Ldap

As I look to reduce the number of touch points that are required to make a change to my personal system, I’m always thinking about how to reduce complexity and leverage existing tooling. In this way, we can continue to leverage an existing foundation to build out further abstractions. One such lever I have worked on over the last year was using my gRPC protobuf definitions to generate LDAP schema files that could be loaded into the server to match the objects that I’d be working with in Go. ...

Auth8 has been loosing some custom schema for some reason I haven’t been able to identify. I’m wondering if some upgrade caused some issue when I didn’t handle the upgrade properly, so perhaps loading the database from backup is the right move. First, create a new jail for auth9 on olaf. profile::jail::host::jails: auth9: ip4_addr: "%{hiera('profile::jail::host::default_interface')}|172.16.20.111/27" ip6_addr: "%{hiera('profile::jail::host::default_interface')}|2001:111:1111:20::515/120" properties: host_domainname: "l.znet" Spin up the jail and sign the cert. ...

Its been a year since my last post, and I’m thinking its time to make another. Lately I’ve been trying to work through some network management solutions to try and define the problem more clearly. This is an interesting problem primary because I’m unable to rely on my previous tool sets to get this done. Namely, Puppet running on the host. There are a couple interesting Python tools for this purpose that I’d given a spin, but the more I was working in them, the more I was wishing I was writing in Go. Most of my actively maintained code these days is Go, and working in two languages for personal infrastructure tooling means I can’t leverage the libraries of one tool in another. ...

User management can be a bit of a sore subject for some admins, but I’ve found it can really pay off when done correctly, though its not always clear what that means. I’ve been on both sides of that line in the past, sometimes when the line moves, and sometimes not. I’m a believer that managing the users and groups in your organization proficiently and with low overhead is important. It should be done well, if for no other reason, than to be able to state authoritatively who should have access to what and why, ideally requiring as little administrative time as possible once the system is in place. ...

Over the last year, I’ve been slowly moving some of my private Puppet code to use LDAP as a data source. Through this process, a bit of strategy, some tool and some schema has emerged I’ll share here. It’s worth noting that Puppet has had an LDAP Node Classifier for quite some time, probably longer than I’ve been using Puppet. Though looking over the documentation, you wouldn’t know it, but the most useful bit of this whole work is that fact that Puppet supports the configuration variables necessary to make a connection to an LDAP server, and those variables are available for reference. ...