Web-Based NT Administration Via Perl George Kuetemeyer Thomas Jefferson University Hospital.

Post on 27-Mar-2015

218 views 1 download

Preview:

Click to see full reader

Tags:

Report this document
SHARE

transcript

Web-Based NT Administration

Via Perl

George KuetemeyerThomas Jefferson University Hospital

George.Kuetemeyer@mail.tju.edu

TJU/H Mission

Patient care Education Research

George.Kuetemeyer@mail.tju.edu

TJU/H Demographics

9,000 faculty/staff 3,500 students

George.Kuetemeyer@mail.tju.edu

TJU/H IT Infrastructure

ATM network 5,000 PC’s, Macs IBM mainframe Tandem mainframe Unix/Linux servers NT servers NetWare servers

George.Kuetemeyer@mail.tju.edu

Application Infrastructure

Mail*Hub mail switch/X.500 directory Authentication Role data

HP OpenMail (4,500 faculty/staff) CS&T OpenTime (2,100 clients) PeopleSoft IDX/Last Word

George.Kuetemeyer@mail.tju.edu

The Problem

Migration from NetWare to NT NT admin tool issues NT security model issues Support staff training issues Competing business models Generalized fear and loathing

George.Kuetemeyer@mail.tju.edu

NT Admin Tool Issues

GUI Interface not ideal for batch updates Command line control limited Batch file scripting limited Scripting host proprietary Platform-limited remote control

capabilities

George.Kuetemeyer@mail.tju.edu

NT Security Model Issues

Not very granular (as exposed by the GUI tools)

Not hierarchical (like NetWare 4.XX) No obvious link to our X.500 directory Didn’t fit our IT support roles

George.Kuetemeyer@mail.tju.edu

Support Staff Training Issues

GUI tools unfocused Command line approach not user

friendly

George.Kuetemeyer@mail.tju.edu

Competing Business Models

Microsoft’s take on security different than ours

Monolithic technology vs. diverse technologies

Proprietary vs. open solutions Commercial vs. non-profit environments

George.Kuetemeyer@mail.tju.edu

Fear and Loathing

Microsoft replaces our favorite technologies

Microsoft replaces us ‘The Dark Side’ Syndrome

George.Kuetemeyer@mail.tju.edu

General Problem

Vendor’s Reality

George.Kuetemeyer@mail.tju.edu

General Problem

Vendor’s Reality Our Reality

George.Kuetemeyer@mail.tju.edu

General Solution

Vendor’s Reality Our RealityFilter

George.Kuetemeyer@mail.tju.edu

General Solution

Vendor’s Reality Our RealityFilter

George.Kuetemeyer@mail.tju.edu

General Solution

Vendor’s Reality Our RealityFilter

George.Kuetemeyer@mail.tju.edu

The Solution - Perl

Powerful Cross platform Easy entrée to NT internals Roll our own admin tools Make them networkable Tie in our legacy systems

George.Kuetemeyer@mail.tju.edu

Phase 1 - Local Administration

Standardize on Perl Start by ‘back-ticking’ various command

line functions Replace with Perl/NT admin API

packages as they become available

George.Kuetemeyer@mail.tju.edu

Useful NT Admin Packages

Win32::NetAdmin.pm Win32API::Net.pm Win32::AdminMisc.pm Win32::DomainAdmin.pm Win32::FileSecurity.pm

George.Kuetemeyer@mail.tju.edu

Phase 2 - Remote Administration

IO::Socket-based client inetd from Pragma Systems

Useful companion for pre-fork NT Perl

Also provides telnet daemon Perl-based request server called by inetd Server interfaces with modular “methods”

package System can work with command line or

web delivery mechanisms

George.Kuetemeyer@mail.tju.edu

User Interface CGI Processing

Client Process Server Process

Authentication

Perl NT Methods

X.500 Directory

Web Admin Overview

Authentication

NT Environment

George.Kuetemeyer@mail.tju.edu

User Interface CGI Processing

Client Process Server Process

Authentication

Perl NT Methods

X.500 Directory

Platform Overview

Authentication

NT Environment

NT

HP/UX

Linux/Apache

George.Kuetemeyer@mail.tju.edu

NT Admin Walkthru

Authentication

George.Kuetemeyer@mail.tju.edu

NT Admin Walkthru

X.500 Name/Password

George.Kuetemeyer@mail.tju.edu

NT Admin Walkthru

Main Menu

George.Kuetemeyer@mail.tju.edu

NT Admin Walkthru

Create Client Object

Use K_Client;

my $client = K_Client->new(host => ‘pdc.jeff.com’, port => 2000, sender => $param{‘sender’}, pwd => $param{‘pwd’}, key_file => ‘/usr/local/keys/nt.txt’, );

George.Kuetemeyer@mail.tju.edu

NT Admin Walkthru

Send Request

$client->build_request(method => ‘get_user_list’, server => ‘’, );my $ok = $client->send_receive();my $err = $client->get_errorcode(0);my @users = $client->get_result(0);my $msg = $client->get_msg(0);return ($ok,$err,$msg,\@users);

George.Kuetemeyer@mail.tju.edu

NT Admin Walkthru

Server Object

use K_Server;use K_Methods::NT_Admin;use X500_Auth;

my $hosts = { www.jeff.edu => 1, pdc.jeff.edu => 1 }; my $methods = K_Methods::NT_Admin->new();my $server = K_Server->new(methods_obj => $admin, auth_sub => \&X500_Auth::auth_client, work_dir => 'd:/ntadmsrv’, server_name => 'K_Server', log_file => ’d:/logs/k_admin.log', key_file => ’d:/keys/nt.txt', event_log => 1, ok_hosts => $hosts, );$server->handle_request();

George.Kuetemeyer@mail.tju.edu

NT Admin Walkthru

Methods data structure

$self->{‘methods’} = { get_user_list => { method => sub { $self->get_user_list(@_) }, params => [ server ], role => $ops, event_id => 15, false_msg => sub { my %p = @_; return "Failed to get user list." }, true_msg => sub { my %p = @_; return "Got user list." }, }, . . .

