects, in no particular order:
- Finalizing daily automatic user creation: This is really close to done. The user creation script itself works just fine; all I need to do is go through the code and make sure I can turn off all output to the screen, because when you run something as a scheduled task (AKA crontab or "cron" job in the unix world) any output that would normally go to the screen instead gets emailed to the user under whose security privileges the job runs as. I can't just redirect all output to null, because if there's ever an error message, we need that email to notify us, so instead I need to make sure that all non-critical output is suppressed inside the script.
- Website master database: This is a big one, and I'll be talking about it more in the next weeks. We've been planning for almost a year to redo our entire website, primarily to make it easier to maintain. It will be written in PHP and we'll hide a lot of the common template features in external files. Anyone who views the source code of a WOU web page can see how complex our current template source is; this will be replaced by a few lines at the top and bottom of the file, with only the actual page content in between (still written in HTML so people don't have to learn a whole new language.) These external files will query our Oracle database for some page-specific information, and right now I'm working on the administration utilities for that information.
- Detail work on the Calendar of Events: There are still a few things that need to be cleaned up; the event display needs a few tweaks, and I need to make the error messages friendlier.
Posted by swartzer at 3:40 PM | Comments (0)
December 8, 2005
New users
What a week. I've been fighting a cold at the same time as I've been fighting a deadline to get accounts created for next term's students. That's finally done (with lots of help from Troy), and in the process I've gotten a lot closer to automating the process. Hopefully by January, as soon as a student shows up as admitted, an account (complete with email and blog) will automatically be created for them the next night.
No FAQ again; things have been just too busy around here.
Have a good weekend, everybody!
Posted by swartzer at 6:58 PM | Comments (0)
December 1, 2005
Busy
Projects I've been working on lately:
Further refinements to the Calendar of Events. The new dynamic version just went up today, and we put a better date entry method in the submission form.
Automatic user creation. Hopefully soon we'll be able to automatically detect when new students have enrolled and creat their user accounts immediately. This still needs some work, but is getting closer. This is the main project I've been putting time into, lately.
Web maintenance. I'm finally caught up again with user requests, except for one that I'm still waiting for information on. If anyone is waiting on me for web alias creation or editing rights, please remind me again.
Posted by swartzer at 6:53 PM | Comments (0)
November 15, 2005
Oops
Looks like I've been getting a bit lazy with the blogging, here. Part of that was vacation, but I've been back over a week now and still no entries! What gives, you may ask?
Mostly it's because I've been busy with other things. The events calendar has been one; I had a nasty bug last week that I was beating my head on the wall about for several days, but finally solved thanks to a hint from Michael Ellis.
I've also been working on granting everyone access to the new web portal system; that's pretty much ready for prime time now. You can get to it at http://www.wou.edu/portal. Just log in with your WOU username and password. The next FAQ will be about the portal system, which has some cool and useful features.
Aside from that, there's been the usual large amount of time spent on migration cleanup and adding features to the user creation system. That program is now over 2100 lines long, not counting a bunch of code that's been stored in separate modules; this may seem like a lot, but it does the work of three separate programs we used to use in the old system. Plus I've been working on user requests for web permissions and so forth.
All this is making me wish for another vacation! Luckily Thanksgiving is coming up soon.
Posted by swartzer at 3:12 PM | Comments (0)
November 1, 2005
Back from vacation
Well, I'm back. Actually I got back yesterday, but spent the day digging out of the pile of stuff that built up while I was out. I finally feel like I'm caught up with the small stuff so I can get back to the bigger stuff.
Current top priorities (in no particular order):
- Trying to figure out how to enable Portal services on people's user accounts in bulk, by adding LDAP attributes.
- Working on the Public Relations Calendar of Events (it's really close now!)
- Figuring out how to use the security features of the new webserver for some departmental pages that need security right now rather than after the web migration.
So anyway, I'm going to get back to doing that stuff instead of talking about it.
Posted by swartzer at 9:52 PM | Comments (0)
October 20, 2005
Personal Development time, take 1
Hmm, I see I need to make time to do more entries here; my original goal of one a day proved unrealistic, but I need to do at least two a week.
Today we had our first Personal Development Time, instead of a staff meeting. It was interesting: I got to watch (and occasionally help with) a Solaris 10 installation, and got some reading done on Object-Oriented Perl, which i hope will help my scripting and make it easier for me to create programming tools usable by others.
