Unix system administration can be a rewarding job, when it isn't frustrating. I needed to change the LDAP configuration of 320 servers today (LDAP is a centralized authentication system for user logins). I did some research and wrote a script that could automatically update the LDAP configuration of any client machine. One hour and 120 servers into the reconfiguration process, I discovered that the ldapclient command (which is a veritable tool of Satan, let me tell you) was not just changing LDAP settings, but was also turning off NIS configurations in the process (NIS is a protocol for sharing common system information across multiple computers). So, I managed to break 120 servers for a couple of hours this afternoon. Thankfully, I was doing this work during our slow period, when nothing important was running. It was a relatively simple task to re-write the script to work around ldapclient's weird behavior, and I got all 320 servers reconfigured and working normally without too much trouble.
LDAP configurations have been a thorn in our side for over a year at this company, so it's gratifying to have written a script will make it a lot easier to manage LDAP reconfigurations going forward. But this means I'm now our LDAP expert, so I'm probably going to come in for a lot more frustration dealing with this software down the road. Did I mention that the ldapclient utility is a tool of Satan?
I was going to post a copy of the script (just in case any despairing Unix sysadmins wander by), but it's so reliant on the particular layout of our LDAP directory that doing so would be pointless.
No comments:
Post a Comment