Resolving LDAPS connectivity issues for a self signed certificate

I was trying to connect to an LDAP server that had a self signed certificate. But somehow, the client didn’t like the self signed certificate installed on the server and failed to do an ldap_bind. I found a solution to enable ldap_bind with LDAPS. When using LDAP with SSL and a LDAP server which uses a self-signed SSL certificate normally no connection will be established. Therefor you have to allow such connections explicitly.
With Linux (e.g. Debian, Ubuntu) you have to add “TLS_REQCERT never” to your /etc/ldap/ldap.conf. On other distributions this config file may be located somewhere else.

Here’s the test script I used to test out the connection with the server:


$host = 'ldap-server.domain.com';
$port = '636';
$protocol = 'ldaps';
$base_dn = 'ou=corp,dc=organization,dc=pvt';
$domain = "@domain.pvtOrCom";

$username = "your.username";
$password = "YourPassword";

$connection_string = "$protocol://$host:$port";
$conn = @ldap_connect($connection_string) or die("Could not connect: $connection_string");
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);

$ldaprdn = $username.$domain;
$ldapbind = @ldap_bind($conn, $ldaprdn, $password);
if ($ldapbind) {
    $search = ldap_search($conn, $base_dn, "(samaccountname=$username)");
    if ($search) {
        $result = ldap_get_entries($conn, $search);
        if ($result['count'] > 0) {
            echo "Valid login\n";
        }
        else {
            echo "Invalid login\n";
        }
    }
    else {
        echo "ldap_search did not return any response\n";
    }
}
else {
    echo "ldap_bind did not return any response\n";
}

Execute MySQL Query from linux prompt (not db prompt)

Here’s a clean way to execute MySQL query without evening getting into the DB. Saves a step. But what is important here is that the password for the DB is generated via a script which can be used to connect to the DB.

mysql -uroot -p`python -c "from common_utils import common_lib; print common_lib.mysql_passwd()"` -D dbName -e "select tenant_hostname from tenant_ids"

Similarly, executing a DB backup by getting the password from a script result can be done as follows:

mysqldump -hlocalhost -uroot -p`python -c "from common_utils import common_lib; print common_lib.mysql_passwd()"` dbName tableName --result-file="/tmp/results.sql"

Update table with JOIN on another

I had to selectively updat a table in postgres by doing a JOIN on another table. Here’s an example of the schema and data that I needed to push:

table_system
id | installation_id | region | appliance_role

table_tenant
id | installation_id | host_controller

UPDATE table_system s
SET  region = 'US-West'
FROM table_tenant t
WHERE trim(t.host_controller) IN ('server-10.domain.com', 'server-11.domain.com')
AND t.installation_id = s.installation_id   -- USED For the JOIN
AND s.appliance_role='H';

Python – PUT data to a URL (Edit docusign recipient)

Wanted to submit a PUT request to a URL. The requests module in Python is the one recommended to do so. Can be easily downloaded using:

pip install requests

or

easy_install requests

More ways to install: http://docs.python-requests.org/en/latest/user/install/#install

Post installation, here’s a snippet to PUT data to a URL (this specific example shows how to Edit an existing docusign recipient):

#/usr/bin/python
import sys, json, urllib, urllib2, requests
import base64
 
# enter your info:
username = "username@org.com"
password = "YouP@ssword"
integratorKey = "YOUR-integration-key"

authenticateStr = "<DocuSignCredentials>" \
                    "<Username>" + username + "</Username>" \
                    "<Password>" + password + "</Password>" \
                    "<IntegratorKey>" + integratorKey + "</IntegratorKey>" \
                    "</DocuSignCredentials>"

# STEP 1 - Login
url = 'https://demo.docusign.net/restapi/v2/accounts/191919/envelopes/39d236e6-647c-4dac-b1ca-4b37b3ef9254/recipients'
payload = {
  "signers" :
  [
    {
      "email": "newrecipient@org.com",
      "name": "New Recipient",
      "recipientId": "2"
    }
  ]
}
headers = {'X-DocuSign-Authentication': authenticateStr, 'Accept': 'application/json'}
req = requests.put(url, data = json.dumps(payload), headers=headers)
print req
print req.status_code
print req.content