UCS folks, please take a look at the Personal development Time wiki page (created by Mike Ross.) Feel free to add your own ideas, comments, suggestions, experiences, whatever you please! It's a wiki, after all.
Posted by swartzer at 12:31 PM | Comments (0)
October 13, 2005
Personal development time
Travis had a good idea about a different way to spend the time we normally take in staff meetings.
I like the idea of personal development time; right now, I have to get up early and drive in to work without knowing whether there'll be a meeting. I don't mind it too much, because coming early means I get to leave earlier, but it can be a pain when I was here too late the night before. (Luckily that doesn't happen too often, and when it does, it's generally either my own fault or else totally outside anyone's control.) Knowing I would have a chance to work on my own stuff would give me a better motivation to come in those mornings.
I'd probably spend the time learning stuff like advanced CSS coding, because that's something I've fallen behind on but would really help me with web page design. It would also be nice to work on automating some of the more repetitive tasks I need to so, like feeding webserver logs into the Urchin log analyzer, and setting up web permissions, and stuff like that. I have a serious case of "programmer laziness"; I get frustrated having to do the same stuff over and over, and would rather build a tool to do it for me, even if it takes longer to build the tool! I'd love having time to do stuff like that.
Posted by swartzer at 12:59 PM | Comments (0)
October 12, 2005
Busy week
It's been a busy week so far. I finally got to all those web permission requests I've been needing to do; if you're still waiting on one, please let me know, because it means your request has fallen through the cracks somehow. I also got a bunch of public_html websites fixed; I know I didn't get all of them, so if yours still isn't working, please let me know.
I made a bit of progress on the event calendar, but not as much as I would have liked. I think I can still get at least a basic version of it done, but it's going to be close, considering I have one and maybe two meetings tomorrow and need to get the weekly FAQ ready.
Posted by swartzer at 10:41 PM | Comments (0)
October 11, 2005
Events calendar
Well, I was hoping to have it done sooner than this, but the event submission form is live. It feeds into the existing database (with a couple of extra fields kindly added by Summer.) Next I need to get the actual calendar display working from the database so they don't need to code it by hand anymore. Plus I still have a stack of web requests I have to get to. Sorry, folks! I should be able to get to most of your stuff tomorrow.
Posted by swartzer at 11:52 AM | Comments (0)
October 6, 2005
Whew
OK, crunch time is starting to ease off, for me at least. I've still got a lot of random acount cleanup to do, including tracking down people whose V-numbers we can't find.
Next week I get to work on the Public Relations event submission form and calendar display. That's going to be interesting; I get to use the PHP scripting language, which I find a lot more fun to work with than the PL/SQL language that we've done a lot of our web development in. (My favorite programming language is still Perl... maybe I'll talk about that sometime when I feel like really boring everybody. ;-} ) Another upside of PHP is that it'll give the PR folks more control over the look and feel of the system without having to come to us for changes.
I have about a week's window for that, and then I need to work on the Web migration. We've already got a new webserver running on a much faster box than the current one, and we need to get the website files moved over to it and its name changed so www.wou.edu leads there instead of the current server. The new server will feature an all-new search engine, which will hopefully be an improvement on the current one.
A bit of advance warning for the people who are reading this: we're probably going to have to reset all the editing permissions on the website. They've gotten entirely too tangled over the last three years. I'm going to need to go to each department and find out who has permission to edit what, and make sure they are still able to do that on the new webserver. At least once that's done, we'll be able to get rid of thiose little batch files everybody has to run now to connect to the W: drive.
Anyway, I've worked my ten hours today, time to go enjoy my three-day weekend!
Posted by swartzer at 7:03 PM | Comments (0)
September 23, 2005
Training
Bill asked us all to do an entry about training classes we've taken in the past year or so. I haven't had time to do much of that, but I did do one: SunONE Directory Server LDAP Concepts. It was a mid-level summary of LDAP, and it taught me a lot that I've used ever since.
Posted by swartzer at 5:06 PM | Comments (0)
September 15, 2005
Crunch time!
Wow, did I say it was crunch time before? I didn't know what I was talking about. This is crunch time. Here's what I've been working on:
- Cleaning up the LDAP database and making sure everybody has their ID numbers and other needed attributes added in (as of 3AM on Tuesday, only 19 people were missing ID numbers. Most of the ones I couldn't find were because of multiple possibly matching records in Banner; if I call you and ask if your middle initial is L or J sometime next week; don't be weirded out!)
