Upgrade to Pro — share decks privately, control downloads, hide ads and more …

App::LDAP - 管理者と百台のコンピュータ #YAPC::Asia 2012

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.
Avatar for shelling shelling
September 30, 2012
Technology
590
2

App::LDAP - 管理者と百台のコンピュータ #YAPC::Asia 2012

Introduction to App::LDAP, YAPC::Asia 2012

Avatar for shelling

shelling

September 30, 2012

More Decks by shelling

See All by shelling
Distributed Storage for Web Applications
Avatar for shelling shelling
3
790

Other Decks in Technology

See All in Technology
ハーネスエンジニアリングをやりすぎた話 ~そのハーネスは解体された~
Avatar for Gota gotalab555
4
1.7k
AIでAIをテストする - 音声AIエージェントの品質保証戦略
Avatar for Morix morix1500
1
120
明日からドヤれる!超マニアックなAWSセキュリティTips10連発 / 10 Ultra-Niche AWS Security Tips
Avatar for Yuji Oshima yuj1osm
0
590
ぼくがかんがえたさいきょうのあうとぷっと
Avatar for Yuuki Yamashita yama3133
0
190
Claude Code を安全に使おう勉強会 / Claude Code Security Basics
Avatar for MasahiroKawahara masahirokawahara
11
32k
ネットワーク運用を楽にするAWS DevOps Agent活用法!! / 20260421 Masaki Okuda
Avatar for SHIFT EVOLVE shift_evolve
PRO
2
210
Standards et agents IA : un tour d’horizon de MCP, A2A, ADK et plus encore
Avatar for Guillaume Laforge glaforge
0
160
[最強DB講義]推薦システム | 基礎編
Avatar for RecSysLab recsyslab
PRO
1
170
Rapid Start: Faster Internet Connections, with Ruby's Help
Avatar for kazuho kazuho
2
400
Introduction to Bill One Development Engineer
Avatar for Sansan, Inc. sansan33
PRO
0
410
コミュニティ・勉強会を作るのは目的じゃない
Avatar for uutan1108 ohmori_yusuke
0
190
QGISプラグイン CMChangeDetector
Avatar for Forestgeo.info naokimuroki
1
400

Featured

See All Featured
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
34
2.7k
AI Search:
Where Are We & What Can We Do About It?
Avatar for Aleyda Solis aleyda
0
7.3k
A Soul's Torment
Avatar for Nat Ma seathinner
6
2.7k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
72
12k
How GitHub (no longer) Works
Avatar for Zach Holman holman
316
150k
Claude Code どこまでも/ Claude Code Everywhere
Avatar for nwiizo nwiizo
64
55k
Winning Ecommerce Organic Search in an AI Era - #searchnstuff2025
Avatar for Aleyda Solis aleyda
1
2k
Sam Torres - BigQuery for SEOs
Avatar for Tech SEO Connect techseoconnect
PRO
0
250
Keith and Marios Guide to Fast Websites
Avatar for Keith Pitt keithpitt
413
23k
The Cult of Friendly URLs
Avatar for Andy Hume andyhume
79
6.8k
How to build an LLM SEO readiness audit: a practical framework
Avatar for Nick Samuel nmsamuel
1
710
The B2B funnel & how to create a winning content strategy
Avatar for Katarina Dahlin katarinadahlin
PRO
1
330

Transcript

  1. App::LDAP 管理者と百台のコンピュータ shelling Sunday, September 30, 12

  2. #!/me use qw(perl ruby javascript); use feature qw(css elisp); twitter

    “shellingford”; github “shelling”; cpan “shelling”; Sunday, September 30, 12

  3. Review Sunday, September 30, 12

  4. /etc/passwd /etc/shadow LDAP Server Sunday, September 30, 12

  5. network file system samba account netgroup network printers ... Sunday,

    September 30, 12

  6. new . Sunday, September 30, 12

  7. ldap-utils LDAP Server Sunday, September 30, 12

  8. LDIF#add ldapmodify -a -f dn: uid=jason8936,ou=people,dc=example,dc=com uid: jason8936 cn: jason8936

    sn: jason8936 mail: [email protected] objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword: {crypt}$6$Hk7MFO3..... shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 1020 gidNumber: 1020 homeDirectory: /home/jason8936 Sunday, September 30, 12

