tags: development

Action executed in 0.000

Each Tag

development

Common tags - number of posts

web (2), TrickleUp (2), usability (1), accessibility (1), VBA (1), AD (1), Active Directory (1), [Si]dragon (1), standards (1), security (1), OpenLDAP (1), delete (1), software (1), goals (1), XHTML (1), crockford (1), verify (1), LDAP (1), JavaScript (1), icons (1), mock (1), articles (1), features (1), account (1), automation (1), sustainable (1),

2 way join

TrickleUp, development, development, web

Mocking Active Directory with OpenLDAP

OpenLDAP logo

For work, our production server uses Active Directory (AD) for authentication and authorization to use our app. Users may belong to several groups to be granted access to different parts of the app. To mock this out for development I installed OpenLDAP and extended the schema enough to match what we need.

Our code queries the sAMAccountName attribute of users, which belongs to the Microsoft securityPrincipal objectClass. Instead of enabling the entire schema, which gave me errors, I enabled just the objectClass and attributes my application needs.

attributetype ( 1.2.840.113556.1.4.221
    NAME 'sAMAccountName'
    EQUALITY caseIgnoreMatch
    SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
    SINGLE-VALUE )

attributetype ( 1.2.840.113556.1.2.102
    NAME 'memberOf'
    EQUALITY caseIgnoreMatch
    SYNTAX '1.3.6.1.4.1.1466.115.121.1.15')

objectclass ( 1.2.840.113556.1.5.6
    NAME 'securityPrincipal'
    SUP top
    AUXILIARY
    MUST (sAMAccountName)
    MAY (memberOf))

This says there's attribute named sAMAccountName of type (SYNTAX) string which occurs once. Checking equality will ignore case. There's also a memberOf attribute, but it's permitted multiple times. Finally there's an objectclass called securityPrincipal which MUST contain sAMAccountName and MAY contain memberOfs.

Create this file and save it in /etc/ldap/schema/ms.schema.

Create a file schema_convert.conf like this.

include /etc/ldap/schema/ms.schema

Follow the steps here: Modifying the slapd Configuration Database.

Using phpLDAPadmin, add Generic: User Account, save, then edit. Add object class securityPrincipal. This will prompt you to fill out sAMAccountName. In our application we set the username part of our Kerberos principals. Then "Add new attribute" and select memberOf. Finally set the name of the group the member belongs to.

Now or app may perform the queries it needs, just as it would in production.

// Find the user
ldap_search( $ad, $basedn,"(samaccountName={$samaccountname})", array('dn;) );
// Get their groups
ldap_read( $ad, $userdn, '(objectclass=securityPrincipal)', 'memberof' );

How To Install and Configure OpenLDAP and phpLDAPadmin on Ubuntu 16.04 is an excellent article for reference.

●●●●●○○○

SDGs .:. Sustainable Development Knowledge Platform

SDG logo

The Division for Sustainable Development (DSD) seeks to provide leadership and catalyse action in promoting and coordinating implementation of internationally agreed development goals, including the seventeen Sustainable Development Goals (SDGs). Among other mandates, it hosts the secretariat for the High-level Political Forum on Sustainable Development (HLPF), the central platform within the United Nations system for the follow-up and review...

url: https://sustainabledevelopment.un.org/sdgs

type: unknown, format: page

●●●●●●●○

456 Berea Street: Articles and news on web standards, accessibility, and usability

456 Berea Street

This site is developed and authored by me, Roger Johansson. I’m a Swedish web professional who has been working with the web and other interactive media since 1994.

This site is a place for me to post articles, tutorials, and comments on subjects that are interesting and useful to me and hopefully to other web professionals. Most posts on this site are related to web standards, accessibility, or usability in one way or another, with the occasional...

url: http://www.456bereastreet.com/

type: person, format: blog

●●●●●●●○

JSLint, The JavaScript Verifier

javascript verifier, looks for problems in JavaScript programs

url: http://www.jslint.org

type: project, format: unknown

●●●●●○○○

Tango Icon LIbrary

icons

url: http://tango.freedesktop.org/Tango_Icon_Library

type: unknown, format: unknown

Rants of SD Environments

In reflection to Michael's Hey Developers, You Suck - here's my rerant. Same situation, different company. The problem i have here is a lack of respect for data by not using normalized forms and referential integrity.

Since a lot of our work is aggregating massive amounts of data, i'm often stressed by the fact that a small mistake can have large consequences.

Did you hear that CDC overstated its obesity death figures? Did you hear that the FBI may scrap a $170 million software project?

Those are disgraceful and i work hard to prevent such and embarrassment to my company.

The other problem we have is strongly connecting data to code by using VBA and stovepiping our software. The problem with tying data and code is that we manually format our data to work with our code. This presents a problem when in 6 months we want to swap in new data. The problem with stovepiping is it produced non-flexible code. So when we want to add a feature (like multiuser) to an application, it's very difficult.

One last remark. TrickleUp, the software that runs my personal website, allows me to write code to the quality that i want. I suggest each person take up at least one project to relieve stress.

TrickleUp Development

Development on TrickleUp resumes with 2 new features. (1) Commenters may now register an acount. An account allows them to take polls. There was a bug here before when TrickleUp tried to create a user when there was one already. (2) The other feature it the ability for admins to delete articles and all children comments at the click of a button.

The next feature i will add is a comment preview. Some people violate rules (too many characters). When they go back to fix, their incompetent browser doesn't have their form prefilled with their post data. (This is one place where Konqueror is better than Firefox.)

But there are other reasons for this improvement. Commenters should be able to see their post to correct typos or formatting.

Oh yeah that's another feature to add: automatic formatting of TXT into XHTML, with something like Textile and Live Comment Previews.