shart's blog

Sphere of Inconvenience

So... As I was putting together my most recent post regarding IPv6 I got to thinking about how many computers I use every day. It started as I counted up how many things in my house use IP addresses. From here forward I will refer to anything that uses an IP address as a computer for simplicity (yes, that means that in this context my iPhone is a computer, as is my Tivo, and my Linksys wireless access point).

Fixed Tags:



There has been a lot of chatter on the CentOS list lately regarding the ups and downs of IPv6. It has not quite boiled down to a flame war yet, but now is a good time to start distilling down what everybody has had to say.

To start, what IS IPv6? Simply put, it is a newer implementation of IP addressing that allows for many more hosts, as we have been running out of IPv4 addresses and will come to the end shortly. In fact, it allows for more than 2^95 or 5x10^28 addresses per person alive on planet earth today. "Overkill!!!" you might exclaim. In the 70s, when IPv4 was designed, and there were less than 1000 hosts internetworked, you would have said the same thing about the mere 4 billion addresses allowed in that system. In an age where having your toaster internet accessible is not unheard of, you'd be surprised at how many you might use.

Fixed Tags:

Find LDAP groups with obsolete users

OpenLDAP has a nice "feature" that allows for group members to continue to exist, even if the user does not exist any more. Really handy! Problem is, if you, say, have a user in the "Domain Admins" group, and you delete that account, and then some normal user comes along with the same username, they will end up with unexpected elevated privileges.

So I created a script that I run weekly that finds group members that no longer exist, and sends me a report. It also tells me which groups are empty.

This relies on my toolbox... Find it here.

Using some of our new tools

Ok... Now that we have our toolbox Let's do something with it. Today we'll look at a simple solution to an everyday problem. Resetting a password.

Part 4: Wrapping up the foundations

Just to wrap up, and in case you are lazy like me, give you a whole file worth of subroutines. It's my toolbox and I'm giving it to you. I put this in a secure location and just call it from my other scripts. This makes the code much shorter in my other scripts, nearly auto-commenting, and avoids bugs because if it works in one, it will work in others.

NOTE: This uses the foundations in parts 1, 2 and 3. You can find them here: Part 1 Part 2 Part3


Part 3: The SubRoutines

Now for the tools. There's a lot here, but in further articles you will see how this can be useful. I'll go through each tool with what it does, how to call it, and then the code itself.

NOTE: This uses the foundations in parts 1 and 2. You can find them here: Part 1 Part 2


Part 2: Some Standard declarations and personalizing for your site

More foundational work. This stuff will configure for your site, and the routines that follow will regularly rely on them.

First, let's declare our modules:

use strict;
use Net::LDAP;
use Authen::SASL;
use IO::Socket::SSL;
use Digest::SHA qw/sha1_base64/;
use Mail::Sendmail;
use Crypt::SmbHash;
use CGI;
use CGI qw/:standard/;


Part 1: Foundations

In our journey of code, it is always useful to have a foundation. For starters you will need to make sure that you have the following PERL packages installed, as we will be using them regularly.


Fixed Tags:

Opening Message

Hello and Welcome!

Over the course of my time as an Admin I've done a lot of Google searches and writeen a lot of code that has been very helpful to me in my work. I will be posting things here that hopefully will help you in your quest to master some of these technologies (Or simply stand on the shoulders of midgets).

I by no means consider myself a Perl or LDAP expert. It has been a "Learn as you go" ordeal. No formal training, just get things done on an as-needed basis.

I assume that you have a basic knowledge of PERL and LDAP.



Subscribe to RSS - shart's blog