SlideShare a Scribd company logo

I A M305Developing to Novell eDirectory

Novell
Novell

Several recent changes in Novell eDirectory have been targeted to Novell Compliance Management Platform.This session will discuss changes, such as improved logging and monitoring, that better support development efforts. The session will go into detail on directory schema and what is in the directory. You will also learn how to access eDirectory using standard LDAP tools, pull reports to monitor the directory for security and make mass updates to the directory using LDAP tools. By participating in this session you will be able to greatly increase your productivity.

1 of 47
Download to read offline
Novell eDirectory™ ® Event System and Developing to Novell eDirectory Nachiappan Palaniappan Jim Schnitter Software Consultant Senior Support Engineer npalaniappan@novell.com jschnitter@novell.com
Agenda • Novell eDirectory Event System ® ™ • LDAP Auditing • Event Filtering • Demonstration – LDAP Auditing – Event Filtering • Developing to Novell eDirectory using Perl 2 © Novell, Inc. All rights reserved.
Novell eDirectory – Event System ® ™
Novell eDirectory events® ™ • Enables applications to monitor Novell eDirectory activity • Helps in reporting operation specific data • Currently supports 270 events • Event Classification – Entry Events – Value Events – General DS Events – Security Equivalence Events – LDAP Events etc 4 © Novell, Inc. All rights reserved.
Novell eDirectory events® ™ • Types of event handlers – Journal – Inline – Work • Ways through which you can access the event system – LDAP > LDAP Extension, Psearch Control – iMonitor – Novell eDirectory Instrumentation – SNMP 5 © Novell, Inc. All rights reserved.
Design eDirectory ™ user add 3 eDirectory Client DS DS Event System Register Sentinel App Subscribe 2 Notify 4 Notify Register 1 LDAP Server LDAP App Notify 5 6 © Novell, Inc. All rights reserved.
Event Monitoring - Novell Sentinel ® ™ • iManager as the configuration interface – Novell Audit Plugin needs to be installed and configured • Novell eDirectory instrumentation acts as the interface ™ to Novell eDirectory – Bundled with Novell eDirectory – Needs to be installed and configured manually • Novell Audit Platform Agent interacts with Novell Sentinel – Bundled with Novell eDirectory – Needs to be installed manually 7 © Novell, Inc. All rights reserved.
iManager Configuration 8 © Novell, Inc. All rights reserved.
Event Monitoring – LDAP Extension • Novell LDAP events extension allows an LDAP client ® to be notified of the occurrence of various events on a Novell eDirectory server ™ – Utilizes the LDAP v3-extended operation extension mechanism – Novell Specific • Each event is identified by an unique integer 9 © Novell, Inc. All rights reserved.
Event Monitoring – LDAP Extension • Available as part of the SDK “LDAP Libraries for C” • An application registers to monitor one or more events by calling ldap_monitor_event API – int ldap_monitor_event( LDAP *ld, NDSEventSpecifier[] events, int *msgId) > Events[] - contains an array of structures describing the events the application wishes to monitor – behaves similar to the NetWare API NWDSRegisterForEvent ® 10 © Novell, Inc. All rights reserved.
Event Monitoring – LDAP Extension • The following example monitors the CREATE_ENTRY and DELETE_ENTRY events through the LDAP extension • Event Specifiers #include <ldapx.h> #include <ldap_events.h> ... EVT_EntryInfo *entryInfo; EVT_EventSpecifier events[] = { { EVT_CREATE_ENTRY, EVT_STATUS_ALL }, { EVT_DELETE_ENTRY, EVT_STATUS_ALL } }; 11 © Novell, Inc. All rights reserved.
Event Monitoring – LDAP Extension • ldap_monitor_events - LDAP Extension API if ( (rc = ldap_monitor_events ( ld, eventCount, events, &msgID )) != LDAP_SUCCESS ) { printf("ldap_monitor_event : %sn", ldap_err2string( rc )); ldap_unbind_s( ld ); return ( rc ); } 12 © Novell, Inc. All rights reserved.
Event Monitoring – LDAP Extension • Get LDAP result timeOut.tv_sec = 5L; timeOut.tv_usec = 0L; startTime = time(NULL); /* record the start time */ printf("Monitoring events for %d minutes.n", EXECUTE_TIME/60); finished = 0; while ( 0 == finished ) { result = NULL; rc = ldap_result( ld, msgID, LDAP_MSG_ONE, &timeOut, &result ); ..... } 13 © Novell, Inc. All rights reserved.
Event Monitoring – LDAP Extension • Error Cases switch ( rc ) { case -1: /* some error occurred */ ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &errorCode); printf("Error in ldap_result: %sn", ldap_err2string( errorCode )); finished = 1; /* terminate polling loop */ break; case 0: /* Timed out, no result yet. */ break; 14 © Novell, Inc. All rights reserved.
Event Monitoring – LDAP Extension • Look for extended results case LDAP_RES_EXTENDED: /* Monitor Events failure */ parse_rc = ldap_parse_monitor_events_response(ld, result, &resultCode, &errorMsg, &badEventCount, &badEvents, 0); if (parse_rc != LDAP_SUCCESS) printf("Error: ldap_parse_monitor_events_response:%d", parse_rc); else { switch (resultCode) { case LDAP_OPERATIONS_ERROR: printf("Server operations error.n"); break; case LDAP_ADMINLIMIT_EXCEEDED: printf("Maximum number of active event monitors exceeded.n"); break; 15 © Novell, Inc. All rights reserved.
Event Monitoring – LDAP Extension • Watch out for errors case LDAP_PROTOCOL_ERROR: printf("Protocol error.n"); break; case LDAP_UNWILLING_TO_PERFORM: printf("Extension is currently disabledn"); break; default: printf("Unexpected result: %d, %sn", resultCode, errorMsg); } if (NULL != badEvents) { for (i=0; i<badEventCount; i++) { printf("Bad Event ID: %dn", badEvents[i].eventType); } } } finished = 1; break; 16 © Novell, Inc. All rights reserved.
Event Monitoring – LDAP Extension • Get the intermediate result case LDAP_RES_INTERMEDIATE : /* An event notification */ parse_rc = ldap_parse_ds_event(ld, result, &eventType, &eventResult, &eventData, 0 ); /* don't free result */ if ( parse_rc != LDAP_SUCCESS ) printf("Error in ldap_parse_ds_event: %sn", ldap_err2string( parse_rc )); 17 © Novell, Inc. All rights reserved.
Event Monitoring – LDAP Extension • Check the return value of intermediate result else { if (EVT_CREATE_ENTRY == eventType){ entryInfo = (EVT_EntryInfo *)eventData; printf("Added new entry: %sn", entryInfo->entryDN); } else if (EVT_DELETE_ENTRY == eventType){ entryInfo = (EVT_EntryInfo *)eventData; printf("Deleted entry: %sn", entryInfo->entryDN); } else printf("Unexpected event notification: %dn", eventType); ldap_event_free(eventData); } break; 18 © Novell, Inc. All rights reserved.
