February « 2009 « morgan::blog

February 6, 2009

Sun pam_ldap/pam_unix and correct subtree LDAP searches

Filed under: Directory/LDAP, JES, Java Enterprise System, Messaging, Solaris 10 — morgan @ 0:26

Though addressed in the context JES Messaging this post is really about getting Sun’s pam_ldap or pam_unix to do what some might consider correct subtree searches. Read on:

If you’re using JES messaging with hosted domains you have an ldap tree that looks like this:
o=firstdomain.com,o=isp; o=seconddomain.com,o=isp; etc.

so your user DNs look like this: uid=morgan,ou=people,o=firstdomain,o=isp; uid=matt,ou=people,o=seconddomain,o=isp; etc.

Under normal circumstances you would supply a basedn of “o=isp,” a scope of “sub,” and the application would search all of your hosted domains in search of the username.

Sun’s pam_ldap (and I believe pam_unix) prepend “ou=people” before doing a search. So if you specify “o=isp,” pam_ldap will search within “ou=people, o=isp” which either doesn’t exist or is empty.

After searching for a way to specify multiple base dns in the ldap profile (defaultSearchBase is SINGLE-VALUE in objectclass DUAConfigProfile) it turns out there is a straightforward work-around. From the ldapclient(1) man page:


serviceSearchDescriptor
           Override the default base DN for LDAP searches  for  a
           given  service.  The  format  of  the descriptors also
           allow overriding the default search scope  and  search
           filter  for  each  service. The syntax of serviceSear-
           chDescriptor is defined in  the  profile  IETF  draft.
           The  default value for all services is NULL. This is a
           multivalued attribute. In the example,

           serviceSearchDescriptor=passwd:ou=people,dc=a1,dc=acme,dc=com?one

           the LDAP  client  would  do  a  one  level  search  in
           ou=people,dc=a1,dc=acme,dc=com       rather       than
           ou=people,defaultSearchBase for the passwd service.

So set serviceSearchDescriptor=passwd:o=isp and it will search under o=isp, allowing users in all of your hosted domains to authenticate. Of course this does open you up to problems where uids can conflict.

Comments (0)

February 5, 2009

RSI log

Filed under: repetitive strain injury (RSI) — morgan @ 0:14

Bellis and Damany recommend keeping a log. Here’s a quick two month summary:

Prior to 11/29/08: I remember periodic pain in the palm of my hands below the ring and pinky finger, particularly when using a laptop. My first memory of this is around October, 06. Infrequent pain in my forearms along the path of the ulnar nerve (elbow to base of palm).

11/29/08: I noticed consistent pain from my elbow to the base of my palm for several days straight over the Thanksgiving holiday. I searched the Internet and self diagnosed cubital tunnel syndrome. I immediately began sleeping with my arms straight. When I returned I went to my physician and she referred me to a hand surgeon.

About a week later: my pain changed to consistent pain in my elbow with periodic nerve “twanginess” from my elbow into my hand: imagine the feeling immediately after the initial shock of hitting your funny bone all the time in both arms. This was consistent until mid January.

Bending my arms any more than 30 degrees is a 6-7 in pain and I have to brace myself mentally to button my shirt, touch my face, drink from a glass, braid my hair, wash my hair, etc.

12/9/08: (check date) I met with a surgeon at the Hand Center at Jefferson. She confirmed my diagnosis, told me to continue sleeping with my arms straight, talked a little too much about surgery for my tastes and ordered an EMG to assess the severity of the damage to my nerves.

12/23/08: The EMG verified the diagnosis of cubital tunnel but indicated marginal severity: there was damage but it was light to moderate. It also showed mild carpal tunnel syndrome. I met again with the surgeon and she prescribed physical therapy and asked that I return in six months for another EMG. I remember telling her that I felt I had about a 10% improvement in pain but couldn’t be sure as consistent pain can be hard to gauge. I also gained some confidence in the surgeon that day as she was no longer talking about surgery: she was taking a conservative approach.

It was at about this time that I began taking 400mg of Aleve twice a day: at breakfast and dinner.

