Skip to main content

Some nice advanced topic OpenLDAP articles

I'm always on the lookout for information on advanced OpenLDAP topics, something I've found to be in short supply on the internet.

By advanced I mean documentation, tutorials and howto's that go beyond just setting up a simple standalone directory or an address book and gets into doing things with all of the fancy backends and overlays available in OpenLDAP these days.

I recently came across the Symas forums which have a few nice articles on advanced OpenLDAP topics:

  • Password policies (Managing Password Policies in the Directory) which describes how to add password policies such as expiry, aging, minimum length, history, etc which are features considered standard in Novell E-directory and Microsoft Active Directory accounts but are lacking in the basic OpenLDAP authentication directory configuration. Unfortunately, it falls short of giving any information on whether clients such as nss_ldap and pam_ldap support this, so I will need to test this in a lab sometime.
  • The Transluscent Overlay sounds really useful. One use I have for this feature is to tack the attributes I need for unix authentication (e.g. uid, gid, etc) to our organisations main directory (which I have no control over) so that I my users can use the same password to log into my servers as they use to log into the organisations systems.
  • There is also some stuff about replication, as well as the referential integrity and attribute uniqueness overlays.
More of this kind of article please!
Labels:

Comments

Post a Comment

Popular posts from this blog

Normalizing a MAC address string

Over the last few days, I have been spending some time working on my python - reading the sections of Diving into Python that I have never got around to and refactoring parts of some of my python scripts to make better use of the features of language and, ultimately, to make them more robust (i.e. usable by people other than me). The script I have started with is a simple one for registering hosts for DHCP access. Basically, it takes two command line arguments - a fully qualified hostname and a MAC address - and then does some validation, checks that neither address is already in use, normalizes the output to the correct format, constructs a properly formatted host stanza and appends it to the end of our ISC DHCP servers dhcpd.conf configuration file. I have made improvements to various parts of the code but the changes I am most conflicted about are those I have made to the MAC address normalization function which works reliably and therefore probably isn't a good candidate for
Post a Comment
Read more

More pyparsing and DHCP hosts

Since I wrote my original pyparsing post a few days ago, I've done some more work on refining my ISC dhcpd.conf host parsing example program. I also received some useful comments and suggests from Paul McGuire, the author the pyparsing module (thanks, Paul!), which I have also tried to incorporate. It's it's currently just a useless toy program but it is starting to look quite pretty. #!/usr/bin/python from pyparsing import * # An few host entries from dhcpd.conf sample_data = """ # A host with dynamic DNS attributes host a.foo.bar { ddns-hostname a; ddns-domainname "foo.bar"; hardware ethernet 00:11:22:33:44:55; fixed-address 192.168.100.10, 192.168.200.50; } # A simple multi-line host host b.foo.bar { hardware ethernet 00:0f:12:34:56:78; fixed-address 192.168.100.20; } # A simple single-line host host c.foo.bar { hardware ethernet 00:0e:12:34:50:70; fixed-address 192.168.100.40; } """ digits = "0123456789&qu
Post a Comment
Read more

Sorting a list of IP addresses in Python

As I work a lot with network data, one of my favourite python modules is iplib . It takes care of quite a few of things I want to do with IP addresses but lacks a lot of functionality of perl's Net::Netmask which I relied on extensively when perl was my favourite language. One of the iplib missing features is a method for sorting a list of IP addresses, or at the very least, a method for comparing two addresses. Luckily this is easy enough to implement yourself in python using a customised sort function. See the Sorting Mini-HOW TO for a well written document on sorting in python. Here is my attempt at a custom function for sorting IP addresses. import iplib ips = ["192.168.100.56", "192.168.0.3", "192.0.0.192", "8.0.0.255"] def ip_compare(x, y): """ Compare two IP addresses. """ # Convert IP addresses to decimal for easy comparison dec_x = int(iplib.convert(x, "dec")) dec_y = int(ipl
4 comments
Read more