- Entering newly registered students into LDAP. I need to automate this better, but I should be able to get a new batch in by Monday.
- A script to add new user accounts.
This last is the most interesting, not least because it's actually something that doesn't have to do with the migration! It replaces three old scripts that were needed to properly add user accounts on the old system, and does extra things like automatically creating a blog for each new user.
Anyway, I've been maxed out all week, so please accept my apologies if you've been waiting on a service request and I haven't gotten back to you just yet. I have managed to get a fair number of individual requests don, but I just don't have time to get each one of them done this week, unless I want to stay up after midnight every night. Next week I should be able to get to a few more, and the rest should hopefully be done soon after. I feel kind of bad about not giving the kind of service I wish I could, but at the moment there's little I can do about it.
Posted by swartzer at 6:30 PM | Comments (0)
September 7, 2005
So what is an LDAP database, anyway?
I've been talking a lot about LDAP here lately; as I promised, here's more of an explanation.
LDAP stands for "Lightweight Directory Access Protocol", which I'm sure makes it perfectly understandable right there (just kidding!) Strictly speaking, there isn't any such thing as "an LDAP database"; any database could work, provided that it is tuned for very fast retrieval of information, and can be accessed using the standardized methods of LDAP. It is these standard methods that make LDAP special, and the data retrieval speed that makes it useful.
Because computers can't do magic, a database has to give up something else in order to get very fast retrieval speeds; databases that work with LDAP generally sacrifice speed of updates. This is not really much of a problem since LDAP is designed to work with data that is not constantly changing. LDAP is ideal for storing lists of objects where each object has similar pieces of information that don't change very often; for instance, all user accounts have a username, password, first and last name, ID number, email address, telephone number, etc. That's where the name comes from:
Lightweight - it is quicker and easier to use than previous methods.
Directory - it works with information stored in lists, much like a phone directory.
Access - its primary purpose is to access data as opposed to changing it.
Protocol - it is a standard set of methods.
We use our LDAP database mainly to store user account information. Originally, only our email server stored accounts in the LDAP database, but as part of the migration, we are consolidating most of our user accounts for various systems into a few LDAP databases that synchronize with each other. Because LDAP provides standard methods to access data, many different programs and systems can use the same database of user accounts. This is what enables us to use the same password for email, network, FTP, forums, and other systems; they all refer to the LDAP database to check your password and other information.
LDAP provides good security as well; your password is encrypted so that even we can't see it. That is why our account lookup system can only change your password, and not tell you what it is. Note that this system depends on your ID number being stored in the LDAP database as well, in order to verify that you are the owner of the account; a few people still don't have their numbers in the system, so if you try the account lookup and it doesn't recognize you, please contact the UCS service request desk and let them know your name and ID number so we can get your account fixed.
LDAP makes our jobs as system administrators easier, too; before, we had to create multiple accounts for every new person that came onto campus, but now things are much simpler. We don't have to set up a separate login system for every web-database application anymore, since our Oracle database server can access the LDAP database for logins. And we don't have to ask you quite as many questions if there's some sort of login problem, because there are fewer user databases where a problem might exist.
As time goes by, more and more systems will be converted to use LDAP; for instance, this blog server, the purchase request system, and the Physical Plant service request system. Also, when we roll out our new WOU portal, it will also use the LDAP database, so you won't have to create a new account and remember a new password in order to use it.
Hopefully this has cleared things up a bit! If you want to know more, please contact me or comment on this entry. As usual, Wikipedia has more, in this article.
Posted by swartzer at 8:04 PM | Comments (0)
September 1, 2005
Improved password synchronization
Just today Summer, Travis, and I fixed the password synchronization between email and network logins. Well, not "fixed" exactly, because it wasn't really broken; it just required someone to restart some software once or twice a day.
Now, when you go to the account lookup page, you will know for sure that your new password will work on both your email account and your network login. The only catch is that you have to wait (at most) five minutes for the change to take effect; we will make the change happen in real time as soon as we find a way to keep it from introducing a specific and sneaky little security hole.
Thanks to Summer for creating that account lookup system, by the way! I know there have been a few people who have had problems with it; almost all of those problems have been because we needed to enter information into the LDAP database, and not the fault of the account lookup system itself.
