Interesting New Developments…

There have been some interesting new developments lately! Here’s a shrunken summary.

At present I’m doing a technology review for implementing a new terminal server. Our existing terminal server is a 4-way AMD Opteron 848 system that’s about 5 years old right now. It runs CentOS 4 and has been so mega-customized over those 5 years, I’ve never wanted to go through the pain of in-place upgrading to CentOS 5. We also have a simple IBM 1U server running Windows 2003 Server for windows purposes. It’s ok but also about 5 years old.

The idea is to roll both these servers into a large single physical server with some kind of virtualization. The large system would also have the resources to run other VMs, as necessary. Development/test boxes or what not.

Read More

LDAP User Management Tools and User Private Groups

Is it just me or are there no LDAP user management tools that support User Private Groups (UPG)?

I’m well aware of the FreeIPA project and that project does in fact support UPG, probably because it’s a RedHat project but I’ve determined that FreeIPA is too comprehensive for my needs. Despite Kerberos being the “right” solution in every sense of the term, I’d rather have the simplicity of binding to the LDAP server for authentication, even though I know that using LDAP as an authentication service is “wrong”.

My question, loyalty challenged readers, is: Are there any LDAP user management tools out there that support UPG?

Let me start the list:

  • LAM – NO
  • phpLDAPadmin – NO
  • Luma – NO
  • LAT – NO
  • Gosa – NO
  • smbldap-tools – Maybe?

Not to bash any of those tools, but I’ve decided to start writing my own simple “useradd” script for now because the workflow for creating a user with the UPG scheme with any of these tools is an annoying multi-step process. While my solution is site-specific and non-comprehensive, it just exactly the job I need done, done. And fast. I used perl and Net::LDAP, among other modules. Once I figured out if I want to it keep it on the console or move it to the web, I’ll post the results… even if it won’t be useful to anyone as-is.

Cfengine 3 Snippets Part 2: sudo

It’s been a while since I’ve really had time to delve too much further into cfengine 3 since my previous post on the subject way back in May but I do have another simple example to share. This time it’s about managing your sudo policy via theĀ sudoers file.

The example is that of a very, very basic sudoers policy but the principles are easily extended to create much more complex policy. The general idea here is that we want cfengine to ensure that specific rules are always in place. Instructed properly, cfengine accomplishes this very well.

Warning: I don’t know anything. I’m just someone learning cfengine 3 and posting about it. If I’m wrong about something, let me know! If you find this at all useful, be my guest. That is all.

Read More