May 31, 2014

Newbie’s OpenLDAP tips

  1. Newbie’s OpenLDAP tips

    1. Following https://help.ubuntu.com/12.10/serverguide/openldap-server.html to get OpenLDAP server and tools installed and configured on your server.
    2. The binary is called slapd. The configuration file is not a file anymore, but a directory structure in LDAP file format. The files used in LDAP is using the LDIF format, which is plaintext. The configuration is stored at /etc/ldap/sldap.d/, in file “cn=config.ldif” and inside directory “cn=config”.
    3. The ldap server access credential is stored in  file “cn=config/olcDatabase={1}hdb.ldif”
      1. olcRootDN:
      2. olcRootPW:
    4. User LDAP data is stored in /var/lib/ldap using a binary DB format (Berkely DB or some other DB format). User LDAP data can only be viewed by using LDAP tools such as ldapsearch, and can be edited by ldapadd, ldapdelete, ldapmodify,etc
    5. Command to list all entries
      1. ldapsearch -x -LLL -b dc=advistatech,dc=com
    6. To authenticate to ldapserver when running command like ldapsearch, you can use “-x”, which is amount to local authentication. Or you can “bind” to the server using the credential listed above in “olcRootDN” and “olcRootPW” as follows. Only binding will print out user password information stored in LDAP DB.  See more at http://blogs.splunk.com/2009/07/30/ldapsearch-is-your-friend/
      1. -D "cn=admin,dc=advistatech,dc=com"
        -W will prompt you for your password
    7. PHP can act as a LDAP client. It has dedicated function to connect, bind, and query LDAP Servers.
    8. In PosixAccount object (like Unix user account), the password field name is “userPassword”. It is usually hashed with LDAP special seeded SHA1 hash function. If you query it when bound to the server, you will see something like {SSHA}….
    9. ldapcompare does not automatically hash clear password when comparing. So you would need to hash the password first (probably using ldappasswd) and then do the compare (to be validated)
    10. The usually way to testing an user’s account credential is actually try to bind (login) to the ldap server using that credential.
    11.  A simple PHP script to test a user credential:
    <?php
    $ds=ldap_connect("localhost");
    if (!$ds) {
        die ("Unable to connect to LDAP server.");
    }

    ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_set_option($ds, LDAP_OPT_REFERRALS, 0);

    $dn = "uid=tony,ou=Users,dc=advistatech,dc=com";
    $pass= "mypass";

    // bind
    if (ldap_bind($ds,$dn,$pass))
    {
        echo ("bound successfully");
    } else {
        echo "Unable to bind to LDAP server.";
    }

    ldap_close($ds);

May 30, 2014

ldapscript not working fixed

Make sure your /etc/ldapscripts/ldapscripts.passwd does not contain a trailing newline. (This is the default behaviour of many editors, including vim)

samba server symbolic links

To enable symbolic links, edit smb.conf with the following changes:

1. Add the following lines in the [global] section
[global]
    follow symlinks = yes
    wide links = yes
    unix extensions = no

2. Add the following lines to your shared directory section
[home]
    follow symlinks = yes
    wide links = yes

3. Restart smbd. On Fedora/Redhat, use  
         sudo systemctl restart smb.service
   on Debian/Ubuntu, use
        sudo /etc/init.d/smbd restart

May 2, 2014

The Secret to 10 Million Concurrent Connections -The Kernel is the Problem, Not the Solution

http://highscalability.com/blog/2013/5/13/the-secret-to-10-million-concurrent-connections-the-kernel-i.html

Netmap

Intel DPDK

PF_RING