Novell eDirectory – LDAP Auditing ® ™
Business Need • To support the use case of instrumenting the LDAP traffic (for operations like LDAP bind, LDAP add etc) and audit them • To provide the details and statistics of the LDAP operations happening on the Novell eDirectory server ® ™ 20 © Novell, Inc. All rights reserved.
Overview • Introduced LDAP events in Novell eDirectory 8.8 ® ™ SP3 release • Integration of LDAP events with sentinel in 8.8 SP3 • All LDAP operations can be monitored • Widely used by LDAP Applications 21 © Novell, Inc. All rights reserved.
Internals • LDAP Event Reporting System – LDAP server produces event data • Can be exercised through the SDK “LDAP Libraries for C” • API – ldap_monitor_event is used for monitoring the events with the LDAP event Ids > EVT_LDAP_ADD > EVT_LDAP_EXTOP etc 22 © Novell, Inc. All rights reserved.
LDAP Data • Information reported as part of the LDAP events – Client's connection information – Protocol data – LDAP message ID – LDAP result code – LDAP operation data like ldap search parameters – LDAP control ID – LDAP authentication data 23 © Novell, Inc. All rights reserved.
Design eDirectory ™ register Sentinel App DS notify DS Event System Subscribe 2 Notify 5 4 Register 1 LDAP App LDAP Event Producer Notify 6 LDAP Server LDAP add 3 LDAP Client 24 © Novell, Inc. All rights reserved.
Novell eDirectory – Event Filtering ® ™
Business Need • Novell eDirectory internally generates its own events ® ™ • To help the applications by providing the option to filter out the unwanted events • To monitor specific changes happening in the server (eg. Password modifications) • To bring down the client work load of filtering event data on its own 26 © Novell, Inc. All rights reserved.
Overview • Will be available as part of Novell eDirectory 8.8 SP6 ® ™ • Will be available on all applicable platforms • Internal interface to Novell eDirectory – Novell eDirectory Instrumentation • Configuration Interface – iManager • Reduces the load on monitoring applications and there by improves performance 27 © Novell, Inc. All rights reserved.
Event Filtering • Limited Filtering provided • Filtering options – Attribute based filtering – Object Class based filtering • Applicable to selected events – Commonly used value and entry events 28 © Novell, Inc. All rights reserved.
Demonstration Novell eDirectory LDAP Auditing ® ™
Demonstration Novell eDirectory Event Filtering ® ™
Developing to Novell eDirectory ® ™
Why should a developer use Perl? • Well suited to small, discrete tasks – Provisioning in Domain Services for Windows • Provides a framework for user extensions – Privileged User Management • Customers can find AND fix their own problems 32 © Novell, Inc. All rights reserved.
How do you get LDAP to work with Perl? • Use system call, LDAP commands and ldif files – Good for tasks that are constantly repeated and need little input – Example: populate missing uids • Use the CPAN LDAP module – Object Oriented Interface – Good for more complex data manipulation – Example: LDAP2CSV 33 © Novell, Inc. All rights reserved.
$ldapsearch -h host $ldapmodify -h host -f ldif dn: cn=jim,o=novell dn: cn=jim,o=novell Perl changtype: modify add: uid uid: jim 34 © Novell, Inc. All rights reserved.
Populate Missing Uids ldapsearch -b o=novell '(&(objectclass=user)(!(uid=*)))' • LDIF file created from this search # jeffsmith, novell dn: cn=jeffsmith,o=novell sn: smith objectClass: inetOrgPerson cn: jeffsmith # jsmith, people, novell dn: cn=jsmith,ou=people,o=novell sn: smith objectClass: inetOrgPerson cn: jsmith 35 © Novell, Inc. All rights reserved.
Populate Missing Uids • Format of an LDIF file to add uids dn: cn=jeffsmith,o=novell changetype: modify add: uid uid: jeffsmith dn: cn=jsmith,ou=people,o=novell changetype: modify add: uid uid: jsmith 36 © Novell, Inc. All rights reserved.
Populate Missing Uids • Get input file and open output file #!/usr/bin/perl if (@ARGV == 1) { $in = $ARGV[0]; } else { die "nUsage: uid.pl <input ldif>nn"; } open (IN, $in) or die "nCan't open $innn"; open (OUT, ">uid.ldif"); 37 © Novell, Inc. All rights reserved.
Populate Missing Uids • Build the LDIF file while ($line = <IN>) { chomp $line; if ($line =~ m/dn: cn=(.*?),/) { print OUT "$linen"; print OUT "changetype: modifyn"; print OUT "add: uidn"; print OUT "uid: $1nn"; } } print "nCreated uid.ldif to add uidsnn"; 38 © Novell, Inc. All rights reserved.
Make the program bullet proof • Put the ldapsearch and ldapmodify commands inside the Perl program • System() subroutine allows a Perl program to run any command that can be done in the shell • Variable substitution is still done 39 © Novell, Inc. All rights reserved.
Perl $ldapsearch -h host $ldapmodify -h host -f ldif dn: cn=jim,o=novell changtype: modify dn: cn=jim,o=novell add: uid uid: jim 40 © Novell, Inc. All rights reserved.
Populate Missing Uids • Don't prompt for input file any more #!/usr/bin/perl $in = "/tmp/input.ldif"; system ("ldapsearch -x -D cn=admin,o=novell -w novell -b o=novell -h host '(&(objectclass=user)(! (uid=*)))' > $in"); open (IN, $in) or die "nCan't open $innn"; open (OUT, ">uid.ldif"); 41 © Novell, Inc. All rights reserved.
Populate Missing Uids • Add the uids from the program system ("ldapmodify -x -h host -D cn=admin,o=novell -w novell -f uid.ldif"); print "nUids have been addednn"; close IN; close OUT; 42 © Novell, Inc. All rights reserved.
Make the program more secure • Don't use any more temporary files • Data manipulation can be done in memory • Perl modules allow programs to reuse code – Don't depend on utilities being installed – Modules are generally cross platform 43 © Novell, Inc. All rights reserved.
Populate Missing Uids use Net::LDAP; $attrs = [ 'cn' ]; $searchString = "(&(objectclass=user)(!(uid=*)))"; $result = $ldap->search ( base => "o=novell", filter => "$searchString", scope => "sub", attrs => $attrs ); if ($result->code) { die ("nCan't search $base (LDAP Error: ", $result- >code, ")nn"); } 44 © Novell, Inc. All rights reserved.
Populate Missing Uids @entries = $result->entries; foreach $entr ( @entries ) { $dn = $entr->dn; $cn = $entr->get_value(“cn”); print "nModifying: $dnn"; $result = $ldap->modify($dn, add => { uid => $cn} ); if ($result->code) { die ("Error - Can't modify (LDAP Error: ", $result- >code, ")nn"); } } 45 © Novell, Inc. All rights reserved.
Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

