Friday, October 17, 2008

Setting up Fedora Directory

An old colleague from my Sykes call center days ask me if I can set up a Fedora Directory Server and walk through his team through the whole installation and configuration. This was last Feb or March, I thought I'd gather up the notes I wrote and put them here. This will make a nice blog entry, hehe. Besides, you never know when you'll be ask to setup another Directory server and I'd hate start from scratch again. Just a heads-up though, this is long entry!

====

Distro: Fedora 8
Server: Fedora Directory Server 1.1

I. First off, some really basic intro:

LDAP (Lightweight Directory Access Protocol) is client-server protocol for accessing directory service. A directory server provides a centralized directory service for your network that can integrate wide variety of information.

Fedora Directory Server is a secure, highly scalable, robust LDAP server implementation of Red Hat and was derived from the original slapd directory server work done by UM.

II. Installation and General Fedora Directory Server Usage

  1. Clean installation of Fedora 8.

    Note: most packages required for installing Fedora Directory Server are hosted in Fedora Repository and would require Internet access on the server.

  2. Install a Java JRE, on Fedora 8 you can use IcedTea Java

    yum -y install java-1.7.0-icedtea

  3. Setup Fedora DS yum repo,

    cd /etc/yum.repos.d/
    wwget http://directory.fedoraproject.org/sources/idmcommon.repo
    wget http://directory.fedoraproject.org/sources/dirsrv.repo

  4. Install Fedora Directory,

    yum -y install fedora-ds

  5. Initial setup to create an instance of the directory server

    cd /usr/sbin/
    ./setup-ds-admin.pl

    Note: Choose "Typical Installation". Also, most installation setup options
    are reasonably set, so you can accept default options.

  6. Install the remote management console for managing Fedora Administration
    Server.

    yum -y install fedora-idm-console

  7. Install the command line tools for accessing Fedora Directory Server

    yum -y install mozldap-tools

    Note: The openldap-clients package provide similar tool functionality for
    accessing traditional OpenLDAP servers.

  8. Starting the Fedora Directory Server and Administration Server

    service dirsrv start
    service dirsrv-admin start

    Note: When starting the dirsrv the first time, specify the directory
    instance. To automatically start the directory services, run the following
    command:

    chkconfig dirsrv on
    chkconfig dirsrv-admin on

    Files for Fedora Directory Server can be found at,
    Log Files: /var/log/dirsrv
    Config Files: /etc/dirsrv/
    Database: /var/lib/dirsrv/slapd-instance
    Client Tools: /lib/usr/mozldap

III. Background on Directory Entries

  • The directory information tree (DIT) mirror the tree model used by most
    filesystem, with the tree's root appearing on top of the hierarchy.
  • The entry is an object that represent a particular information in directory tree (ie. person in your organization, printer in network). It is stored in a hierarchical structrue in the directory tree. An entry is defined in LDIF file.
  • LDIF file is standard text-based format. Each entry in LDIF file is represented by attributes and their values.
  • Schema defines the attributes type that each entries can contain. Standard schema can be found in /etc/dirsrv/schema directory.

IV. Creating entries in Fedora Directory Server Console
  • Starting the Fedora Server Console

    fedora-idm-console -a http://localhost:9830

  • Create Organizational Unit under root directory
    1. Servers and Applications ->Directory Server-> Directory
    2. Choose the root suffix and right click.
    3. Choose New->Organizational Unit

  • Adding 'Users' in Organizational Unit
    1. Servers and Application->Directory Server-> Directory
    2. Right click the appropriate Organizational Unit
    3. Choose New->User

  • Importing data from the Directory Server Console
    1. Servers and Applications ->Directory Server->Open->Task
    2. In the Import Database dialog box, enter full path
    3. Go to Directory tab to verify if data was successfully imported.

  • Modifying entries in the Directory
    1. Servers and Applications->Directory Server->Open->Directory
    2. Right click on the entry you wish to modify
    3. Choose Advanced Properties
    4. Choose Attribute you wish to modify

  • Deleting entries in the Directory
    1. Servers and Applications->Directory Server->Open->Directory
    2. Right click on the entry you wish to delete
    3. Choose delete option

V. Using LDIF Statement to Add/Modify/Delete Entries

  • Create Organizational Unit under root directory

    ldapmodify -v -a -D "cn=directory manager" -h <hostname> -p <port> -f
    <file.ldif> -w -

  • Create user account under Organization Unit

    ldapmodify -v -a -D "cn=directory manager" -h <hostname> -p <port> -f
    <users.ldif>

  • To delete Directory entries

    ldapdelete -D "cn=directory manager" -h <hostname> -p <port>
    "uid=u1research,ou=research,dc=example,dc=com" -w -

    Note: You can only delete entries at the end of branch. You cannot delete
    entried that have sub-entries.