Once the domain migration is finished, I would like to convert more of our systems to use the LDAP account database. For instance, we could reprogram the blog server to look in the main LDAP database instead of its own separate one; this would mean that your email and network password would also get you into your blog administration page.
Thanks to the PL/SQL functions I've mentioned before, we could also do this with things like the UCS purchase request system, and the Physical Plant work request system. Ideally, you will only have to remember one or two passwords to do everything you need to do.
We would love to do this with Banner as well, but that would be hard. We would have to be pretty creative and/or sneaky to get that going, so for the time being, if you need to log in to Banner, you'll need to remember a different password.
Posted by swartzer at 6:50 PM | Comments (0)
August 31, 2005
Crunch time
It's getting down to crunch time here. Students will be back soon, and as UCS finishes up the migration for all those user accounts, I've been pretty busy programming scripts to automate parts of that process. (If we tried moving four thousand email accounts by hand, the migration wouldn't get finished until next year!) So I've been setting up scripts for moving email accounts, changing entries in the email alias file (which is how our email system knows whether your mail needs to go to the old or the new system) and preparing user information so that unix accounts can be moved into an LDAP database.
I've also finished coding up a couple of generalized PL/SQL functions so our programmers can look people up in the new user database. This probably won't mena much to most people, but if any of you programmers need more LDAP lookup functions, let me know. Want to be able to check if a user si faculty, staff, or student? Want to be able to do name or email address searches in LDAP? I can get you a function to do that kind of stuff.
When I have more time, I'll post some more general blog entries about LDAP and other such topics, so everyone will have an easier time understanding the stuff I talk about here.
That's it for now, though!
Posted by swartzer at 5:25 PM | Comments (0)
August 25, 2005
What I've been up to.
I haven't been blogging much lately, as you can see. I've mostly been busy with the system programming side of my job. Here's a brief list of the things I've done:
- Added LDAP server accounts for all students registered for Fall
- For all faculty and staff ccounts migrated so far, added some LDAP attributes that we missed in the migration (this is why the Account Lookup and Password Change feature didn't work for some of you; hopefully this is all fixed now, but if it isn't, please tell the Service Request Desk!)
- Worked on a procedure so that our Oracle web/database applications can talk to the LDAP database and easily use it for logins. (this means that more web applications that used to require their own logins will soon work with your email password, which is also now your network password.)
- Worked on a system to help us re-code our website. I'll talk moreabout that later, but it's a huge job! Once it's done, though, it should make it easier for everyoen to create web pages with the WOU design.
I'll try to come up with a more easily digestible explanation of some of this next week. Especially LDAP, since that's becoming so important to my job lately. Hmmm, I should note that down as a possible FAQ topic for when I start sending those again....
Posted by swartzer at 7:39 PM | Comments (0)
August 9, 2005
Busy again
Wow. It's hard to remember to post here sometimes. I had a really busy week last week; mostly working on the new database system for the website.
On Friday, I came in for a meeting about the University Self-study that we need to do as part of our regular re-accreditation process. I'm one of the UCS representatives in the self-study group, and I expect I'll have more to say about that later, but at the moment I need to get back to programming; I have some system administration scripts that need to be done by the end of the week.
Posted by swartzer at 7:44 PM | Comments (0)
July 25, 2005
Busy day
Today was a day for catching up with a lot of things that fell through the cracks while I was up to the eyeballs in programming. Apologies to the people who waited for things; I will start getting to the quick requests a little more quickly.
Part of what I was working on, and just finished before the weekend, was a fix for all the students who had their files migrated and had their public_html websites stop working. All of those sites should be up and running again.
Anyway, it's late and I need to get going, so I'll sign off now.
Posted by swartzer at 11:38 PM | Comments (0)
July 20, 2005
Woo-hoo!
I finally got the automated blog creation script going. This means we'll be able to set up blogs in bulk for the whole incoming Freshman class, and any other group we want; also, it means Paul will be able to create individual blogs more quickly.
I just had to share that. :-}
Posted by swartzer at 1:55 AM | Comments (0)
June 15, 2005
Information channels
Here at UCS we've been getting complaints about too many sources of information. People are concerned with missing something critical. A common question is, "How am I supposed to keep track of all these different blogs, forums, wikis, and so on?"
The short answer is, you don't really need to. As long as you're reading your email, you're fine.
Here's the long answer: though official policy hasn't been set yet, we're still using email to send any information that is really critical. All these blogs, forums, wikis, and so on are alternatives, designed to give you additional information if you want it, or for specific uses by smaller groups of people.
