Upgrade to Pro — share decks privately, control downloads, hide ads and more …

App::LDAP - 管理者と百台のコンピュータ #YAPC::Asia 2012

Avatar for shelling shelling
September 30, 2012
Technology
2
560

App::LDAP - 管理者と百台のコンピュータ #YAPC::Asia 2012

Introduction to App::LDAP, YAPC::Asia 2012

Avatar for shelling

shelling

September 30, 2012
Tweet

More Decks by shelling

See All by shelling
Distributed Storage for Web Applications
Avatar for shelling shelling
3
740

Other Decks in Technology

See All in Technology
Snowflake のアーキテクチャは本当に筋がよかったのか / Data Engineering Study #30
Avatar for Yoshi Matsuzaki indigo13love
0
300
私とAWSとの関わりの歩み~意志あるところに道は開けるかも?~
Avatar for nagisa_53 nagisa53
1
140
増え続ける脆弱性に立ち向かう: 事前対策と優先度づけによる 持続可能な脆弱性管理 / Confronting the Rise of Vulnerabilities: Sustainable Management Through Proactive Measures and Prioritization
Avatar for NTT docomo Business nttcom
1
230
AWS表彰プログラムとキャリアについて
Avatar for Naoki naoki_0531
1
150
興味の胞子を育て 業務と技術に広がる”きのこ力”
Avatar for Fumiya Sakai fumiyasac0921
0
360
MCPと認可まわりの話 / mcp_and_authorization
Avatar for convto convto
2
330
【CEDEC2025】ブランド力アップのためのコンテンツマーケティング~ゲーム会社における情報資産の活かし方~
Avatar for Cygames cygames
PRO
0
140
Wasmで社内ツールを作って配布しよう
Avatar for asuka askua
0
160
オブザーバビリティプラットフォーム開発におけるオブザーバビリティとの向き合い / Hatena Engineer Seminar #34 オブザーバビリティの実現と運用編
Avatar for Arthur arthur1
0
140
AI コードレビューが面倒すぎるのでテスト駆動開発で解決しようとして読んだら、根本的に俺の勘違いだった
Avatar for Mutz mutsumix
0
110
マルチモーダル基盤モデルに基づく動画と音の解析技術
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
2
290
スプリントレビューを効果的にするために
Avatar for Miho Nagase miholovesq
9
1.7k

Featured

See All Featured
[RailsConf 2023] Rails as a piece of cake
Avatar for Vladimir Dementyev palkan
56
5.7k
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
173
14k
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
184
22k
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
5.7k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
790
250k
GitHub's CSS Performance
Avatar for Jon Rohan jonrohan
1031
460k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
Avatar for Michelle Schulp Hunt marktimemedia
31
2.4k
Designing Experiences People Love
Avatar for Jonathan Moore moore
142
24k
Understanding Cognitive Biases in Performance Measurement
Avatar for Philip Tellis bluesmoon
29
1.8k
Writing Fast Ruby
Avatar for Erik Berlin sferik
628
62k
Stop Working from a Prison Cell
Avatar for Chris Michel hatefulcrawdad
271
21k
Bash Introduction
Avatar for André Augusto Costa Santos 62gerente
613
210k

Transcript

  1. App::LDAP 管理者と百台のコンピュータ shelling Sunday, September 30, 12

  2. #!/me use qw(perl ruby javascript); use feature qw(css elisp); twitter

    “shellingford”; github “shelling”; cpan “shelling”; Sunday, September 30, 12

  3. Review Sunday, September 30, 12

  4. /etc/passwd /etc/shadow LDAP Server Sunday, September 30, 12

  5. network file system samba account netgroup network printers ... Sunday,

    September 30, 12

  6. new . Sunday, September 30, 12

  7. ldap-utils LDAP Server Sunday, September 30, 12

  8. LDIF#add ldapmodify -a -f dn: uid=jason8936,ou=people,dc=example,dc=com uid: jason8936 cn: jason8936

    sn: jason8936 mail: [email protected] objectClass: inetOrgPerson objectClass: posixAccount objectClass: top objectClass: shadowAccount userPassword: {crypt}$6$Hk7MFO3..... shadowMax: 99999 shadowWarning: 7 loginShell: /bin/bash uidNumber: 1020 gidNumber: 1020 homeDirectory: /home/jason8936 Sunday, September 30, 12

