Stemming the flow of evincible Ignorance. We must try to understand for the sake of understanding.
Archive for October, 2013
That stupid little vim slug: modeline
10 years
by Jesse Morgan
in Uncategorized
I can never remember the name of modeline for some reason- I always call it a slug. Here is the proper syntax for it as found here:
/* vim: set sw=2: */
Now the next time I google for “Vim slug” this page will come up and I can feel dumb all over again.
Find out the DN for a user in Active Directory
10 years
by Jesse Morgan
in Uncategorized
It is usually a pain in the butt to figure out how to find the DN of a user and I can never remember how I did it; Fortunately I stumbled across this link which gives the following advice:
You may be asked to define a DN so that a service can bind to it to authenticate a query. Each user in Active Directory has a distinguished name. However, you cannot find it through the ADUC tool.
From a command prompt on your domain controller type: ldifde -f c:\export.txt
View the export.txt file in Notepad and do a find on the username. For example, you do a find on username zimbrauser. You will see something like this:
CN=zimbrauser,OU=External,DC=exonline,DC=intranet
This means that zimbrauser is in the OU called External in your AD forest exonline.intranet.
This worked beautifully for me. I’ll admit that it is a bit of a kludge, but damn… it’s so simple.
As usual, if this was helpful, leave a comment telling me so.
Unlock Admin account on Puppet Enterprise Via the Command Line
10 years
by Jesse Morgan
in Uncategorized
Long Version
Backstory time! I’m currently in the process of implementing a new Configuration Management system. Since this will only cover a small subsection of servers, I opted to go with Puppet Enterprise (PE). As part of the installation, it asks you for your email address to use as a username- I used my work address. After getting it installed and configured, I thought it would be a good idea to auth off of Active Directory; I forgot to disable the internal account when doing this, meaning there were two jmorgan@foo.com that were possible; by the time I had figured this out, puppet had “locked” my account; I disabled the AD auth to confirm that yes, jmorgan@foo.com was indeed locked.
So, how do you unlock the admin account? After spending a couple of hours googling and asking on freenode’s #puppet channel, I decided to brute force it. By default, PE uses its own postgres database, so I figured out how to crack that open, then dug through the tables and fields, then through the PE sourcecode until I found the secret…
Short Version
- Find the password for console_auth here in /etc/puppetlabs/installer/database_info.install.
- Connect to the internal postgres DB (presuming you used it): psql -h localhost -p 5432 -U console_auth console_auth using the password found in the file above.
- Run the following SQL command: update authorized_users set status=’enabled’, login_failure_count=0 where username=’jmorgan@foo.com’;
And that’s it- all that gnashing of teeth for three little steps. Now I can change the admin account to something less conflicty, and retry the AD authentication.
If this saves your butt, please let me know- I couldn’t find this documented anywhere.