Thursday, December 20, 2012

Infrastructure Readied For LDAP

Sometimes there are circumstances where we know that certain technologies will make us more effective, but we don't have people on staff to implement.  This was the case with LDAP publishing of user accounts.  Clearly it's wonderful, but no one is on staff to properly maintain it.  It's easy to fear the situation where even if one person gets it working, if they are out of the office you have the potential for longer down times if something breaks or fails.  Do you really want System Administrators punching in phone numbers and making updates?  We reached the point where it's needed, we have too many external applications that need shared information.  How best to deploy?

After consideration and discussion we decided to create a screen in our support portal that allows all IT staff to make modifications to basic information and it creates a LDIF file which is housed on the GNOME server.  While we perfect our work flow, these files will be uploaded into the LDAP server by our admins, with the goal of automating that once it's been proven.  This approach is clean to me because we have all of the "source" files out of LDAP.  If something gets damaged, it's easily repaired and recovered.  So I wrote a little vcf2ldif utility that sucked out all of the data out of Evolution/Groupwise and created LDIF files. 


The support portal software already had a "user detail" screen, so the fields that we needed were added to another tab and are easily editable.  When the save button is pressed, it generates a LDIF file with all of the exact formatting that we want and fields locked down from free form text entry when appropriate.  Very easy to use, and integrated into the software used mostly heavily by out support staff.  I saw that LDAP supports a JPG image, so our security guy downloaded all of our photos from our badges and I added a place in the UI to add them.  We can now see the pictures of all employees, which will assist us with identity confirmation.



Pictures were also thumbnailed automatically when doing a user name or department search:



After trial and error and a few runs of the vcf2ldif utility, the files were compliant in all fields.  So I did a cat *.ldif > merged.ldif and then ldapadd'd them all into the software with success.  It's a very exciting step, all done easily with open source tools.


And the data was verified with a LDAP browser, and appears as expected:


My current area of focus is now accessing this data from our first new project: Zimbra.  Zimbra supports auto-provisioning, whereby it verifies if you have a mail: LDAP entry and if so, it verifies your password.  If this is the first time you have logged in, all of the phone numbers are downloaded and the account is automatically created.  This will save our support staff a lot of time.

LDAP will also be used for our Wifi, Alfresco and our web proxy appliance in the coming months. 

There are always many ways to accomplish goals, but I think we have found a good balance with our staff size, budget and existing skills.  I'm looking forward to seeing this all deployed.

Tuesday, December 11, 2012

Changes To Portal, And Data Mining

It's an aspect of my personality -- I love data and finding new ways to analyze it.  In the case of our GNOME implementation I want to see exactly what software packages are being used and by whom.  There are two benefits to this:  1) being able to focus on the software packages used the most  2) Being able to reach out to users when data indicates they might be having problems.     Very often in a corporate/enterprise environment users will not call for support and their frustrations will grow, so our support portal has given us the ability to proactively make contact.

In the last few set of updates that I pushed, the "Usage" tab of the portal has been implemented and is now providing interesting data.  The UI and buttons still need some alignments and work, but the data is there for viewing.  On each refresh cycle it's now counting all clicks for the day and sorting them into the top four categories.  And then underneath these categories it's how showing the top six users and their number of software clicks/launches.  In the case of LibreOffice this might just mean they are editing a lot of files; it also might mean they are having a problem.  In the shot below, I can now see the number of launches of "Evolution" for instance (marked in green) and then the blue shows the users underneath.  There were some users with lots of launches and one of them is having problems with quota.  The other user seems to be working in a manner of only opening one software application at a time and closing it before opening another.  We are reaching out to both employees and offering to help.   With these most recent changes, I've reached a milestone now where all features that we wanted to add are now complete and I'm moving to other projects.



Projects:  Tomorrow we are working with a vendor to design and implement a LDAP server, and then will be connecting it to our Zimbra install and testing this type of authentication.  Once that's in place, I'll connect it to Alfresco for similar testing.  I also will be working again on the Ubuntu thin client updates for our workstations.

Friday, December 07, 2012

Support Portal, Licenses, LibreOffice & Zimbra

Things have been busy since my last blog.  Along with normal day to day support items, I have been advancing several projects.  I have had some time to multi-task in making changes to our support portal.  We have found that the time that I invest in improving that software is easily recouped down the road.  For many years licenses were granted via files and the command line.  Things have gotten more complex since this infrastructure was first deployed.  We have more staff members, we have lots more software packages, and licenses are being moved around more than ever.  So I created a new way to hold the licenses and wrote a little script to make the conversion and integrated it into the support portal.  Now our support staff can go into the software package (as loaded from the .desktop file) and with a few clicks add permissions for users to launch this software.  They also can point the license to the physical paperwork; and a thumbnail is generated to show the document.  (as seen below).



I also mined into the log files where we track usage and added some fields to display stats of our various packages.  We have so many software packages now, and very often people buy things and never use it...so now we'll have more data with which to review if software should be removed from servers.

Everything seems to be working well in our sandbox test area.  With just a few clicks licenses are granted and revoked, all changes are logged and the license goes live immediately.  The user can click on the icon and it works as soon as the save is made.

As part of this code, I added a "Usage" tab from the front UI of the portal whereby we can watch in realtime as icons are clicked.  We also can see which applications are being used the most and by whom.  I'm going to add some buttons below the software categories that will show which users launched these applications the most during the current search window.  When viewing the current day, this might indicate that they are having some problems or technique issues that need our help.
  (Very often people never call...even when they are having serious problems.  We want to identify these issues and be proactive)



Other projects have continued:  I have been testing LibreOffice 4.0 Alpha along with some other employees, a few issues found and bugs submitted.  We have the hardware now for the final deployment of Zimbra, so I installed Ubuntu 12.04 server and applied patches and got everything running.  Next week we connect it to LDAP and we will test accounts and passwords.