The rise and fall of the .coms is truly a fascinating experience in which to partake.
The coming week is going to be very interesting. Keywords: Linuxcare, Turbo Linux and a few other expletives I can think of.
Few diary entries penned by me of late could lead you to conclude that I’ve been extremely busy over the last month. You would be absolutely right.
Pretty much all of our servers are now located in the Digital Island facility in San Jose. No more poorly installed and configured hardware and software, hanging by a thread in some poor excuse of a facility.
Major highlights for me personally have been:
- The installation of a new VPN server running Linux 2.4.3, plus FreeS/WAN 1.9 and the X.509 certificate patch. This box is performing very nicely and it’s great to finally have an iptables box fulfilling a critical role in the infrastructure.
- An upgrade of the LDAP server to OpenLDAP 2.x and deployment of a couple of slave servers. I had to register a Private Enterprise Number with IANA and write a schema for backwards compatibility with the attributes used by our intranet, greatly increasing my knowledge of nss_ldap in the process.
- Installing a new mail server. The new one runs postfix 20010329 and has an NFS mounted mail spool. Some people swear that you should never do this, but I’ve used it before and I’d use it again. If done properly, there needn’t be any issues. The new box has been very elegantly put together, even if I do say so myself. LDAP is the key here. There are no local users in /etc/passwd, but every user can log in using ssh and read his e-mail at the prompt. Similarly, there are no local alias files. All aliases are looked up in the LDAP directory, where the corresponding maildrop is found. Local mail is then deposited. There are still a couple of minor problems to troubleshoot (for example, LDAP look-ups sometimes inexplicably fail), but in general, I’m very happy with the new box. The anti-UCE measures in postfix are second to none.
LDAP is the thing that interests me the most right now. The more I learn about it and the more I integrate it into the company’s IT infrastructure, the more possibilities I see for it.
All of our servers now authenticate users and groups over LDAP, rather than from flat files or NIS. CVS repository access, for example, takes place by checking groups over LDAP. All ssh access now takes place over LDAP. As outlined above, local mail delivery and POP3 & IMAP pick-up authenticate over LDAP.
LDAP is single-handedly reducing the workload of the company MIS department and empowering the users to manage themselves. For example, employees can now add, delete and edit their own e-mail aliases by editing their employee record on the company intranet. And when an employee joins or leaves the company, HR adds or removes a record and e-mail magically starts or ceases to work.
These are the kind of elegant solutions that can make it really satisfying to work in IT. Thanks to Matt and pompeiisneaks for helping me make it all happen.
On a personal level, life is good. Sarah and I will be going to England for two weeks in July, which I’m very much looking forward to. Hopefully, we’ll steal a weekend away somewhere before then, too.