Comments for Ryan Lane's Blog

Comment on A process for puppetization of a service using Nova by Newsletter – December 2011 | Puppet Labs

Newsletter – December 2011 | Puppet Labs — Thu, 22 Dec 2011 19:36:12 +0000

[...] OpenStack: Puppetization of a Service using Nova Ryan Lane shows you how. [...]

Comment on Sharing home directories to instances within a project using puppet, LDAP, autofs, and Nova by Wikimedia blog » Wikimedia engineering November 2011 report

Wikimedia blog » Wikimedia engineering November 2011 report — Fri, 02 Dec 2011 13:23:25 +0000

[...] was also added for instances: project members now have sudo permissions, excluding global projects. Shared home directories are also available in a per project manner. 15 projects and 36 instances have been created and 46 [...]

Comment on Sharing home directories to instances within a project using puppet, LDAP, autofs, and Nova by Community Weekly Review (Oct 28-Nov 4) » The OpenStack Blog

Community Weekly Review (Oct 28-Nov 4) » The OpenStack Blog — Fri, 04 Nov 2011 21:22:55 +0000

[...] Sharing home directories to instances within a project using puppet, LDAP, autofs, and Nova http://ryandlane.com/blog/2011/11/01/sharing-home-directories-to-instances-within-a-project-using-pu... [...]

Comment on Configuring a local environment for dealing with git by Ryan Lane

Ryan Lane — Thu, 03 Nov 2011 17:57:31 +0000

Glad I could help ;)

Comment on Configuring a local environment for dealing with git by Roan Kattouw

Roan Kattouw — Thu, 03 Nov 2011 15:31:14 +0000

This is very useful, thanks!

I had already set up working directories as screen window titles as an extension of one of your previous blog posts ( http://ryandlane.com/blog/2011/03/23/screen-with-ssh-on-a-shell-server/ ; I’ve also gotten vi/vim/view to display the file being edited as the screen window title) but could never quite get that to work reliably. PROMPT_COMMAND (which I didn’t know about before) definitely helped there.

Comment on Building a test and development infrastructure using OpenStack by Sharing home directories to instances within a project using puppet, LDAP, autofs, and Nova | Ryan Lane's Blog

Tue, 01 Nov 2011 17:49:16 +0000

[...] mentioned in an older post, I’m building a test and development environment using OpenStack. The environment is intended [...]

Comment on Screen with SSH on a Shell Server by IRC caused me to use Linux! Quick how to setup a shell server. | Linux Admins

IRC caused me to use Linux! Quick how to setup a shell server. | Linux Admins — Tue, 18 Oct 2011 00:08:32 +0000

[...] easy how to on how to setup a shell server quickly. I hope you learned something or found it useful!Years ago back in the day as they say I was constantly on IRC! I was told try Linux to run several s…might have been Slackware 6! That is what sticks out in the the mind… I setup a shell server today [...]

Comment on Using the LDAP Authentication Plugin for MediaWiki – The Basics (Part 1) by Jeff B

Jeff B — Fri, 14 Oct 2011 20:46:41 +0000

I just wanted to say thank you for everyone’s comments. You guys helped me out so much.
I just wanted a small wiki my small team of IT guys could us in our intranet.

My Setup:
I was running Mediawiki on a Windows 2008 computer using Wamp, trying to connect to a 2008 AD. I could get it to connect, but only using clear passwords. I was able to later do a work around by putting in the line
TLS_REQCERT never
in my ldap.conf file in c:\openldap\sysconf.

But I needed better, the likelihood that we would get a MitM, or a DNS hijack is slim, but I still couldn’t sleep well unless I got the certificates working.

My fix was not to use openssl to pull the certificate off the server using -

“openssl s_client -connect adserver1.testad.example.com:636″

Instead what I had to do was install Active Directory Certificate Services on my DC. Then follow this website to make a self signed cert – very easy to follow.
http://www.christowles.com/2010/11/enable-ldap-over-ssl-ldaps-on-windows.html

Once I had a certificate I exported the certificate as a .cer file to my wamp server inside my c:\openldap\sysconf folder and edited the ldap.conf file to TLS_CACERT c:\openldap\sysconf\dc1.cer

SSL now works! Seriously this all took me several days just gathering all the right info and troubleshooting. That last little bit saved me. active directory doesn’t support ssl out of the box. No wonder it wasn’t working.

Comment on Thoughts on OpenStack Foundation by Join the OpenStack Foundation mailing list | Open Systems Journal

Join the OpenStack Foundation mailing list | Open Systems Journal — Thu, 13 Oct 2011 23:52:05 +0000

[...] goals for the foundation and how to keep the discussion going after the conference. Ryan Lane had a nice post on the session, and we’ll also be posting the video of the session to vimeo soon. Scott [...]

Comment on Using the LDAP Authentication Plugin for MediaWiki – The Basics (Part 3) by Renan P.

Renan P. — Thu, 13 Oct 2011 20:09:14 +0000

Hello! Can someone help me!

This is my LocalSettings
# LDAP AUTENTICATION – Chamada do Aplicativo e Plugin
require_once (“$IP/extensions/LdapAuthentication/LdapAuthentication.php”);
$wgAuth = new LdapAuthenticationPlugin();

#Basic Auth.
$wgLDAPDomainNames = array( “Bellcomsys” );
$wgLDAPServerNames = array( “Bellcomsys” => “server.bellcomsys.net” );
$wgLDAPSearchStrings = array( “Bellcomsys” => “USER-NAME@Bellcomsys” );
$wgLDAPEncryptionType = array( “Bellcomsys” => “clear” );

#GROUPS
$wgLDAPGroupUseFullDN = array( “Bellcomsys”=>true );
$wgLDAPBaseDNs = array( ‘Bellcomsys’ => ‘dc=bellcomsys,dc=net’ );
$wgLDAPSearchAttributes = array( ‘Bellcomsys’ => ‘sAMAccountName’ );
$wgLDAPGroupsUseMemberOf = array( “Bellcomsys” => true );
$wgLDAPGroupObjectclass = array( “Bellcomsys”=>”group” );
$wgLDAPGroupAttribute = array( “Bellcomsys”=>”member” );
$wgLDAPGroupNameAttribute = array( “Bellcomsys”=>”cn” );
$wgLDAPRequiredGroups = array( “Acesso,Edit”=> array( “ou=wiki,ou=bellcomcorp,dc=bellcomsys,dc=net” ) );
#$wgLDAPRequiredGroups = array( “Edit”=> array( “ou=wiki,ou=bellcomcorp,dc=bellcomsys,dc=net” ) );

#GSync
$wgLDAPUseLDAPGroups = array( “Bellcomsys”=>true );
$wgLDAPGroupsPrevail = array( “Bellcomsys”=>true );

#LOG
$wgLDAPDebug = 99; # 3
$wgDebugLogGroups["ldap"] = “./debug.txt” ;

#Permission
# The following permissions were set based on your choice in the installer
$wgGroupPermissions['*']['createaccount'] = false;
$wgWhitelistRead = array( “Main Page”, “Special:Userlogin”, “-”, “MediaWiki:Monobook.css” );
$wgGroupPermissions['Acesso']['read'] = true;
$wgGroupPermissions['Edit']['edit'] = false;
$wgGroupPermissions['*']['read'] = false;

The Autentication is working fine, the Goups are Sync with the Data Base but the permissions dont work, as you can see, the group “Edit” = False but the members of this group still with the permission of edit files.

What am i doing wrong?

Thanks for the Help!