Recommended

Architecture-Driven Programming for Sense/Compute/Control Applications
Architecture-Driven Programming for Sense/Compute/Control ApplicationsArchitecture-Driven Programming for Sense/Compute/Control Applications
Architecture-Driven Programming for Sense/Compute/Control ApplicationsDamien Cassou
 
Utilizing Novell Sentinel Advisor and Attack Vulnerability
Utilizing Novell Sentinel Advisor and Attack VulnerabilityUtilizing Novell Sentinel Advisor and Attack Vulnerability
Utilizing Novell Sentinel Advisor and Attack VulnerabilityNovell
 
The dark side of SDN and OpenFlow
The dark side of SDN and OpenFlowThe dark side of SDN and OpenFlow
The dark side of SDN and OpenFlowDiego Kreutz
 
Oracle Enterprise manager SNMP and Exadata
Oracle Enterprise manager SNMP and ExadataOracle Enterprise manager SNMP and Exadata
Oracle Enterprise manager SNMP and ExadataMike Chafin
 
OpenShift/Kubernetes to Splunk log integration
OpenShift/Kubernetes to Splunk log integrationOpenShift/Kubernetes to Splunk log integration
OpenShift/Kubernetes to Splunk log integrationMichiel Kalkman
 
Monitoring active-directory
Monitoring active-directoryMonitoring active-directory
Monitoring active-directoryPrince JabaKumar
 
Monitoring active-directory
Monitoring active-directoryMonitoring active-directory
Monitoring active-directoryManageEngine, Zoho Corporation
 
Regain Control Thanks To Prometheus
Regain Control Thanks To PrometheusRegain Control Thanks To Prometheus
Regain Control Thanks To PrometheusEtienne Coutaud
 

Recommended

Architecture-Driven Programming for Sense/Compute/Control Applications
Architecture-Driven Programming for Sense/Compute/Control ApplicationsArchitecture-Driven Programming for Sense/Compute/Control Applications
Architecture-Driven Programming for Sense/Compute/Control ApplicationsDamien Cassou
 
Utilizing Novell Sentinel Advisor and Attack Vulnerability
Utilizing Novell Sentinel Advisor and Attack VulnerabilityUtilizing Novell Sentinel Advisor and Attack Vulnerability
Utilizing Novell Sentinel Advisor and Attack VulnerabilityNovell
 
The dark side of SDN and OpenFlow
The dark side of SDN and OpenFlowThe dark side of SDN and OpenFlow
The dark side of SDN and OpenFlowDiego Kreutz
 
Oracle Enterprise manager SNMP and Exadata
Oracle Enterprise manager SNMP and ExadataOracle Enterprise manager SNMP and Exadata
Oracle Enterprise manager SNMP and ExadataMike Chafin
 
OpenShift/Kubernetes to Splunk log integration
OpenShift/Kubernetes to Splunk log integrationOpenShift/Kubernetes to Splunk log integration
OpenShift/Kubernetes to Splunk log integrationMichiel Kalkman
 
Monitoring active-directory
Monitoring active-directoryMonitoring active-directory
Monitoring active-directoryPrince JabaKumar
 
Monitoring active-directory
Monitoring active-directoryMonitoring active-directory
Monitoring active-directoryManageEngine, Zoho Corporation
 
Regain Control Thanks To Prometheus
Regain Control Thanks To PrometheusRegain Control Thanks To Prometheus
Regain Control Thanks To PrometheusEtienne Coutaud
 
