Modernizing System Administration

If you haven’t heard by now, Luke Kanies Wants to Modernize System Administration. Yes, the puppet master speaks!

We’ve been using Puppet at UT Arlington for the past several years. I had initially looked into using CFEngine for configuration enforcement and change management, but a good friend of mine turned us on to Puppet. Puppet has really transformed the way my administrators think about setting up and maintaining systems. There’s a lot less direct SSH’ing into a system, messing with a configuration file (and hoping that you’ve edited the same file the same way on every system), and adding/starting/restarting the service that uses that configuration file. There’s also a lot more control in how we do things — and just like that, viola, we have a documented change control process!

Obtaining user information from LDAP using Perl

This is much simpler that the PHP example listed a few weeks ago. It demonstrates some of the advantages of Perl (namely, just about anything you want to do is already built as a module by someone who’s been where you are). Please refer to for Net::LDAP and Net::LDAPS module documentation and usage examples.

In this example, we’ll bind to the LDAP server using an application account (in the cn=applications,dc=uta,dc=edu branch of our directory server) and search the account branch (cn=accounts,dc=uta,dc=edu) for all users (uid=*). We’ll fetch the NetIDs (uid), e-mail addresses (mail), and the common names (cn) for each account.

#!/usr/bin/perl -w

use strict;
use Net::LDAPS;
use Data::Dumper;

my $bind_dn       = 'cn=mavapp,cn=applications,dc=uta,dc=edu';
my $bind_password = 'mavAppPass';
my $ldaps         = Net::LDAPS->new('');
my $mesg          = $ldaps->bind( $bind_dn, password => $bind_password );

my $result  = $ldaps->search(base => "cn=accounts,dc=uta,dc=edu",
                                            filter => "(uid=*)",
                                            attrs => ['uid','mail','cn'] );

my $entries = $result->as_struct();

# How many entries did we find?
print scalar $entries . " entries returned\n";

# Print them out
foreach my $dn ( keys %{$entries} ) {
   foreach my $attr ( keys %{$entries->{$dn}} ) {
      foreach my $val ( @{$entries->{$dn}->{$attr}} ) {
         print "$attr - $val\n";
   print "\n";

This last section could be simplified using the Data::Dumper module as:

print Dumper( $entries );

Obtaining user information from LDAP using PHP

This ought to be in a FAQ somewhere, I certainly get asked it enough: “How can I retrieve attributes from LDAP of users who log into my web application?” Well, I’ll break it down with an example that retrieves information about a user that submits their uid & password to a form. Note that this code could be simplified to handle authentication only by determining if the ldap_bind() succeeds or not — it’s usually enough to simply be able to bind to verify someones identity.

I’ll make my comments after each section of code. Continue reading →

Sysadmin Appreciation Day

Hey, system adminstrators: Tom Limoncelli “appreciate[s] you!” And I do too!

The Last Friday Of July is System Administrator Appreciation Day

Let’s face it, System Administrators get no respect 364 days a year. This is the day that all fellow System Administrators across the globe, will be showered with expensive sports cars and large piles of cash in appreciation of their diligent work. But seriously, we are asking for a nice token gift and some public acknowledgement. It’s the least you could do.

Consider all the daunting tasks and long hours (weekends too.) Let’s be honest, sometimes we don’t know our System Administrators as well as they know us. Remember this is one day to recognize your System Administrator for their workplace contributions and to promote professional excellence. Thank them for all the things they do for you and your business.

Nominate Your IT Hero for SysAdmin of the Year 2007.

Have your (Perl) Pie and eat it too!

Undoubtedly one of the most frequent tasks a system administrator, or developer, faces involves making inline changes to a file or set of files. This can range from the very complex edit to the very trivial.

Let’s say you have a series of PHP pages in your web site that access your MySQL server. What happens if you need to change the name of your MySQL server? Would you go into each file individually, search for the line (or lines) of code to edit and save the file? This can be tedious, error-prone and time consuming.

The ‘sed’ (string editor) command is often used to accomplish this, where sed is passed a file name and a regular expression for the string substitutions. Output from sed is sent to standard output (usually the terminal) which means that you must redirect it to another file and then copy the new file over the original. This effectively changes the original but requires a lot of excess steps. There’s got to be a better way, right? Yes, ‘perl’ can do it in one shot — Continue reading →