Put it All Together

After beating myself up over the last post, I rolled up my sleeves and got working logic code and it is sending me notifications of who's account password is expiring. I'm still having trouble with getting useable information out of the LDAP hash. I'm probably doing it wrong, so I've asked for a code review and maybe we'll get to the bottom of how Ruby is doing this. I keep getting values in the format of:

["gcolasurdo"] in stead of just gcolasurdo

when I try to get the cn, mail or other LDAP key field.

First, an outline of my code's logic (based on the previous ColdFusion script):

1. Loop over the relevant OUs (organization units in the LDAP)
2. Query the LDAP
3. If there is an expiration date and mail then...
4. Find the expiration date and calculate the difference from today (script will run daily)
5. If the daydiff is on a warning interval...
6. If the OU is for the College of Nursing or everyone else, prepare personalized email text
7. Then send an email with the details of the impending password expiration

Two questions that came up from the CF code. Should I:

1. Set a timeout at some point so as to not choke the mail relay
2. Log the results

One independent question I had:

1. Should we do anything about already expired passwords (I'm sure the business reason was already set, but as the programmer, I kinda want to make sure)

This is all working locally, so we will need to start in on the deployment process.

Ok, here is the code I'm using:

S is for Stalled

I was hoping to not have to do this so early on. It's the biggest problem in writing a blog; maintaining consistency and finding a voice. But here I am.

I've run into a block and I don't have any code to talk about this time.

Fortunately, I am learning something from this.

My difficulty with Ruby, and by extension Rails, is that it seems easy to get an application up and do fun things like utilize Ajax, query an LDAP or send email. The part I'm having trouble with is manipulating results.

It seems funny to stumble on the simplest of things, but when it comes down to it, that is the whole reason for an app: to manipulate and present data.

I'm just not getting the the pointers and hashes. I'm not getting the syntax and conventions. I'm not getting the methods that can be used on an object. It is going to take some reading and re-reading to get it. And beyond re-reading, I need to make some code samples and play with the results. Maybe I can show that next time.

Sending Email

Next up for my little scripting project is to send some email from our IT's mail relay.

There are a several nice Ruby gems that can make sending mail easy to do. Two are Pony and Mail. Pony is super simple, so I went with that for this script. Mail has a lot of features for importing body text, attachments and other great stuff. I will probably use it in a web application.

I would post some demo code, but it's basically right there in the GitHub Read Me.

I did run into some trouble. I got an error connecting to my IT department's relay.

/Users/garthcolasurdo/.rvm/rubies/ruby-1.9.2-p318/lib/ruby/1.9.1/openssl/ssl-internal.rb:121:in `post_connection_check': hostname was not match with the server certificate (OpenSSL::SSL::SSLError)

Stack Overflow asked and answered. By adding:

:openssl_verify_mode => 'none'

to my

:via_options => {...}

I'm receiving email from my department's relay.

Connecting to LDAP with Ruby

Looking at my tasks, the first order of business is to get connected to our LDAP server through a Ruby script. I'll start with a few Google searches and see what kind of LDAP gems I can use and if there are any examples or tutorials.
Here are a few results:

• Ruby/LDAP Tutorial
• ruby-ladp/test (github)
• HowtoAuthenticateWithRubyNetLDAP

For whatever reason, I chose ruby-ldap as my gem to install and ran with its tutorials and examples. Net-LDAP also seemed like a good choice.

I ran a little script just to get started.

But I'm not able to connect. Our LDAP is on SSL with a self signed certificate and I need to import it to my environment. I'm jumping ahead here a bit as I got that script from Christian Hofstadtler's post that helped me troubleshoot the issue. Since I'm developing on OS X, these instructions from Apple got my TLS_CACERT in /etc/openldap/ldap.conf configured correctly.

Now I'm getting data from our LDAP and I need to start filtering and refining. My basic script looks like this:

Move password expiration script from ColdFusion to Ruby

Today I started an interesting project migrating a ColdFusion scheduled task to Ruby. Why would we do such a thing? We have a number of problems with our CF server, primarily the CF spooler has been sending two copies of our organization's notice of password expiration. We've investigated and researched and have never come up with a satisfactory (or logical) solution for it. In addition our unit is moving away from CF and to Ruby on Rails for our application development. It would be in our interest to migrate existing business processes to the new environment.

Me, I'm struggling to get up to speed on Rails. I still maintain a lot of CF code and I have at least two current projects being actively developed in CF. I can support our other developer with html, css, testing and mock ups, but I just can't quite get on the Rails train yet.

My boss, probably at the suggestion of our other dev, assigned me to rewrite our failing expiration notification script in Ruby. This I can probably do. And I'll probably learn a lot about Ruby along the way. I'll break this down in our usual SBAR format.

Situation: Our organization expires passwords every six months. We should probably warn our users when their expiration is coming due; at 30, 14, 7, 3, 2 and 1 day. A script that runs every morning should search the LDAP looking for upcoming expirations, and at those intervals send an email.

Background: We have a working ColdFusion script and a history of utilizing our organization's LDAP. ColdFusion was quick and easy to set up, but there are problems with our server. Additionally, our unit is moving away from CF development. Developing a new script should not be difficult since the logic and assets are readily available. Hopefully, we can return responsibility of this business process to the Identity Management unit and not take so much flack for what the warnings do or do not do.

Analysis: To accomplish this project I have created the following tasks:

1. Connect to LDAP with Ruby
2. Report contents of LDAP in Ruby
3. Refine LDAP results
4. Send email to myself
5. Build logic structure based on existing code
6. Test locally
7. Deploy on server
8. Test on server
9. Schedule as chron job

Results: Successfully find and send expiration notices daily.