Don't Deploy Into the Dark: DORA Metrics for your K8s GitOps Deployments
Don't Deploy Into the Dark: DORA Metrics for your K8s GitOps DeploymentsDon't Deploy Into the Dark: DORA Metrics for your K8s GitOps Deployments
Don't Deploy Into the Dark: DORA Metrics for your K8s GitOps DeploymentsAndreas Grabner
 
Puppet Deployment at OnApp
Puppet Deployment at OnApp Puppet Deployment at OnApp
Puppet Deployment at OnApp Puppet
 
PuppetCamp SEA 1 - Puppet Deployment at OnApp
PuppetCamp SEA 1 - Puppet Deployment at OnAppPuppetCamp SEA 1 - Puppet Deployment at OnApp
PuppetCamp SEA 1 - Puppet Deployment at OnAppOlinData
 
PuppetCamp SEA 1 - Puppet Deployment at OnApp
PuppetCamp SEA 1 - Puppet Deployment at OnAppPuppetCamp SEA 1 - Puppet Deployment at OnApp
PuppetCamp SEA 1 - Puppet Deployment at OnAppWalter Heck
 
Applying Novell Identity Manager to Your Everyday Problems
Applying Novell Identity Manager to Your Everyday ProblemsApplying Novell Identity Manager to Your Everyday Problems
Applying Novell Identity Manager to Your Everyday ProblemsNovell
 
Using Novell Sentinel Log Manager to Monitor Novell Applications
Using Novell Sentinel Log Manager to Monitor Novell ApplicationsUsing Novell Sentinel Log Manager to Monitor Novell Applications
Using Novell Sentinel Log Manager to Monitor Novell ApplicationsNovell
 
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1Novell
 
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1Novell
 
OpenNMS introduction
OpenNMS introductionOpenNMS introduction
OpenNMS introductionGuider Lee
 
Log4Shell - Armageddon or Opportunity.pptx
Log4Shell - Armageddon or Opportunity.pptxLog4Shell - Armageddon or Opportunity.pptx
Log4Shell - Armageddon or Opportunity.pptxSteve Poole
 
Automating Software Development Life Cycle - A DevOps Approach
Automating Software Development Life Cycle - A DevOps ApproachAutomating Software Development Life Cycle - A DevOps Approach
Automating Software Development Life Cycle - A DevOps ApproachAkshaya Mahapatra
 
PaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at YelpPaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at YelpNathan Handler
 
How to ditch the debugger and use logging instead - devwinter 2015
How to ditch the debugger and use logging instead - devwinter 2015How to ditch the debugger and use logging instead - devwinter 2015
How to ditch the debugger and use logging instead - devwinter 2015Skelton Thatcher Consulting Ltd
 
Observability and Orchestration of your GitOps Deployments with Keptn
Observability and Orchestration of your GitOps Deployments with KeptnObservability and Orchestration of your GitOps Deployments with Keptn
Observability and Orchestration of your GitOps Deployments with KeptnAndreas Grabner
 
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)DECK36
 
Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01SANE Ibrahima
 
Ldap introduction (eng)
Ldap introduction (eng)Ldap introduction (eng)
Ldap introduction (eng)Anatoliy Okhotnikov
 
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael SchwartzkopffOSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael SchwartzkopffNETWAYS
 
Reduce SRE Stress: Minimizing Service Downtime with Grafana, InfluxDB and Tel...
Reduce SRE Stress: Minimizing Service Downtime with Grafana, InfluxDB and Tel...Reduce SRE Stress: Minimizing Service Downtime with Grafana, InfluxDB and Tel...
Reduce SRE Stress: Minimizing Service Downtime with Grafana, InfluxDB and Tel...InfluxData
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Puppet
 
Filr white paper
Filr white paperFilr white paper
Filr white paperNovell
 
Social media class 4 v2
Social media class 4 v2Social media class 4 v2
Social media class 4 v2Novell
 

More Related Content

Similar to I A M305Developing to Novell eDirectory

Don't Deploy Into the Dark: DORA Metrics for your K8s GitOps Deployments
Don't Deploy Into the Dark: DORA Metrics for your K8s GitOps DeploymentsDon't Deploy Into the Dark: DORA Metrics for your K8s GitOps Deployments
Don't Deploy Into the Dark: DORA Metrics for your K8s GitOps DeploymentsAndreas Grabner
 
Puppet Deployment at OnApp
Puppet Deployment at OnApp Puppet Deployment at OnApp
Puppet Deployment at OnApp Puppet
 
PuppetCamp SEA 1 - Puppet Deployment at OnApp
PuppetCamp SEA 1 - Puppet Deployment at OnAppPuppetCamp SEA 1 - Puppet Deployment at OnApp
PuppetCamp SEA 1 - Puppet Deployment at OnAppOlinData
 
PuppetCamp SEA 1 - Puppet Deployment at OnApp
PuppetCamp SEA 1 - Puppet Deployment at OnAppPuppetCamp SEA 1 - Puppet Deployment at OnApp
PuppetCamp SEA 1 - Puppet Deployment at OnAppWalter Heck
 
Applying Novell Identity Manager to Your Everyday Problems
Applying Novell Identity Manager to Your Everyday ProblemsApplying Novell Identity Manager to Your Everyday Problems
Applying Novell Identity Manager to Your Everyday ProblemsNovell
 
Using Novell Sentinel Log Manager to Monitor Novell Applications
Using Novell Sentinel Log Manager to Monitor Novell ApplicationsUsing Novell Sentinel Log Manager to Monitor Novell Applications
Using Novell Sentinel Log Manager to Monitor Novell ApplicationsNovell
 
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1Novell
 
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1Novell
 
OpenNMS introduction
OpenNMS introductionOpenNMS introduction
OpenNMS introductionGuider Lee
 
