topic Re: UserID API integrated with OpenDirectory service on OS X Server in Automation/API Discussions

UserID API integrated with OpenDirectory service on OS X Server

Santa — Mon, 11 Feb 2013 21:46:18 GMT

Hi,

I'm looking for guidance on how to integrate UserID API with my OpenDirectoy service running on a OS X Server. Anyone?

Re: UserID API integrated with OpenDirectory service on OS X Server

mharding — Wed, 20 Feb 2013 15:44:50 GMT

I've never worked with OpenDirectory before, but maybe the information in this post will help you out.

Re: UserID API integrated with OpenDirectory service on OS X Server

Santa — Wed, 20 Feb 2013 20:47:42 GMT

Hi,

I actually managed to get authentication working using LDAP but what is still missing is IP mapping where I want to extract username and IP address from maybe the authentication log and / or the email log. This way I don't need to use captive portal for iPhone and iPad users.

I'm not very good at writing scripts but can provide a copy of one of the logs available if it would help?

Regards,

Re: UserID API integrated with OpenDirectory service on OS X Server

npiagentini — Thu, 21 Feb 2013 03:26:07 GMT

Hello,

I have had success syslogging off the KDC log from OpenDirectory and then treating like any other syslog integration (UserID API integration using Syslog)

If you need any help with the regular expression used in the script just post a sample log with both a user and IP data in it.

Have a great evening

Nick

Re: UserID API integrated with OpenDirectory service on OS X Server

Santa — Thu, 21 Feb 2013 11:52:40 GMT

Much appriciated !

Here is one example of the Mail Server log "Library/Logs/Mail/mailaccess.log"

Feb 21 10:35:29 server.name log[96339]: imap-login: Login: user=<jimmy.nilsson>, method=CRAM-MD5, rip=192.168.5.3,

Regards,

Re: UserID API integrated with OpenDirectory service on OS X Server

npiagentini — Thu, 21 Feb 2013 14:11:26 GMT

Hi Santa,

Assuming you are running Pearl on your syslog server of choice your line to extract the user and IP from this log will look like this:

#Extract user and IP from string

if ($string =~ /user=\<(\w+\.\w+).*rip=(\d+\.\d+\.\d+\.\d+)/) {$user =$1; $address = $2};

The exact script will vary based on the syslog server you want to use and how you pass the log text to the script. If you look at the example scripts in the document you will find a Pearl one. If you replace the sample regular expression with the one above all you will need to do is determine how to pass the log data to the script in the first place.

Hope this helps!

Nick