  • Modify Directory entries

    ldapmodify -v -D "cn=directory manager" -h <hostname> -p <port> -f
    <file.ldif> -w -

VI. Managing Entries with Group, Roles
  • Groups are mechanism for associating entries into a list.

  • Roles is another entry grouping mechanism, it enables you to determined role
    membership as soon as an entry is retrieved from the directory.

  • Creating Groups:
    1. Servers and Applications ->Directory Server->Open->Directory.
    2. In Menu, Object->New->Group
    3. Add group name in General folder and members in Member folder.

    To list down members for certain group,

    ldapsearch -v -D "cn=directory manager" -h <host> -p <port> -b
    "dc=example,dc=com" "cn=<name>" -w -

  • Creating Roles:
    1. Servers and Applications ->Directory Server->Open->Directory.
    2. In Menu, Object->New->Roles
    3. Add group name in General folder and members in Member folder.

    To list specific Roles for user,

    ldapsearch -v -D "cn=directory manager" -h <host> -p <port> -b
    "dc=example,dc=com" "uid=<userid>" \* nsRole -w -

    To find all members of a particula role,

    ldapsearch -v -D "cn=directory manager" -h <host> -p <port> -s sub -b
    "dc=example,dc=com" "(nsRole=cn=,dc=<name>,dc=lt;name>)" dn -w -

Note: The functionality of groups and role mechanism overlap somewhat. Groups mechanism are standard-based, it is interoperable with most client and LDAP servers.

Roles mechanism is generally more efficient to use for applications as it reduce client complexity but it is more resource-intensive on the server side.


VII. Access Control

Fedora Directory Access Control defines the mechanism on how a user can access
Directory information. Access Control Instructions (ACI) are defined as attributes of entries. The three main parts of ACI are:
  • Target, specify the entry, attributes for which you want to control access.
  • Permission, specify the type of access that is allowed or denied.
  • Bind Rule, identify the set of users to which ACI applies.
Creating ACI
1. Servers and Applications ->Directory Server->Open->Directory.
2. Choose the object you wish to create an ACI
3. Right click and choose Set Access Permission
4. In the Access Control Editor, set the name for ACI entry
5. In the 'Users' tab, add members (could be individual/group/roles)


VIII. Centralized Linux Authentication
  • A more robust and secure alternative to using centralized authentication system through NIS.

  • User accounts information are stored in Directory server for retrieval during authentication from client side.

  • Home directories of the user resides in the Directory server and exported to the client side.

  • To setup Fedora Directory as authentication server for client.

    1. Create the Linux user account in the server. Take note of uid and gid and /home directory for the account.
    2. In the Directory, go to "Users and Group" tab.
    3. Click on Create->User
    4. Select the Organizational Unit to put the user in and create the user account.
    5. In the "Posix User", fill in the account info based with UID, GID, Home Directory.
    6. Export(NFS) the home directory.
    7. In client side, configure authentication to use the Directory server.
    8. In the client side, edit /etc/auto.master file and add the following:

      /home /etc/auto.guests --timeout=60
    9. In the client side, edit /etc/auto.guests file and add the following:

      * -rw,soft,intr :/home/&
    10. Set autofs to automount home directories from the server
      chkconfig autofs on
      chkconfig nfs on
      service autofs start
      service nfs start


Additional Notes:

Tools under openldap-clients are not supported for Directory Server
operations. For best results with Directory Server, use tools in
mozldap-tools. Tools in this package are found in /usr/lib/mozldap
directory.

Alternatively, you can use Kontact, a GUI tool for accessing LDAP server.
Kontact is included in the kdepim rpm package.

Directory Server Gateway/Phonebook is simple web-based application that
provides search/query/update interface for directory server data but is
currently not available for version 1.1 Fedora DS.
Posted by at No comments:
Labels:

Friday, October 3, 2008

Python Script to Pull Out MP3 Metadata

I have these number of MP3 files all lump together in a single directory that I was going to categorize and sort out over the weekend. Easy does it really, just create the directories (ie. Acoustic, Rock, RnB, etc) and then move them over to these directories.

Problem is, I have over 700~ mp3 files, and most of them have non-descriptive one word title. Some I knew right off the bat, but most of them I don't (I use 'random' mix option when playing them). Now, for me to listen to each one of them and categorize them to properly would've taken me more than one weekend.