Log4Shell - Armageddon or Opportunity.pptx
Log4Shell - Armageddon or Opportunity.pptxLog4Shell - Armageddon or Opportunity.pptx
Log4Shell - Armageddon or Opportunity.pptxSteve Poole
 
Automating Software Development Life Cycle - A DevOps Approach
Automating Software Development Life Cycle - A DevOps ApproachAutomating Software Development Life Cycle - A DevOps Approach
Automating Software Development Life Cycle - A DevOps ApproachAkshaya Mahapatra
 
PaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at YelpPaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at YelpNathan Handler
 
How to ditch the debugger and use logging instead - devwinter 2015
How to ditch the debugger and use logging instead - devwinter 2015How to ditch the debugger and use logging instead - devwinter 2015
How to ditch the debugger and use logging instead - devwinter 2015Skelton Thatcher Consulting Ltd
 
Observability and Orchestration of your GitOps Deployments with Keptn
Observability and Orchestration of your GitOps Deployments with KeptnObservability and Orchestration of your GitOps Deployments with Keptn
Observability and Orchestration of your GitOps Deployments with KeptnAndreas Grabner
 
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)DECK36
 
Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01SANE Ibrahima
 
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael SchwartzkopffOSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael SchwartzkopffNETWAYS
 
Reduce SRE Stress: Minimizing Service Downtime with Grafana, InfluxDB and Tel...
Reduce SRE Stress: Minimizing Service Downtime with Grafana, InfluxDB and Tel...Reduce SRE Stress: Minimizing Service Downtime with Grafana, InfluxDB and Tel...
Reduce SRE Stress: Minimizing Service Downtime with Grafana, InfluxDB and Tel...InfluxData
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Puppet
 

Similar to I A M305Developing to Novell eDirectory (20)

Don't Deploy Into the Dark: DORA Metrics for your K8s GitOps Deployments
Don't Deploy Into the Dark: DORA Metrics for your K8s GitOps DeploymentsDon't Deploy Into the Dark: DORA Metrics for your K8s GitOps Deployments
Don't Deploy Into the Dark: DORA Metrics for your K8s GitOps Deployments
 
Puppet Deployment at OnApp
Puppet Deployment at OnApp Puppet Deployment at OnApp
Puppet Deployment at OnApp
 
PuppetCamp SEA 1 - Puppet Deployment at OnApp
PuppetCamp SEA 1 - Puppet Deployment at OnAppPuppetCamp SEA 1 - Puppet Deployment at OnApp
PuppetCamp SEA 1 - Puppet Deployment at OnApp
 
PuppetCamp SEA 1 - Puppet Deployment at OnApp
PuppetCamp SEA 1 - Puppet Deployment at OnAppPuppetCamp SEA 1 - Puppet Deployment at OnApp
PuppetCamp SEA 1 - Puppet Deployment at OnApp
 
Applying Novell Identity Manager to Your Everyday Problems
Applying Novell Identity Manager to Your Everyday ProblemsApplying Novell Identity Manager to Your Everyday Problems
Applying Novell Identity Manager to Your Everyday Problems
 
Using Novell Sentinel Log Manager to Monitor Novell Applications
Using Novell Sentinel Log Manager to Monitor Novell ApplicationsUsing Novell Sentinel Log Manager to Monitor Novell Applications
Using Novell Sentinel Log Manager to Monitor Novell Applications
 
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1
 
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1
Introduction to Crystal and Jasper Reports for Novell Sentinel 6.1
 
OpenNMS introduction
OpenNMS introductionOpenNMS introduction
OpenNMS introduction
 
Log4Shell - Armageddon or Opportunity.pptx
Log4Shell - Armageddon or Opportunity.pptxLog4Shell - Armageddon or Opportunity.pptx
Log4Shell - Armageddon or Opportunity.pptx
 
Automating Software Development Life Cycle - A DevOps Approach
Automating Software Development Life Cycle - A DevOps ApproachAutomating Software Development Life Cycle - A DevOps Approach
Automating Software Development Life Cycle - A DevOps Approach
 
PaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at YelpPaaSTA: Autoscaling at Yelp
PaaSTA: Autoscaling at Yelp
 
How to ditch the debugger and use logging instead - devwinter 2015
How to ditch the debugger and use logging instead - devwinter 2015How to ditch the debugger and use logging instead - devwinter 2015
How to ditch the debugger and use logging instead - devwinter 2015
 
Observability and Orchestration of your GitOps Deployments with Keptn
Observability and Orchestration of your GitOps Deployments with KeptnObservability and Orchestration of your GitOps Deployments with Keptn
Observability and Orchestration of your GitOps Deployments with Keptn
 
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
Our Puppet Story – Patterns and Learnings (sage@guug, March 2014)
 
Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01Ldap 121020013604-phpapp01
Ldap 121020013604-phpapp01
 
Ldap introduction (eng)
Ldap introduction (eng)Ldap introduction (eng)
Ldap introduction (eng)
 
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael SchwartzkopffOSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
OSMC 2009 | net-snmp: The forgotten classic by Dr. Michael Schwartzkopff
 
Reduce SRE Stress: Minimizing Service Downtime with Grafana, InfluxDB and Tel...
Reduce SRE Stress: Minimizing Service Downtime with Grafana, InfluxDB and Tel...Reduce SRE Stress: Minimizing Service Downtime with Grafana, InfluxDB and Tel...
Reduce SRE Stress: Minimizing Service Downtime with Grafana, InfluxDB and Tel...
 
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
Exploring the Final Frontier of Data Center Orchestration: Network Elements -...
 

