Never Ending Security

It starts all here

libnfldap – A Python module to generate IPTables and IPSet rules from LDAP records

libnfldap

A Python module to generate IPTables and IPSet rules from LDAP records. See example.py for a demo.

Installation

Use PyPi:

$ sudo pip install libnfldap

Or build a RPM using:

$ python setup.py bdist_rpm

The later will require python-ldap to be installed separately, either using yum install python-ldap or pip install ldap. It’s up to you, the RPM will not attempt to install the ldap dependency.

Example

The script at example_allusers.py will build iptables and ipset rules for all users in LDAP. You can provide the script an ldap filter as argv[1] to limit the scope.

$ time python example_allusers.py '(uid=jvehent)'
IPTables rules written in /tmp/tmpT7JgOW
IPSet rules written in /tmp/tmpJYtWM5

real    0m0.605s
user    0m0.061s
sys     0m0.014s

example.py does something similar but for a single user identified by its uidNumber (unix user ID).

$ python example.py 2297
#Generating rules for user ID 1664
#====== ACL details ======
jvehent has access to .....

Authors

Julien Vehent & Guillaume Destuynder (@ mozilla)

More information can be found on: https://github.com/mozilla/libnfldap

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s