George.Kuetemeyer@mail.tju.edu

NT Admin Walkthru

Methods role attribute

$self->{‘roles’} = { super_acct => 3, acct => 2, ops => 1, all => 0, };

George.Kuetemeyer@mail.tju.edu

NT Admin Walkthru

Core subroutine

# generate list of users

sub get_user_list {my $self = shift;my %params = @_;my (@users);

Win32::AdminMisc::GetUsers($params{'server'},'',\@users);return \@users;

}

George.Kuetemeyer@mail.tju.edu

NT Admin Walkthru

Create Account

George.Kuetemeyer@mail.tju.edu

NT Admin Walkthru

Create Account

George.Kuetemeyer@mail.tju.edu

NT Admin Walkthru

Create Account

$client->build_request(method => ‘create_user’, server => ‘’, user => $param{‘user’}, type => ‘user’, abort => 1, );$client->build_request(method => ‘set_user_pwd’, server => ‘’, user => $param{‘user’}, pwd => ‘tmp_pass’, );$ok = $client->send_receive();@msgs = $client->get_msgs();return ($ok,\@msgs);

George.Kuetemeyer@mail.tju.edu

NT Admin Walkthru

Create Account

George.Kuetemeyer@mail.tju.edu

NT Admin Walkthru

Main Menu

George.Kuetemeyer@mail.tju.edu

NT Admin Walkthru

Change Account

George.Kuetemeyer@mail.tju.edu

NT Admin Walkthru

Get Account Info

$client->build_request(method => ‘get_user_attrs’, server => params{‘server’}, user => params{‘user’});$client->build_request(method => ‘get_user_global_groups’, server => params{‘server’}, user => params{‘user’});$client->build_request(method => ‘get_global_groups’, server => params{‘server’});

$ok = $send_receive();@msgs = $client->get_msgs();%attrs = $client->get_result(0);@user_grps = $client->get_result(1)@grps = $client->get_result(2);return ($ok,\@msgs,\%attrs,\@user_grps,\@grps);

George.Kuetemeyer@mail.tju.edu

NT Admin Walkthru

Account Info

George.Kuetemeyer@mail.tju.edu

NT Admin Walkthru

Back end logging

George.Kuetemeyer@mail.tju.edu

Project Results

Our security policies enforced NT becomes part of larger IT

infrastructure IT staff supports NT with minimal training Change effectively managed (Win2K) Innovation modulated by our business

realities

George.Kuetemeyer@mail.tju.edu

NT Admin Futures

Replace inetd with Perl fork Recode admin methods to support

LDAP/Active Directory Spend more time on web client interface

Top related

Learning Perl - Amazon S3 · 2019-02-26 · Perl Cookbook Perl Debugger Pocket Reference Perl in a Nutshell Perl Testing: A Developer’s Notebook Practical mod-perl Perl Books Resource
Documents
Фрагменты Perl 6 в Perl 5.10
Technology
Modern Perl for the Unfrozen Paleolithic Perl Programmer
Internet
Sphinx && Perl Houston Perl Mongers - May 8th, 2014
Technology
Intermediate Perl · Related titles Learning Perl Programming Perl Advanced Perl Programming ... that spark revolutionaryindustries. We specialize in docu-menting the latest tools
Documents
The Perl Journal The Perl Journal
Documents
Web Development with Perl - Perl Training Australia
Documents
Modern Perl for the Unfrozen Paleolithic Perl Programmer
Internet
Advanced Perl Parsing - Monash Universityusers.monash.edu/~damian/Perl/DPW/AdvancedPerlParsing.pdf · Advanced Perl Parsing Deutscher Perl-Workshop 3.0 Tutorial Damian Conway 28 February
Documents
Programare Programare Perl Perl - profs.info.uaic.robusaco/teach/courses/perl/presentations/perl1.pdfProgramare Perl Sabin-Corneliu Buraga busaco/ 2 “There’s no teacher who can
Documents
Perl and Databasesblob.perl.org/books/beginning-perl/3145_Chap13.pdf · Perl and Databases Building database ... Oracle, Informix, and Sybase. DBI provides abstraction ... older Perl
Documents
Perl::Critic and Perl::Tidy
Documents
201ier%20trimestre%20198… · equipement de base C option compatible incompatibilité. CELESTRON PERL PERL IW,.eoo PERL NOVA 120,810 PERL MIZAR AR 120 PERL wzAR H 120 12¶720
Documents
1 Perl Syntax: control structures Learning Perl, Schwartz.
Documents
Perl Programming - 01 Basic Perl
Software
Perl Tidy Perl Critic
Technology
Thomas Jefferson National Accelerator Facility. Actions: Procedures For IOC Application Development, Testing, and Installation Tools: Shell scripts, Perl.
Documents
1 Introduction to Perl and Perl Syntax Learning Perl, Schwartz.
Documents
A Tutorial Introduction to Perl - Pearson EducationChapter 1 • A Tutorial Introduction to Perl. in March 1991 and the Perl 5 release in October 1994. A new version of Perl, Perl
Documents
Perl Pipelines - Cold Spring Harbor Laboratorygorgonzola.cshl.edu/pfb/2010/LectureNotes/perl_pipelines/perl... · Perl Pipelines Using perl as bioinformatics glue Simon Prochnik with
Documents

Copyright © 2018 DOCUMENTS