Linux

Find LDAP groups with obsolete users

OpenLDAP has a nice "feature" that allows for group members to continue to exist, even if the user does not exist any more. Really handy! Problem is, if you, say, have a user in the "Domain Admins" group, and you delete that account, and then some normal user comes along with the same username, they will end up with unexpected elevated privileges.

So I created a script that I run weekly that finds group members that no longer exist, and sends me a report. It also tells me which groups are empty.

This relies on my toolbox... Find it here.

Using some of our new tools

Ok... Now that we have our toolbox Let's do something with it. Today we'll look at a simple solution to an everyday problem. Resetting a password.

Part 4: Wrapping up the foundations

Just to wrap up, and in case you are lazy like me, give you a whole file worth of subroutines. It's my toolbox and I'm giving it to you. I put this in a secure location and just call it from my other scripts. This makes the code much shorter in my other scripts, nearly auto-commenting, and avoids bugs because if it works in one, it will work in others.

NOTE: This uses the foundations in parts 1, 2 and 3. You can find them here: Part 1 Part 2 Part3

Tags:

Part 3: The SubRoutines

Now for the tools. There's a lot here, but in further articles you will see how this can be useful. I'll go through each tool with what it does, how to call it, and then the code itself.

NOTE: This uses the foundations in parts 1 and 2. You can find them here: Part 1 Part 2

Tags:

Part 2: Some Standard declarations and personalizing for your site

More foundational work. This stuff will configure for your site, and the routines that follow will regularly rely on them.

First, let's declare our modules:

#!/user/bin/perl
use strict;
use Net::LDAP;
use Authen::SASL;
use IO::Socket::SSL;
use Digest::SHA qw/sha1_base64/;
use Mail::Sendmail;
use Crypt::SmbHash;
use CGI;
use CGI qw/:standard/;

Tags:

Part 1: Foundations

In our journey of code, it is always useful to have a foundation. For starters you will need to make sure that you have the following PERL packages installed, as we will be using them regularly.

Net::LDAP
Authen::SASL
IO::Socket::SSL
Digest::SHA
Mail::Sendmail
Crypt::SmbHash
CGI

Fixed Tags:
Tags:

Opening Message

Hello and Welcome!

Over the course of my time as an Admin I've done a lot of Google searches and writeen a lot of code that has been very helpful to me in my work. I will be posting things here that hopefully will help you in your quest to master some of these technologies (Or simply stand on the shoulders of midgets).

I by no means consider myself a Perl or LDAP expert. It has been a "Learn as you go" ordeal. No formal training, just get things done on an as-needed basis.

I assume that you have a basic knowledge of PERL and LDAP.

Enjoy!

-Sean

Tags:
xrayspx's picture

Backups

I've recently had to think about the mechanics of making idiot-proof backups on Linux and OSX. The specific machine I'm backing up is a Linux host with a 40GB drive. Historically only about 10% of the drive has been used, and the user has an IMAP mailbox, so all the mail is safe already.

xrayspx's picture

OSX vs OpenSuSE

[music | Leaether Strip - What If (Beats on classic mix)]

The Amarok discussion usually comes as a result of a wider discussion/flamewar about the "little things" that bug the shit out of me a year after dropping SuSE for OSX as my home desktop. I used Linux as my desktop for about 8 years, and before that for more "traditional" server type applications. I've had a Linux desktop since Redhat 4.1, but it didn't replace Windows completely until about 1999. That gives me a different perspective on how a computer Should Just Work. My definition of that is skewed by things like uptime and standards compliance. I have no idea what the Standard Uptime is for a Windows desktop machine. My Windows desktops have always stayed up for months and months, because they do nothing except run Outlook and specialty business software that I couldn't get to work under Wine.

So from that perspective, OSX is not particularly stable. The only time I ever rebooted my linux machines was when either the power went out or I was upgrading SuSE. Aside from that, they Just Worked. I don't count things like upgrading KDE as a reboot, because it was just an X11 restart, ctrl-alt-backspace, new DE starts, no reboot. Leopard is more stable for me than Tiger was, especially in terms of returning from standby on the laptop. However in terms of applications "beachballing" and having to force-quit things, well that kind of thing rarely happened to me in SuSE. I'd probably kill Firefox every couple of weeks because something screws up or its footprint was too huge. I have to force-quit Safari every day or two (no SIMBL or other wackiness anymore until I figure out why this is).

Here's a quick list with some detail about what really bugs me, and what I really like in OSX:

Fixed Tags:

Pages

Subscribe to RSS - Linux