The blogs are mostly designed for personal communication; some of us write about topics that affect campus, but mostly that's because we deal with those things as part of our own personal jobs. I would hope that my posts are useful enough so people interested in blogging at WOU will visit my blog regularly; but you aren't required to. The resource is just there in case you want to take advantage of it.
Speaking for myself, if I post something on my blog that is really vital for people to see, I'll include a mention of it in the weekly FAQ email (or, as you've seen in the last few weeks, I'll send out a reminder to check blogs even if there is no FAQ for that week.) Other UCS people are also sending out messages on the allfacstaff and/or students email lists, to inform you when they post a blog entry with important information. That way, it's not your job to check fifteen blogs every day just in case there is something important in one of them.
Of course, if you choose not to read your email list messages, and you miss something, that's your responsibility. This is just me talking here; it's not the official UCS policy. We're meeting you more than halfway by using email for everything critical; you only have to worry about one source of information, so I think it's only fair that you take advantage of that source.
Posted by swartzer at 5:35 PM | Comments (0)
June 9, 2005
Keeping busy
So, I suppose I should explain what has been keeping me so busy that I haven't had time to write FAQ's or update this blog every day.
Warning: this is all geeky stuff. But read on if you're interested anyway! I've tried to explain the stuff in English, as non-technically as possible.
Mostly it's been systems programming, but that really means several different tasks at the moment, most of which have to do with our LDAP database.
What is an LDAP database, you may ask? Basically, it is the database that stores things like usernames, passwords, email addresses, program settings, etc. The acronym stands for "Lightweight Directory Access Protocol", and LDAP databases can store all sorts of information besides user settings. For instance, in Messenger Express and the new Communications express, your address books are stored in the LDAP database
The advantage of this sort of thing is centralization. Since LDAP is a standardized and widely supported protocol, many different systems and programming languages can use it. For instance, since your email username and password is stored in the LDAP database, other systems like the forums server or the domain migration questionnaire can use that same password.
Which brings me to the project that had me busy all last week: developing a standard way for all our Oracle web/database applications
This week, I've been working on a better way to create web pages. Anyone who has used our website template knows that it requires some finicky editing to start a new page; you have to get the title right, the random images, all those meta tags, and so on. If someone gets part of this stuff wrong, it isn't always easy to notice, but it does affect things.
What I'm working on is a web form that will let you enter a title, choose some images, and put in keywords and other details. A web page will then be created for you in the folder you want, with all those finicky details taken care of, ready for you to edit by whatever means you normally use. Naturally, not everybody is allowed to create web pages; the system will use LDAP to verify your login and determine what folders you have access to. This is a long project, though, and won't be finished for some time; I'm shooting for late summer.
Aside from that, I've been doing some programming related to the domain migration, and moving people's email address books as they get transferred from Messenger Express to Communications Express. (If your email has already been migrated but you don't see your address book(s), please let me know!) If you don't know what migration I'm talking about, refer to this post on Joe's blog. (Just the first part, not the part about supporting Outlook, though you may find that good news too.)
Anyway, that's all the time I have today. If there's an FAQ tomorrow, it will be short.
Posted by swartzer at 3:49 PM | Comments (0)
June 2, 2005
No FAQ this week
There will be no FAQ this week either. My jury duty got canceled at the last moment (too bad, because I was curious about how it would go) but I still was too busy today with systems programming.
Posted by swartzer at 6:56 PM | Comments (0)
May 26, 2005
No FAQ this week
There won't be an FAQ this week; I've been buried in the systems programming side of my job for the last couple of days. I'm glad my schedule gives me three-day weekends, even if that means extra-long days Monday through Thursday. I like programming, but I can't do it too many days in a row anymore.
I'm probably going to have jury duty sometime next week, by the way. The next part of the stylesheet tutorial may be delayed a while because of that.
Posted by swartzer at 7:13 PM | Comments (0)
May 18, 2005
What's happening
Don't forget to check out Bill's Blog for important updates about UCS and what we're up to.
I've been working on a script to migrate people's email address books from the old email system to the new one; that took up a lot of my time last week and the week before. Apologies to those of you who are still waiting on other things; however, now that the script is done, I'm working through the rest of my to-do list. If you haven't heard back from me by Thursday afternoon, feel free to call or email.
Posted by swartzer at 7:40 PM | Comments (1)