Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.5: Fix cron for LDAP Users in Mac OS X Server 10.5 OS X Server
To the best I'm able to determine, Mac OS X Server's cron does not recognize crontabs of users who exist in LDAP, nor the flat files (e.g., /etc/passwd). This is because cron starts prior to LDAP, and thus sees the crontabs of such users as "orphans." If you log in and re-establish the crontab, all is well ... but a simple reboot shouldn't cause crontabs to become disabled.

The system cron is a launchd service, and so it's quite difficult to control the order in which it launches. One can make the argument that it's cron's fault that it doesn't check for LDAP when it starts, but I think that the blame is really Apple's to bear. I spent hours today trying to figure out a graceful way to delay cron's launch without installing a new cron or hacking things up too badly, all in vain.

I gave up and just installed the hackery below; the script waits for LDAP to respond, then kills cron, which automatically restarts.

Create the following in /Library/LaunchDaemons/local.cron.plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>
	<key>Label</key>
	<string>local.cron</string>

	<key>Program</key>
	<string>/bin/sh</string>

	<key>ProgramArguments</key>
	<array>
		<string>sh</string>
		<string>/local/sbin/restart_cron</string>
	</array>

	<key>RunAtLoad</key>
	<true/>

	<key>LaunchOnlyOnce</key>
	<true/>

</dict>

</plist>
Create the following in /local/sbin/restart_cron:
#!/bin/sh

PATH=/bin:/usr/bin
LDAP_MASTER=127.0.0.1
#DEBUG=1
DEBUG_FILE=/tmp/local.out

if [ "$DEBUG" ]; then
	exec >$DEBUG_FILE 2>&1
else
	exec >/dev/null 2>&1
fi

while ! dscl "/LDAPv3/$LDAP_MASTER" -list /Users; do

	echo "Sleeping 5 seconds...."
	sleep 5

done

sleep 10

echo "Killing cron"
kill `ps ax | grep '/usr/sbin/[c]ron' | awk '{print $1}'`
I hope this helps anyone looking to solve this problem, but it's ugly. What I'd really like to see is someone who understands launchd respond with a cleaner way to fix the cron issue.

[robg adds: I haven't tested this one.]
    •    
  • Currently 2.78 / 5
  You rated: 4 / 5 (9 votes cast)
 
[14,203 views]  

10.5: Fix cron for LDAP Users in Mac OS X Server 10.5 | 4 comments | Create New Account
Click here to return to the '10.5: Fix cron for LDAP Users in Mac OS X Server 10.5' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: Fix cron for LDAP Users in Mac OS X Server 10.5
Authored by: mkoistinen on Jan 26, '09 08:18:13AM

Just a thought, perhaps you should "-HUP" as an argument to your kill command. This should simply request that cron re-read its configuration. This may also get it to find the ldap users. Not sure, I haven't tested, but if so, it just seems better behaved and should be less disruptive to crontabs that were loaded before LDAP loads.

Question: does cron noticed new LDAP users that were added after cron was started (and HUP'ed)?

Perhaps, if not, in addition to this, you should execute the kill -HUP on a periodic (using cron?) basis, just in case there are new LDAP users added since cron was HUP'ed.



[ Reply to This | # ]
article about this problem
Authored by: hayne on Jan 26, '09 09:48:15AM
I notice that there is an article about this problem:
http://hea-www.harvard.edu/~fine/OSX/launchd_cron.html


[ Reply to This | # ]
10.5: Fix cron for LDAP Users in Mac OS X Server 10.5
Authored by: asmeurer on Jan 26, '09 07:49:29PM

Interesting. I thought launchd was supposed to replace cron. Does launchd start LDAP? If so, could you replace the launch with something that only trigers when some file changes, perhaps by cron? I really don't know enough about any of these to know.



[ Reply to This | # ]
10.5: Fix cron for LDAP Users in Mac OS X Server 10.5
Authored by: bmcinnes on Feb 02, '10 11:15:14AM

This worked fine for us, on restart now the user crontab is run, where before we had to restart cron by hand.
The user is authenticated using active directory.
I modified the scripts to use with Active Directory -
dscl /Active\ Directory/ADname -list /Users
where ADname is your forest name, and just did a
killall cron
in the restart script instead of the kill ps line - a bit easier.

Works great thanks.



[ Reply to This | # ]