Skip to main content

Some nice advanced topic OpenLDAP articles

I'm always on the lookout for information on advanced OpenLDAP topics, something I've found to be in short supply on the internet.

By advanced I mean documentation, tutorials and howto's that go beyond just setting up a simple standalone directory or an address book and gets into doing things with all of the fancy backends and overlays available in OpenLDAP these days.

I recently came across the Symas forums which have a few nice articles on advanced OpenLDAP topics:

  • Password policies (Managing Password Policies in the Directory) which describes how to add password policies such as expiry, aging, minimum length, history, etc which are features considered standard in Novell E-directory and Microsoft Active Directory accounts but are lacking in the basic OpenLDAP authentication directory configuration. Unfortunately, it falls short of giving any information on whether clients such as nss_ldap and pam_ldap support this, so I will need to test this in a lab sometime.
  • The Transluscent Overlay sounds really useful. One use I have for this feature is to tack the attributes I need for unix authentication (e.g. uid, gid, etc) to our organisations main directory (which I have no control over) so that I my users can use the same password to log into my servers as they use to log into the organisations systems.
  • There is also some stuff about replication, as well as the referential integrity and attribute uniqueness overlays.
More of this kind of article please!
Labels:

Comments

Post a Comment

Popular posts from this blog

Sorting a list of IP addresses in Python

As I work a lot with network data, one of my favourite python modules is iplib . It takes care of quite a few of things I want to do with IP addresses but lacks a lot of functionality of perl's Net::Netmask which I relied on extensively when perl was my favourite language. One of the iplib missing features is a method for sorting a list of IP addresses, or at the very least, a method for comparing two addresses. Luckily this is easy enough to implement yourself in python using a customised sort function. See the Sorting Mini-HOW TO for a well written document on sorting in python. Here is my attempt at a custom function for sorting IP addresses. import iplib ips = ["192.168.100.56", "192.168.0.3", "192.0.0.192", "8.0.0.255"] def ip_compare(x, y): """ Compare two IP addresses. """ # Convert IP addresses to decimal for easy comparison dec_x = int(iplib.convert(x, "dec")) dec_y = int(ipl...
4 comments
Read more

Normalizing a MAC address string

Over the last few days, I have been spending some time working on my python - reading the sections of Diving into Python that I have never got around to and refactoring parts of some of my python scripts to make better use of the features of language and, ultimately, to make them more robust (i.e. usable by people other than me). The script I have started with is a simple one for registering hosts for DHCP access. Basically, it takes two command line arguments - a fully qualified hostname and a MAC address - and then does some validation, checks that neither address is already in use, normalizes the output to the correct format, constructs a properly formatted host stanza and appends it to the end of our ISC DHCP servers dhcpd.conf configuration file. I have made improvements to various parts of the code but the changes I am most conflicted about are those I have made to the MAC address normalization function which works reliably and therefore probably isn't a good candidate for...
Post a Comment
Read more

Recursive Descent Parsers and pyparsing

Yesterday while browsing the table of contents of the May 2008 issue of Python Magazine I came across a reference to the pyparsing module - a python module for writing recursive descent parsers using familiar python grammar. O'Reilly's Python DevCenter has an excellent introduction to using this module entitled Building Recursive Descent Parsers with Python . Well worth a read. It just so happens that I have a number of projects which are stalled because writing code to parse complexly structured data is not my strong point. I enjoy parsing up text line by line as much as the next guy but this recursive stuff I find tedious. The ISC DHCP configuration file is, in my opinion, a good example of parsing complexity. It's configuration directives can contain many optional directives, can be nested, and can be all on a single line or broken up move multiple lines. Writing the parser using pyparsing makes this much simpler. Here is a simple example of using pyparsing to parse...
4 comments
Read more