  9. LDIF#modify ldapmodify -f dn: uid=jason8936,ou=people,dc=example,dc=com changetype: modify delete: mail mail:

    [email protected] - add: mail mail: [email protected] mail: [email protected] Sunday, September 30, 12

  10. LDIF#delete ldapmodify -f dn: uid=jason8936,ou=people,dc=example,dc=com changetype: delete Sunday, September 30,

    12

  11. Drawbacks • Time-Consumed • Not Quite Convenient • Not Abstract

    Enough Sunday, September 30, 12

  12. Demo https://vimeo.com/50077777 Sunday, September 30, 12

  13. Demo https://vimeo.com/50077777 Sunday, September 30, 12

  14. under the hood Sunday, September 30, 12

  15. MVC $ ldap add user foo Controller Model LDAP Server

    (CRUD)able Sunday, September 30, 12

  16. User Group Host Sudoer Controller & Dispatcher $ ldap add

    user foo Command Add Del Passwd Export User Group Host Sudoer App::LDAP:: use qw( Namespace::Dispatch MooseX::Getopt ); sub run { ... } foo Sunday, September 30, 12

  17. Model & Schema top posixAccount person organizationalPerson inetOrgPerson shadowAccount posixGroup

    ipHost LDIF::User LDIF::Group RFC2307 RFC2798 Sunday, September 30, 12

  18. just class package person; use Moose; extends ‘top’; has ...

    => ...; package organizationalPerson; use Moose; extends ‘person’; has ... => ...; Sunday, September 30, 12

  19. required => ? objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'an

    account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ description ) ) 1 0 RFC2307 has cn => ( required => ); Sunday, September 30, 12

  20. isa => ? attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'An

    integer identifying a user' EQUALITY integerMatch SYNTAX ‘INTEGER’ SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX ‘IA5String’ ) ArrayRef[Str] Num Not SINGLE-VALUE RFC2307 Sunday, September 30, 12

  21. Ext#1 package App::LDAP::ObjectClass::Foo; use Moose; has ‘a_attribute’ => ( is

    => “rw”, isa => “...”, required => 1 or 0, ); ... Sunday, September 30, 12

  22. Ext#2 package App::LDAP::LDIF::Foo; use Moose; extends “App::LDAP::ObjectClass::Foo”; has ‘+a_attribute’ =>

    ( default => “...”, ); ... Sunday, September 30, 12

  23. Ext#3 package App::LDAP::Command::Foo; use Moose; with “App::LDAP::Role::Command”; sub run {

    my $self = @_; App::LDAP::LDIF::Foo->... } ... Sunday, September 30, 12

  24. NextStep#1 User->search( cn => “shelling ford”, mail => “[email protected]” );

    Sunday, September 30, 12

  25. NextStep#2 $user->modify( cn => “shelling ford”, mail => “[email protected]” );

    Sunday, September 30, 12

  26. NextStep#3 config(“/nss/passwd”); config(“/nss/group”); Sunday, September 30, 12

  27. UseCase#1 LDAP NFS orker /home/ Worker Worker Worker Work look

    up sudoers mount Sunday, September 30, 12

  28. UseCase#2 galera1 galera2 galera3 LDAP galera3’ look up hosts 10.1.193.205

    10.1.132.173 Sunday, September 30, 12

  29. Conclusions Not a replacement to ldap-utils Saving your time on

    routines help you to create correct LDIFs Sunday, September 30, 12

  30. Thank You http://github.com/shelling/app-ldap pull request & issues welcome Sunday, September

    30, 12