App::LDAP - 管理者と百台のコンピュータ #YAPC::Asia 2012

by https://speakerdeck.com/shelling

Slide 1

Slide 1 text

App::LDAP 管理者と百台のコンピュータ shelling Sunday, September 30, 12

Slide 2

Slide 2 text

#!/me use qw(perl ruby javascript); use feature qw(css elisp); twitter “shellingford”; github “shelling”; cpan “shelling”; Sunday, September 30, 12

Slide 3

Slide 3 text

Review Sunday, September 30, 12

Slide 4

Slide 4 text

/etc/passwd /etc/shadow LDAP Server Sunday, September 30, 12

Slide 5

Slide 5 text

network ﬁle system samba account netgroup network printers ... Sunday, September 30, 12

Slide 6

Slide 6 text

new . Sunday, September 30, 12

Slide 7

Slide 7 text

ldap-utils LDAP Server Sunday, September 30, 12

Slide 8

Slide 8 text

LDIF#add ldapmodify -a -f dn: uid=jason8936,ou=people,dc=example,dc=com uid: jason8936 cn: jason8936 sn: jason8936 mail: [email protected] objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword: {crypt}$6$Hk7MFO3..... shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 1020 gidNumber: 1020 homeDirectory: /home/jason8936 Sunday, September 30, 12

Slide 9

Slide 9 text

LDIF#modify ldapmodify -f dn: uid=jason8936,ou=people,dc=example,dc=com changetype: modify delete: mail mail: [email protected] - add: mail mail: [email protected] mail: [email protected] Sunday, September 30, 12

Slide 10

Slide 10 text

LDIF#delete ldapmodify -f dn: uid=jason8936,ou=people,dc=example,dc=com changetype: delete Sunday, September 30, 12

Slide 11

Slide 11 text

Drawbacks • Time-Consumed • Not Quite Convenient • Not Abstract Enough Sunday, September 30, 12

Slide 12

Slide 12 text

Demo https://vimeo.com/50077777 Sunday, September 30, 12

Slide 13

Slide 13 text

Demo https://vimeo.com/50077777 Sunday, September 30, 12

Slide 14

Slide 14 text

under the hood Sunday, September 30, 12

Slide 15

Slide 15 text

MVC $ ldap add user foo Controller Model LDAP Server (CRUD)able Sunday, September 30, 12

Slide 16

Slide 16 text

User Group Host Sudoer Controller & Dispatcher $ ldap add user foo Command Add Del Passwd Export User Group Host Sudoer App::LDAP:: use qw( Namespace::Dispatch MooseX::Getopt ); sub run { ... } foo Sunday, September 30, 12

Slide 17

Slide 17 text

Model & Schema top posixAccount person organizationalPerson inetOrgPerson shadowAccount posixGroup ipHost LDIF::User LDIF::Group RFC2307 RFC2798 Sunday, September 30, 12

Slide 18

Slide 18 text

just class package person; use Moose; extends ‘top’; has ... => ...; package organizationalPerson; use Moose; extends ‘person’; has ... => ...; Sunday, September 30, 12

Slide 19

Slide 19 text

required => ? objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ description ) ) 1 0 RFC2307 has cn => ( required => ); Sunday, September 30, 12

Slide 20

Slide 20 text

isa => ? attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'An integer identifying a user' EQUALITY integerMatch SYNTAX ‘INTEGER’ SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX ‘IA5String’ ) ArrayRef[Str] Num Not SINGLE-VALUE RFC2307 Sunday, September 30, 12

Slide 21

Slide 21 text

Ext#1 package App::LDAP::ObjectClass::Foo; use Moose; has ‘a_attribute’ => ( is => “rw”, isa => “...”, required => 1 or 0, ); ... Sunday, September 30, 12

Slide 22

Slide 22 text

Ext#2 package App::LDAP::LDIF::Foo; use Moose; extends “App::LDAP::ObjectClass::Foo”; has ‘+a_attribute’ => ( default => “...”, ); ... Sunday, September 30, 12

Slide 23

Slide 23 text

Ext#3 package App::LDAP::Command::Foo; use Moose; with “App::LDAP::Role::Command”; sub run { my $self = @_; App::LDAP::LDIF::Foo->... } ... Sunday, September 30, 12

Slide 24

Slide 24 text

NextStep#1 User->search( cn => “shelling ford”, mail => “[email protected]” ); Sunday, September 30, 12

Slide 25

Slide 25 text

NextStep#2 $user->modify( cn => “shelling ford”, mail => “[email protected]” ); Sunday, September 30, 12

Slide 26

Slide 26 text

NextStep#3 config(“/nss/passwd”); config(“/nss/group”); Sunday, September 30, 12

Slide 27

Slide 27 text

UseCase#1 LDAP NFS orker /home/ Worker Worker Worker Work look up sudoers mount Sunday, September 30, 12

Slide 28

Slide 28 text

UseCase#2 galera1 galera2 galera3 LDAP galera3’ look up hosts 10.1.193.205 10.1.132.173 Sunday, September 30, 12

Slide 29

Slide 29 text

Conclusions Not a replacement to ldap-utils Saving your time on routines help you to create correct LDIFs Sunday, September 30, 12

Slide 30

Slide 30 text

Thank You http://github.com/shelling/app-ldap pull request & issues welcome Sunday, September 30, 12