More from Novell

Filr white paper
Filr white paperFilr white paper
Filr white paperNovell
 
Social media class 4 v2
Social media class 4 v2Social media class 4 v2
Social media class 4 v2Novell
 
Social media class 3
Social media class 3Social media class 3
Social media class 3Novell
 
Social media class 2
Social media class 2Social media class 2
Social media class 2Novell
 
Social media class 1
Social media class 1Social media class 1
Social media class 1Novell
 
Social media class 2 v2
Social media class 2 v2Social media class 2 v2
Social media class 2 v2Novell
 
LinkedIn training presentation
LinkedIn training presentationLinkedIn training presentation
LinkedIn training presentationNovell
 
Twitter training presentation
Twitter training presentationTwitter training presentation
Twitter training presentationNovell
 
Getting started with social media
Getting started with social mediaGetting started with social media
Getting started with social mediaNovell
 
Strategies for sharing and commenting in social media
Strategies for sharing and commenting in social mediaStrategies for sharing and commenting in social media
Strategies for sharing and commenting in social mediaNovell
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHNovell
 
Workload iq final
Workload iq finalWorkload iq final
Workload iq finalNovell
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused EnterpriseNovell
 
Shining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of SocialShining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of SocialNovell
 
Accelerate to the Cloud
Accelerate to the CloudAccelerate to the Cloud
Accelerate to the CloudNovell
 
The New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration TrendsThe New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration TrendsNovell
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementNovell
 
Iaas for a demanding business
Iaas for a demanding businessIaas for a demanding business
Iaas for a demanding businessNovell
 
Workload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachWorkload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachNovell
 
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...Novell
 

More from Novell (20)

Filr white paper
Filr white paperFilr white paper
Filr white paper
 
Social media class 4 v2
Social media class 4 v2Social media class 4 v2
Social media class 4 v2
 
Social media class 3
Social media class 3Social media class 3
Social media class 3
 
Social media class 2
Social media class 2Social media class 2
Social media class 2
 
Social media class 1
Social media class 1Social media class 1
Social media class 1
 
Social media class 2 v2
Social media class 2 v2Social media class 2 v2
Social media class 2 v2
 
LinkedIn training presentation
LinkedIn training presentationLinkedIn training presentation
LinkedIn training presentation
 
Twitter training presentation
Twitter training presentationTwitter training presentation
Twitter training presentation
 
Getting started with social media
Getting started with social mediaGetting started with social media
Getting started with social media
 
Strategies for sharing and commenting in social media
Strategies for sharing and commenting in social mediaStrategies for sharing and commenting in social media
Strategies for sharing and commenting in social media
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
 
Workload iq final
Workload iq finalWorkload iq final
Workload iq final
 
The Identity-infused Enterprise
The Identity-infused EnterpriseThe Identity-infused Enterprise
The Identity-infused Enterprise
 
Shining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of SocialShining the Enterprise Light on Shades of Social
Shining the Enterprise Light on Shades of Social
 
Accelerate to the Cloud
Accelerate to the CloudAccelerate to the Cloud
Accelerate to the Cloud
 
The New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration TrendsThe New Business Value of Today’s Collaboration Trends
The New Business Value of Today’s Collaboration Trends
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
 
Iaas for a demanding business
Iaas for a demanding businessIaas for a demanding business
Iaas for a demanding business
 
Workload IQ: A Differentiated Approach
Workload IQ: A Differentiated ApproachWorkload IQ: A Differentiated Approach
Workload IQ: A Differentiated Approach
 
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
Virtual Appliances: Simplifying Application Deployment and Accelerating Your ...
 

