Introducing Blogging Friday
It's not that I don't have things to write about, in fact I learn interesting new things every week. I have however never integrated a dedicated time to write new posts in my weekly routine. So to not procrastinate any further, I start Blogging Friday right now with some things I did this week.
Lower the threshold for new posts
I'm using lektor as static site generator; it's lightweight and
new posts are really quick to generate. All it takes is a new sub-folder in my
blog directory, containing a contents.lr file with a tiny bit of meta
information. Apparently this little effort is already enough to trigger my
procrastination. So to get this hurdle out of the way a little shell script is
quickly written:
#!/usr/bin/env bash #filename: new_post.sh if [ -z $1 ]; then echo "usage: $0 <title>" exit 1 fi posttitle="$*" basepath="/home/robin/gitrepos/myserver/blog/content/blog" postdir=$(echo $posttitle | sed -e "s/ /_/g" | tr "[:upper:]" "[:lower:]") fullpath="$basepath/$postdir" postdate=$(date --iso) if [ -e "$fullpath" ]; then echo "file or directory $postdir already exists" exit 2 fi mkdir "$fullpath" echo " title: $posttitle --- pub_date: $postdate --- author: Robin Schubert --- tags: miscellaneous, programming --- status: draft --- body: " > "$fullpath/contents.lr" echo "created empty post: $postdir"
LDAP authentication for random services
I've integrated a few web services in our intranet at work, like a self hosted gitlab server, a zammad ticketing system, nextcloud and the likes. One requirement to integrate well in our ecosystem, is the possibility to authenticate with our OpenLDAP server. Those services I configures so far all had their own way means to authenticate against LDAP; some need external plugins, some are configured in web interfaces and others in configuration files. However, honestly I never understood what they did under the hood.
I had a little epiphany this week, when I tried to integrate a homeassistant instance. Homeassistant does not have a fancy front-end to do this, instead this is realized with a simple shell script. There's an example on github which can be used and is actually not that hard to comprehend.
In summary what is does is to make a request to the LDAP server, either via
ldapsearch (part of the openldap-tools package) or curl (needs to be
compiled with LDAP integration). An example to make a request with ldapsearch
could look like this:
ldapsearch -H ldap://ip.of.ldap.server \ -b "CN=Users,DC=your,DC=domain,DC=com" \ -D "CN=Robin Schubert,CN=Users,DC=your,DC=domain,DC=com" \ -W
Executed from the command line, this will prompt for the user's password and
make the request to the server. If everything works fine, the command will exit
with exit code 0; if different from 0, the request failed for whatever reason.
This result is passed on.
That's it. Nothing new. Why then didn't I think of such a simple solution? The
request over ldapsearch can of course be further refined, adding filters and
pipe the output through sed to map e.g. display names or groups and roles.
Playing with PGP in Python using PGPy
I was exploring different means to deal with electronic signatures in Python
this week. First library I found was python-gnupg; I should have been more
suspicious when I saw that the last update has been 4 years ago. They may be
calling it pretty bad protocol for a reason. It is a wrapper
around the gpg binary, using Python's subprocess to call it. This was not
really what I wanted. For similar reasons, Kushal started
johnnycanencrypt in 2020; a Python library that interfaces the Rust
OpenPGP lib sequoia-pgp and which I'm yet to explore further.
A third option I found is PGPy, a pure Python implementation of OpenPGP. Going through the examples of their documentation it feels straight forward; for the relatively simple use case I have (managing keys, signing and verifying signatures), it should be perfectly usable.
That's been my week
Nothing of what I tried this week was groundbreaking or new, but it either interested me or was keeping me busy in some way. I wonder how statistics would look like if I would count how many times I look up the same issues and problems on the internet. Maybe writing down some of them will help me remember - or at least give me the possibility to look things up offline in my own records ;)
