Leveraging OpenSource and Freely Available Technology

Recently I gave a talk at the Annual TABS conference about various OpenSource technologies and how they can relate to operating more efficiently and effectively with special attention to Unix/Linux/OSX infrastructures. I think it went over very well, and I was truly surprised how little of this stuff was used by schools. Especially when everyone is focused on keeping costs down. Many schools spend their money on services and contracts for software instead on great IT people that can be innovative for education, instead they are always putting out fires. So here are the slides : TABS Slides

Integrating Open Directory and Google Apps (Natively Syncing Open Directory Passwords to Google Apps)

I have been reviewing for some time the different ways which are available to push password change updates from a Apple Open Directory (OpenLDAP) Master to our Google Apps domain, and I have waited for some time for a solution I could go with. However, I was and have been unsatisfied with the solutions which are available for OS X. I wanted a very simple, secure, and natively run solution – running on my snow leopard server or lion server. Simple is a major part here, while some people don’t mind getting into configs and changing them I wanted it to be, run a installer, answer some easy questions, and bam! So below are my personal requirements for this first round of development.

 

Integrating Google Apps with Open Directory Requirements

  1. Do NOT store a plaintext password on disk.
  2. No extra services (such as MySQL), I wanted to use a simple flat file structure, similar to svn, because it is one less thing to fail.
  3. Easily configurable, easy to extend, easy to archive, easy to remove.
  4. When a user changes their LDAP password it should change their Google Apps password.
  5. If a user sets a password on a LDAP account which does not exist in Google Apps, it should be created.
  6. It should work for multiple Google Apps Domains.
  7. Install it & forget about it.

So I wrote a simple series of bash scripts, and an easy installer & uninstaller to accomplish what I wanted. While this is my first iteration of this tool it is currently in the last stages of production deployment testing, and I believe this to be ready to be used by most. I tried reasonably well to make the setup easy and very straight forward. Everything that is needed for this to work is already on OS X Server or included in the installer.

This is designed to be installed on your ODM, while the installer is NOT fool proof – I believe it to handle the most common cases and setups without problem. I will be developing this more and maturing the features, but I am currently focusing on my own needs, so I would really like to hear what would be popular to add.

It makes heavy use of openssl for storing confidential information using public key cryptography, this also allows root to actually recover a password if the situation ever arises. The tools that are installed with this are required to be run by root as well as access to the flat file structure it uses to store information in, this is intentional so that it adds a measure of security as to who can access it. Because if someone has access to your ODM as root all bets are off anyway.

It also uses Apple’s native launchd instead of cron because of the discontinuing support of cron on Apple’s platform. I believe this is the easiest most straight forward solution I have come across for syncing passwords from OpenDirectory to Google Apps on OS X.

There are some conventions to follow in order for this to work properly and they are as follows:

  1. In each of the user accounts in OD make sure their full Google App email account is entered under the user info tab, it should be the only email address entered.
  2. In each of the Google App domains make sure you create the SAME domain admin user (the part before the @) with the SAME password.

All messages are printed to the system.log file, so watch this file if you want to see any errors or it just working. You might have to issue a -HUP or restart PasswordServer or ODM for changes to take effect, but I did not have to. Formal documentation will follow after the next release.

 

Installation is simple:

  1. Download latest zip file to Open Directory Master.
  2. Unzip file.
  3. Open Terminal
  4. Change to the setup directory inside the package (this is a must!).
  5. CD to the newly unzipped folder
  6. Run: sudo ./install.sh

googlePasswordSync Release Log:

CURRENT RELEASE: org.theObfuscated.googlePasswordSync

SPECIAL NOTE: Bugs should be filed under the issues section on GitHub at https://github.com/jjviscomi/googlePasswordSync/issues. Please include all the output from the logs and whatever else is necessary to help correct or identify the issue.

- Added Google Apps Directory Sync Integration Capability. (If you choose to it will now modify the users LDAP record to include a SHA hash of the password so that GADS can push that information to Google Apps.) However if you choose this option make sure you use DACL to prevent everyone from seeing this information.

Read more »

One of the best lectures I have ever watched …

The Last LectureRandy Pausch gave probably the best and bravest lecture I have ever witnessed by an academic, this is truly inspiring. Really an unbelievable take on truly how to live your life. It has been around a while but it really makes no difference, if you haven’t seen it you need to …

 

What does a degree give you?

GraduationThe impending end for many successful college students is near, graduation is upon us! I remember my wife’s (although not at the time) and my own undergraduate commencement cerimonies and that got me thinking of the thoughts I had upon ending my undergraduate career. I remember when making the choice to attend school, it wasn’t to “get a job” or give me a sense of “enlightenment” – it was to get a degree.