I A M305Developing to Novell eDirectory

  • 1. Novell eDirectory™ ® Event System and Developing to Novell eDirectory Nachiappan Palaniappan Jim Schnitter Software Consultant Senior Support Engineer npalaniappan@novell.com jschnitter@novell.com
  • 2. Agenda • Novell eDirectory Event System ® ™ • LDAP Auditing • Event Filtering • Demonstration – LDAP Auditing – Event Filtering • Developing to Novell eDirectory using Perl 2 © Novell, Inc. All rights reserved.
  • 3. Novell eDirectory – Event System ® ™
  • 4. Novell eDirectory events® ™ • Enables applications to monitor Novell eDirectory activity • Helps in reporting operation specific data • Currently supports 270 events • Event Classification – Entry Events – Value Events – General DS Events – Security Equivalence Events – LDAP Events etc 4 © Novell, Inc. All rights reserved.
  • 5. Novell eDirectory events® ™ • Types of event handlers – Journal – Inline – Work • Ways through which you can access the event system – LDAP > LDAP Extension, Psearch Control – iMonitor – Novell eDirectory Instrumentation – SNMP 5 © Novell, Inc. All rights reserved.
  • 6. Design eDirectory ™ user add 3 eDirectory Client DS DS Event System Register Sentinel App Subscribe 2 Notify 4 Notify Register 1 LDAP Server LDAP App Notify 5 6 © Novell, Inc. All rights reserved.
  • 7. Event Monitoring - Novell Sentinel ® ™ • iManager as the configuration interface – Novell Audit Plugin needs to be installed and configured • Novell eDirectory instrumentation acts as the interface ™ to Novell eDirectory – Bundled with Novell eDirectory – Needs to be installed and configured manually • Novell Audit Platform Agent interacts with Novell Sentinel – Bundled with Novell eDirectory – Needs to be installed manually 7 © Novell, Inc. All rights reserved.
  • 8. iManager Configuration 8 © Novell, Inc. All rights reserved.
  • 9. Event Monitoring – LDAP Extension • Novell LDAP events extension allows an LDAP client ® to be notified of the occurrence of various events on a Novell eDirectory server ™ – Utilizes the LDAP v3-extended operation extension mechanism – Novell Specific • Each event is identified by an unique integer 9 © Novell, Inc. All rights reserved.
  • 10. Event Monitoring – LDAP Extension • Available as part of the SDK “LDAP Libraries for C” • An application registers to monitor one or more events by calling ldap_monitor_event API – int ldap_monitor_event( LDAP *ld, NDSEventSpecifier[] events, int *msgId) > Events[] - contains an array of structures describing the events the application wishes to monitor – behaves similar to the NetWare API NWDSRegisterForEvent ® 10 © Novell, Inc. All rights reserved.
  • 11. Event Monitoring – LDAP Extension • The following example monitors the CREATE_ENTRY and DELETE_ENTRY events through the LDAP extension • Event Specifiers #include <ldapx.h> #include <ldap_events.h> ... EVT_EntryInfo *entryInfo; EVT_EventSpecifier events[] = { { EVT_CREATE_ENTRY, EVT_STATUS_ALL }, { EVT_DELETE_ENTRY, EVT_STATUS_ALL } }; 11 © Novell, Inc. All rights reserved.
  • 12. Event Monitoring – LDAP Extension • ldap_monitor_events - LDAP Extension API if ( (rc = ldap_monitor_events ( ld, eventCount, events, &msgID )) != LDAP_SUCCESS ) { printf("ldap_monitor_event : %sn", ldap_err2string( rc )); ldap_unbind_s( ld ); return ( rc ); } 12 © Novell, Inc. All rights reserved.
  • 13. Event Monitoring – LDAP Extension • Get LDAP result timeOut.tv_sec = 5L; timeOut.tv_usec = 0L; startTime = time(NULL); /* record the start time */ printf("Monitoring events for %d minutes.n", EXECUTE_TIME/60); finished = 0; while ( 0 == finished ) { result = NULL; rc = ldap_result( ld, msgID, LDAP_MSG_ONE, &timeOut, &result ); ..... } 13 © Novell, Inc. All rights reserved.
  • 14. Event Monitoring – LDAP Extension • Error Cases switch ( rc ) { case -1: /* some error occurred */ ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &errorCode); printf("Error in ldap_result: %sn", ldap_err2string( errorCode )); finished = 1; /* terminate polling loop */ break; case 0: /* Timed out, no result yet. */ break; 14 © Novell, Inc. All rights reserved.
  • 15. Event Monitoring – LDAP Extension • Look for extended results case LDAP_RES_EXTENDED: /* Monitor Events failure */ parse_rc = ldap_parse_monitor_events_response(ld, result, &resultCode, &errorMsg, &badEventCount, &badEvents, 0); if (parse_rc != LDAP_SUCCESS) printf("Error: ldap_parse_monitor_events_response:%d", parse_rc); else { switch (resultCode) { case LDAP_OPERATIONS_ERROR: printf("Server operations error.n"); break; case LDAP_ADMINLIMIT_EXCEEDED: printf("Maximum number of active event monitors exceeded.n"); break; 15 © Novell, Inc. All rights reserved.
  • 16. Event Monitoring – LDAP Extension • Watch out for errors case LDAP_PROTOCOL_ERROR: printf("Protocol error.n"); break; case LDAP_UNWILLING_TO_PERFORM: printf("Extension is currently disabledn"); break; default: printf("Unexpected result: %d, %sn", resultCode, errorMsg); } if (NULL != badEvents) { for (i=0; i<badEventCount; i++) { printf("Bad Event ID: %dn", badEvents[i].eventType); } } } finished = 1; break; 16 © Novell, Inc. All rights reserved.
  • 17. Event Monitoring – LDAP Extension • Get the intermediate result case LDAP_RES_INTERMEDIATE : /* An event notification */ parse_rc = ldap_parse_ds_event(ld, result, &eventType, &eventResult, &eventData, 0 ); /* don't free result */ if ( parse_rc != LDAP_SUCCESS ) printf("Error in ldap_parse_ds_event: %sn", ldap_err2string( parse_rc )); 17 © Novell, Inc. All rights reserved.
  • 18. Event Monitoring – LDAP Extension • Check the return value of intermediate result else { if (EVT_CREATE_ENTRY == eventType){ entryInfo = (EVT_EntryInfo *)eventData; printf("Added new entry: %sn", entryInfo->entryDN); } else if (EVT_DELETE_ENTRY == eventType){ entryInfo = (EVT_EntryInfo *)eventData; printf("Deleted entry: %sn", entryInfo->entryDN); } else printf("Unexpected event notification: %dn", eventType); ldap_event_free(eventData); } break; 18 © Novell, Inc. All rights reserved.
  • 19. Novell eDirectory – LDAP Auditing ® ™
  • 20. Business Need • To support the use case of instrumenting the LDAP traffic (for operations like LDAP bind, LDAP add etc) and audit them • To provide the details and statistics of the LDAP operations happening on the Novell eDirectory server ® ™ 20 © Novell, Inc. All rights reserved.