1/5/09: I met with the physical therapist, she found no measurable loss of sensation or motor function. Loss of sensation and motor function are the next step in the syndrome and I am not there… I told her I felt I had improved an additional 10% but was still not sure. She gave me median nerve glides which also work the ulnar nerve a little, hand exercises for carpal tunnel syndrome. She also asked I return the following week with photos of where I work so we could evaluate ergonomics.

1/12/08: I returned to physical therapy with photos of me on the couch, feet up, laptop in my lap, slouched in front of my desk, sitting at the kitchen table and so on. She was appalled but not surprised. She showed me the proper seating position and prescribed a split keyboard, a laptop stand and a keyboard tray. I’m tall enough that the key board tray has proven unnecessary but I am now an expert on and believer in split keyboards. I currently own two. I type with almost no hand pain now. If I remember correctly I was still in pain in my elbows more often than not but it was less at times. It is still uncomfortable to bend more than 30 degrees.

1/28/08: I returned to physical therapy with my Goldtouch keyboard and photos of me in a correct position. J, my physical therapist approved. I am now pain free 10% of the time, have nerve twanginess/awareness of the ulnar nerve from my elbow into my hand about 70% of the time and 4-5 pain 20% of the time. Activities requiring extreme arm bending (buttoning my shirt, braiding my hair, washing my hair, rubbing my face) have gone from a 6-7 in pain to a 1-2. I would say I notice these activities now rather than bracing for them.

2/4/08: I am pain free about 60-70% of the time. I seldom have serious pain or awareness of the full run of the ulnar nerve from my elbow into my hand. I have minor pain in my hand, sometimes my forearm. Activities involving extreme elbow bending still hurt about a 1-2.

Comments (2)

reading and more insight into RSI

Filed under: repetitive strain injury (RSI) — morgan @ 0:00

I’m reading Bellis and Damany’s It’s Not Carpal Tunnel Syndrome! RSI Theory & Therapy for Computer Professionals. Their thesis is that many RSIs won’t be solved by surgery, at least not without an understanding of the larger system and it is possible to properly treat an RSI without giving up computer use.

Bellis is a computer professional who had surgery, his symptoms came back only to be resolved by working with an experience physical therapist: Damany. Their advice is in line with what my physical therapist is recommending and it’s working for me. I am now just over two months into my treatment of my RSIs and I am seeing improvement.

Of particular interest is the idea that just fixing an RSI through surgery, though often providing immediate relief will not provide long term relief if you don’t address the underlying cause of the damage. The hands, arms, back, neck, etc. work as a system: just operating on the wrist or the elbow doesn’t address the rest of the system. Further, in many cases RSI can be relieved by just addressing the cause and skipping the surgery altogether. That speaks to me.

Particularly interesting about nerve damage is there is really no way to strengthen or condition nerves. Physical therapy for muscles usually involves strengthening and the result is progressive rebuilding. Physical therapy for nerves involves moving your [arms in my case] in a way to take them through their full range of motion but otherwise just modifying behavior to not put stress on the nerves and hope they heal. And they do heal but over a course of months.

Sensory feedback from muscles is consistent: they hurt when you exercise them and then they heal.. While nerves presumably heal progressively they send confusing, misleading messages about what is going on: one day it will be pain in the hand, another it will be itching “inside” your hand that can’t be scratched. Some days I’ll work most of the day on the keyboard in pain only to have it clear up three quarters of the way through the day and not hurt at all the rest of the day even though I’m working as much as I was in the morning.

I am also a little surprised about how little modern medicine knows about RSIs.. Part of the problem according to Bellis and Damany is that modern medicine treats the body as regions and doctors are trained to focus on one part and so don’t always look at the big picture before treating the location of the pain: damage to the median nerve where it passes through the carpal tunnel for instance is often the result of bad posture and if you operate but don’t’ address the bad posture you will end up with the same symptoms sometimes in a matter of weeks.

It’s your responsibility as a patient to talk to multiple people and try to understand what is going on and help guide your treatment.. Your doctor may well know less about your condition than you do.. Bellis and Damany suggest physical therapy with a focus on the whole system and not just the wrist or just the elbow the most effective way to treat an RSI.

Comments (0)