So just let me clarify that little bit …

I was brought up to work out and solve problems, to think analytically, basically to use your brain to figure things out. I was  a problem solver, self reliant, and very hard working (not necessarily true about school work). I had some great mentors and loving people that guided me, they were part of my alliance and not people that adored me. There is a distinct difference between people that are on your team v. people that adore you. People that adore you don’t tell you your faults, your problems, or when they generally are dissatisfied and upset with you. It is very easy to surround yourself with people that adore you. People on your team however will tell you when you do a good job, but they will also be critical of you and tell you when you are not, what they don’t like about what you are doing and offer suggestions to improve yourself. This is the kind of people you want around you! Because in the process of getting to where I am now I screwed up a lot, and I made some really bad decisions along the way. It was these people that pointed them out (if they were not already evident) and then supported me in understanding and learning form them.

It is also important to note that I tried to surrond myself with very smart people – people that knew more than I did, had more experience than I did, and were willing to show me how they thought. You see you cannot improve yourself or your knowledge base in anything if there are not better people around you to push you, guide you, and challenge you.

The most importiant thing I realized, when it came to problem solving, which was pointed out to me when I was very young by my uncle was “it is the thought process that is important”, it is how you go about solving a problem – NOT ABOUT WHAT YOU KNOW!  Good problem solvers can be placed in any situation (any domain) and in a matter of minutes be asking the right questions to lead them down the path to find the solution. This is because they understand how to break apart problems and attack it correctly, this is perhaps the most valuable skill I have ever learned. So it is not in the answer that one gains knowledge, it is in the act of actually solving the problem. So when my mentors talked out the problems with me, shared what they were thinking, and why. It was giving me a glimpse into their thinking process – which is perhaps the tool I use the most to this day.

This all circles back around now to my post title, What Does a Degree Give You. It gave me a piece of paper … I am a firm believer that this type of skill is not normally learned in a classroom it was a part of my life and those around me made an active effort to teach me. Let there be NO mistake about it, they knew what they were doing and I am grateful.

You cannot place emphasis on college to teach you everything you will ever need to know, or for that matter to effectively prepare you for a career. Let me give you an example:

After 3 years as a computer science student I was able to land a job as a software engineer (something I have already been doing). The interview process was great fun, I was presented with fantastic problems that involved logic, coding, and commonly know algorithms. I thought it was enjoyable to talk with well established engineers and discuss with them about how I would solve the problems, now I assume I did well since I got the job, but I don’t remember one question that I was asked that I studied for in college, although I would have to say as far as a difficulty level it would rank as harder then any test I have ever taken (at least as an undergraduate). An example of one of the coding questions I was asked is: In an array of integers return a sub array with the largest sum, ensure that the resulting function runs in O(n).

The point being here is they were testing my ability to solve problems, I was presented with 4 other questions and was given 10 min to solve each of them. When I started I was excited. I took a seat at my desk and they introduced me to their environment, and then Bam! They hit me with their own custom embedded language, over a million line API … In school I learned LISP and C/C++, I had experience in another dozen or so languages, but I considered myself to be an expert in these languages. It suddenly didn’t matter that I knew almost every construct in LISP and C, I though to myself how am I ever going to learn this and be worth my pay?

So to keep an already long story short, I did and it all worked out. Turns out LISP and C are the two best languages to know (at least in my opinion) between the two of them I was familiar with all the cool things you can do in programming so it was just a matter of syntax I didn’t have to comprehend concepts like dynamic typing, pointers, preprocessing, classes, objects, and closures. I simply took home the documentation read it and learned it. In about a week I was churning out quality code for the company, and I felt pretty good.

However no one showed me, I was never taught how to use their language. I was expected after given a toolset to be able to utilize their documentation and solve problems. Because how good in am employee that has to keep asking how or why, then two people are not working!

Now in my current position I routinely have to deal with problems that often are very complicated in nature, and there are no documented solutions so we have to invent them. This is no big deal, but it can be frustrating. How did college help me with this? It didn’t again I bring this back to my experience of growing up and how I was raised. I am sure I learned somethings in college, mostly high level mathematics, and some other pretty useless stuff for the ordinary person. Other than that college was and extremely fun time it let me come into my own, it let me experience life without the parental units watching over anything I did. I developed my own opinions, I was exposed to culture outside of my normal home life, and I made some great friends. This is the value of college in my mind, it allow you to come into your own and that is why I have a high value for someone who “went away” for college.

People that have left everyone and everything behind them. This adds something to a persons character that I don’t believe happens any other way, or at least it takes a person much longer if at all to truly develop their self.

So to sum it all up then …

A college degree gets you; a piece of paper, a bunch of friends, your own views & opinions, exposed to culture, and a basic set of common knowledge.

A college degree doesn’t; get you a job, give you true knowledge, get you experience, prepare you for a life long career, make you intelligent.

So focus on really learning and maximizing your experiences – it is not just about a grade!

 

A simple look on perspective …

Picture of EarthThis is a simple little lecture  by Carl Sagan titled – The Little Blue Dot. I believe it puts things into perspective in a very elegant way. I thought it splendid and wanted to share it.

People don’t often take the time to reflect and realize what does matter and where we stand in the vastness of the universe. When you do think about it the perspective is very humbling…

 

Performance Optimization WordPress Plugins by W3 EDGE