And so I thought, wouldn't it be cool to write a small Python script to pull out the meta data (ie. artist, album, year, etc) and just based it from there? Yep, what a better way brush up on your non-existent programming fu than to write a small Pytho utility :-) And so here's the script I wrote, not the most elegant but it works (sorta :-))

Note: For reference, check out Dive Into Python book (chapter 5-6). That's where I got the baseline code. But now (except for stripnull function), the code hardly resemble the original one.


#!/usr/bin/python
# Author: Gene Ordanza
# Email: gene.ordanza AT gmail.com
# Description: Ugly hack on how to pull the metadata out of mp3 files that uses
#        the ID3v1 TAG formatting scheme.  mp3meta will also create a file called
# MetaFile.txt in your current directory.
# Usage: mp3meta <directory>
# Where: <directory>  is optional. If no directory was given, mp3meta
# looks in the current directory and walks through all subdirectory.
# Note: A great reference on how to pull ID3v1 data from mp3 file can be
# found on Chap 5-6 Dive Into Python book Chap 5-6, you can also find it online
# at http://diveintopython.org/

import sys
import os

def stripnulls(data):
 string = data.replace('\00','').strip()
 return string[:23]

def writeMetatoFile(mp3ObjectList):
 filename = 'MetaFile.txt'
 line_width = 80
 field_data = '%-5s%-24s%-24s%-24s%-4s\n'
 f1, f2, f3, f4, f5 = ('\nNo.', 'Title', 'Artist', 'Album', 'Year\n')

 if os.path.exists(filename):
  file = open(filename, 'a')
 else:
  file = open(filename, 'w')
  file.write('%s%s' % (' '*31, 'MP3 File Metadata\n'))
  file.write('=' * line_width)
  file.write(field_data % (f1, f2, f3, f4, f5))
  file.write('-' * line_width)
  file.write('\n')

 for mp3file in mp3ObjectList:
  file.write(field_data % (mp3file['count'], mp3file['Title'],\
   mp3file['Artist'], mp3file['Album'], mp3file['Year']))
 file.close()


class MP3Meta(dict):
 count = 0
 def __init__(self, name):
  self['name'] = name
  self.__class__.count += 1
  self['count'] = MP3Meta.count

 metaData = { 'Title' :  (3,  33, stripnulls),
  'Artist':  (33, 63, stripnulls),
  'Album' :  (63, 93, stripnulls),
  'Year'  :  (93, 97, stripnulls),
  'Comment': (97, 126, stripnulls),
  'Genre' :  (127, 128, ord)}

def usage():
 sys.stderr.write("""
Usage: mp3meta [directory]
Where [directory] is optional.  If you did not specify one, it will
start at your current directory and traverse all subdirectory.
 """)
 print

def getMetaData(listofMP3):
 mp3ObjectList = []
 for filename in listofMP3:
  mp3file = MP3Meta(filename)
  try:
   metafile = open(filename, 'rb', 0)
   metafile.seek(-128, 2)
   mp3data = metafile.read(128)
   if mp3data[:3] == 'TAG':
    for tag, (start, end, cleanup) in mp3file.metaData.items():
     mp3file[tag] = cleanup(mp3data[start:end])
      mp3ObjectList.append(mp3file)
   else:
    (null, title) = os.path.split(filename)
    (truncated, null) = os.path.splitext(title)
    mp3file['Title'] = truncated[:23]
    mp3file['Artist'] = ''
    mp3file['Album'] = '** Non-ID3v1.0 Format **'
    mp3file['Year'] = ''
    mp3file['Comment'] = ''
    mp3file['Genre'] = ''
    mp3ObjectList.append(mp3file)
   metafile.close()
  except IOError: pass
 writeMetatoFile(mp3ObjectList)

def findMP3(dummy, dirname, fnames):
 extension = '.mp3'
 mp3List = []
 for fname in fnames:
  if fname.endswith(extension):
   path = os.path.join(dirname, fname)
   mp3List.append(path)
 getMetaData(mp3List)


def main():
 if len(sys.argv) == 1:
  directory = os.path.abspath('.')
  os.path.walk(directory, findMP3, None)
 if len(sys.argv) == 2:
  directory = sys.argv[1]
  if os.path.isdir(directory):
   os.path.walk(directory, findMP3, None)
  else:
   usage()

if __name__ == '__main__':
 main()

Posted by at No comments:
Labels:
Subscribe to: Comments (Atom)