  • 21. Overview • Introduced LDAP events in Novell eDirectory 8.8 ® ™ SP3 release • Integration of LDAP events with sentinel in 8.8 SP3 • All LDAP operations can be monitored • Widely used by LDAP Applications 21 © Novell, Inc. All rights reserved.
  • 22. Internals • LDAP Event Reporting System – LDAP server produces event data • Can be exercised through the SDK “LDAP Libraries for C” • API – ldap_monitor_event is used for monitoring the events with the LDAP event Ids > EVT_LDAP_ADD > EVT_LDAP_EXTOP etc 22 © Novell, Inc. All rights reserved.
  • 23. LDAP Data • Information reported as part of the LDAP events – Client's connection information – Protocol data – LDAP message ID – LDAP result code – LDAP operation data like ldap search parameters – LDAP control ID – LDAP authentication data 23 © Novell, Inc. All rights reserved.
  • 24. Design eDirectory ™ register Sentinel App DS notify DS Event System Subscribe 2 Notify 5 4 Register 1 LDAP App LDAP Event Producer Notify 6 LDAP Server LDAP add 3 LDAP Client 24 © Novell, Inc. All rights reserved.
  • 25. Novell eDirectory – Event Filtering ® ™
  • 26. Business Need • Novell eDirectory internally generates its own events ® ™ • To help the applications by providing the option to filter out the unwanted events • To monitor specific changes happening in the server (eg. Password modifications) • To bring down the client work load of filtering event data on its own 26 © Novell, Inc. All rights reserved.
  • 27. Overview • Will be available as part of Novell eDirectory 8.8 SP6 ® ™ • Will be available on all applicable platforms • Internal interface to Novell eDirectory – Novell eDirectory Instrumentation • Configuration Interface – iManager • Reduces the load on monitoring applications and there by improves performance 27 © Novell, Inc. All rights reserved.
  • 28. Event Filtering • Limited Filtering provided • Filtering options – Attribute based filtering – Object Class based filtering • Applicable to selected events – Commonly used value and entry events 28 © Novell, Inc. All rights reserved.
  • 31. Developing to Novell eDirectory ® ™
  • 32. Why should a developer use Perl? • Well suited to small, discrete tasks – Provisioning in Domain Services for Windows • Provides a framework for user extensions – Privileged User Management • Customers can find AND fix their own problems 32 © Novell, Inc. All rights reserved.
  • 33. How do you get LDAP to work with Perl? • Use system call, LDAP commands and ldif files – Good for tasks that are constantly repeated and need little input – Example: populate missing uids • Use the CPAN LDAP module – Object Oriented Interface – Good for more complex data manipulation – Example: LDAP2CSV 33 © Novell, Inc. All rights reserved.
  • 34. $ldapsearch -h host $ldapmodify -h host -f ldif dn: cn=jim,o=novell dn: cn=jim,o=novell Perl changtype: modify add: uid uid: jim 34 © Novell, Inc. All rights reserved.
  • 35. Populate Missing Uids ldapsearch -b o=novell '(&(objectclass=user)(!(uid=*)))' • LDIF file created from this search # jeffsmith, novell dn: cn=jeffsmith,o=novell sn: smith objectClass: inetOrgPerson cn: jeffsmith # jsmith, people, novell dn: cn=jsmith,ou=people,o=novell sn: smith objectClass: inetOrgPerson cn: jsmith 35 © Novell, Inc. All rights reserved.
  • 36. Populate Missing Uids • Format of an LDIF file to add uids dn: cn=jeffsmith,o=novell changetype: modify add: uid uid: jeffsmith dn: cn=jsmith,ou=people,o=novell changetype: modify add: uid uid: jsmith 36 © Novell, Inc. All rights reserved.
  • 37. Populate Missing Uids • Get input file and open output file #!/usr/bin/perl if (@ARGV == 1) { $in = $ARGV[0]; } else { die "nUsage: uid.pl <input ldif>nn"; } open (IN, $in) or die "nCan't open $innn"; open (OUT, ">uid.ldif"); 37 © Novell, Inc. All rights reserved.
  • 38. Populate Missing Uids • Build the LDIF file while ($line = <IN>) { chomp $line; if ($line =~ m/dn: cn=(.*?),/) { print OUT "$linen"; print OUT "changetype: modifyn"; print OUT "add: uidn"; print OUT "uid: $1nn"; } } print "nCreated uid.ldif to add uidsnn"; 38 © Novell, Inc. All rights reserved.
  • 39. Make the program bullet proof • Put the ldapsearch and ldapmodify commands inside the Perl program • System() subroutine allows a Perl program to run any command that can be done in the shell • Variable substitution is still done 39 © Novell, Inc. All rights reserved.
  • 40. Perl $ldapsearch -h host $ldapmodify -h host -f ldif dn: cn=jim,o=novell changtype: modify dn: cn=jim,o=novell add: uid uid: jim 40 © Novell, Inc. All rights reserved.
  • 41. Populate Missing Uids • Don't prompt for input file any more #!/usr/bin/perl $in = "/tmp/input.ldif"; system ("ldapsearch -x -D cn=admin,o=novell -w novell -b o=novell -h host '(&(objectclass=user)(! (uid=*)))' > $in"); open (IN, $in) or die "nCan't open $innn"; open (OUT, ">uid.ldif"); 41 © Novell, Inc. All rights reserved.
  • 42. Populate Missing Uids • Add the uids from the program system ("ldapmodify -x -h host -D cn=admin,o=novell -w novell -f uid.ldif"); print "nUids have been addednn"; close IN; close OUT; 42 © Novell, Inc. All rights reserved.
  • 43. Make the program more secure • Don't use any more temporary files • Data manipulation can be done in memory • Perl modules allow programs to reuse code – Don't depend on utilities being installed – Modules are generally cross platform 43 © Novell, Inc. All rights reserved.
  • 44. Populate Missing Uids use Net::LDAP; $attrs = [ 'cn' ]; $searchString = "(&(objectclass=user)(!(uid=*)))"; $result = $ldap->search ( base => "o=novell", filter => "$searchString", scope => "sub", attrs => $attrs ); if ($result->code) { die ("nCan't search $base (LDAP Error: ", $result- >code, ")nn"); } 44 © Novell, Inc. All rights reserved.
  • 45. Populate Missing Uids @entries = $result->entries; foreach $entr ( @entries ) { $dn = $entr->dn; $cn = $entr->get_value(“cn”); print "nModifying: $dnn"; $result = $ldap->modify($dn, add => { uid => $cn} ); if ($result->code) { die ("Error - Can't modify (LDAP Error: ", $result- >code, ")nn"); } } 45 © Novell, Inc. All rights reserved.
  • 46.
  • 47. Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.