Hacks

xrayspx's picture

A new job for the little Asus

I think I've finally found the perfect job for the little Asus EEE, since it's just too weak to show good video. It has the following tasks:

Find LDAP groups with obsolete users

OpenLDAP has a nice "feature" that allows for group members to continue to exist, even if the user does not exist any more. Really handy! Problem is, if you, say, have a user in the "Domain Admins" group, and you delete that account, and then some normal user comes along with the same username, they will end up with unexpected elevated privileges.

So I created a script that I run weekly that finds group members that no longer exist, and sends me a report. It also tells me which groups are empty.

This relies on my toolbox... Find it here.

Using some of our new tools

Ok... Now that we have our toolbox Let's do something with it. Today we'll look at a simple solution to an everyday problem. Resetting a password.

Part 4: Wrapping up the foundations

Just to wrap up, and in case you are lazy like me, give you a whole file worth of subroutines. It's my toolbox and I'm giving it to you. I put this in a secure location and just call it from my other scripts. This makes the code much shorter in my other scripts, nearly auto-commenting, and avoids bugs because if it works in one, it will work in others.

NOTE: This uses the foundations in parts 1, 2 and 3. You can find them here: Part 1 Part 2 Part3

Tags:

Part 3: The SubRoutines

Now for the tools. There's a lot here, but in further articles you will see how this can be useful. I'll go through each tool with what it does, how to call it, and then the code itself.

NOTE: This uses the foundations in parts 1 and 2. You can find them here: Part 1 Part 2

Tags:

Part 2: Some Standard declarations and personalizing for your site

More foundational work. This stuff will configure for your site, and the routines that follow will regularly rely on them.

First, let's declare our modules:

#!/user/bin/perl
use strict;
use Net::LDAP;
use Authen::SASL;
use IO::Socket::SSL;
use Digest::SHA qw/sha1_base64/;
use Mail::Sendmail;
use Crypt::SmbHash;
use CGI;
use CGI qw/:standard/;

Tags:

Part 1: Foundations

In our journey of code, it is always useful to have a foundation. For starters you will need to make sure that you have the following PERL packages installed, as we will be using them regularly.

Net::LDAP
Authen::SASL
IO::Socket::SSL
Digest::SHA
Mail::Sendmail
Crypt::SmbHash
CGI

Fixed Tags:
Tags:

Opening Message

Hello and Welcome!

Over the course of my time as an Admin I've done a lot of Google searches and writeen a lot of code that has been very helpful to me in my work. I will be posting things here that hopefully will help you in your quest to master some of these technologies (Or simply stand on the shoulders of midgets).

I by no means consider myself a Perl or LDAP expert. It has been a "Learn as you go" ordeal. No formal training, just get things done on an as-needed basis.

I assume that you have a basic knowledge of PERL and LDAP.

Enjoy!

-Sean

Tags:
xrayspx's picture

HOWTO: Properly SPAM A Blog

For anyone spamming blogs, especially my blog, this is the proper way to do it. This comment is vaguely related enough that it seems like maybe the person just missed the point they were trying to make, or is a bad writer. In fact, it was copied from this Amazon review of a DVD from 2007.

Pages

Subscribe to RSS - Hacks