  9. LDIF#modify ldapmodify -f dn: uid=jason8936,ou=people,dc=example,dc=com changetype: modify delete: mail mail:

    [email protected] - add: mail mail: [email protected] mail: [email protected] Sunday, September 30, 12

  10. LDIF#delete ldapmodify -f dn: uid=jason8936,ou=people,dc=example,dc=com changetype: delete Sunday, September 30,

    12

  11. Drawbacks • Time-Consumed • Not Quite Convenient • Not Abstract

    Enough Sunday, September 30, 12

  12. Demo https://vimeo.com/50077777 Sunday, September 30, 12

  13. Demo https://vimeo.com/50077777 Sunday, September 30, 12

  14. under the hood Sunday, September 30, 12

  15. MVC $ ldap add user foo Controller Model LDAP Server

    (CRUD)able Sunday, September 30, 12

  16. User Group Host Sudoer Controller & Dispatcher $ ldap add

    user foo Command Add Del Passwd Export User Group Host Sudoer App::LDAP:: use qw( Namespace::Dispatch MooseX::Getopt ); sub run { ... } foo Sunday, September 30, 12

  17. Model & Schema top posixAccount person organizationalPerson inetOrgPerson shadowAccount posixGroup

    ipHost LDIF::User LDIF::Group RFC2307 RFC2798 Sunday, September 30, 12

  18. just class package person; use Moose; extends ‘top’; has ...

    => ...; package organizationalPerson; use Moose; extends ‘person’; has ... => ...; Sunday, September 30, 12

  19. required => ? objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'an

    account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ description ) ) 1 0 RFC2307 has cn => ( required => ); Sunday, September 30, 12

  20. isa => ? attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'An

    integer identifying a user' EQUALITY integerMatch SYNTAX ‘INTEGER’ SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX ‘IA5String’ ) ArrayRef[Str] Num Not SINGLE-VALUE RFC2307 Sunday, September 30, 12

  21. Ext#1 package App::LDAP::ObjectClass::Foo; use Moose; has ‘a_attribute’ => ( is

    => “rw”, isa => “...”, required => 1 or 0, ); ... Sunday, September 30, 12

  22. Ext#2 package App::LDAP::LDIF::Foo; use Moose; extends “App::LDAP::ObjectClass::Foo”; has ‘+a_attribute’ =>

    ( default => “...”, ); ... Sunday, September 30, 12

  23. Ext#3 package App::LDAP::Command::Foo; use Moose; with “App::LDAP::Role::Command”; sub run {

    my $self = @_; App::LDAP::LDIF::Foo->... } ... Sunday, September 30, 12

  24. NextStep#1 User->search( cn => “shelling ford”, mail => “[email protected]” );

    Sunday, September 30, 12

  25. NextStep#2 $user->modify( cn => “shelling ford”, mail => “[email protected]” );

    Sunday, September 30, 12

  26. NextStep#3 config(“/nss/passwd”); config(“/nss/group”); Sunday, September 30, 12

  27. UseCase#1 LDAP NFS orker /home/ Worker Worker Worker Work look

    up sudoers mount Sunday, September 30, 12

  28. UseCase#2 galera1 galera2 galera3 LDAP galera3’ look up hosts 10.1.193.205

    10.1.132.173 Sunday, September 30, 12

  29. Conclusions Not a replacement to ldap-utils Saving your time on

    routines help you to create correct LDIFs Sunday, September 30, 12

  30. Thank You http://github.com/shelling/app-ldap pull request & issues welcome Sunday, September

    30, 12