So... As I was putting together my most recent post regarding IPv6 I got to thinking about how many computers I use every day. It started as I counted up how many things in my house use IP addresses. From here forward I will refer to anything that uses an IP address as a computer for simplicity (yes, that means that in this context my iPhone is a computer, as is my Tivo, and my Linksys wireless access point).

Then I started to think... How many computers do I inconvenience on any given day? If you think of every website you go to in a day, plus the server that serves up those ads on those sites, plus all of the routers in between. And then add in the fact that most sites actually have more than one server behind a load balancer and have back-end services that the front end talks to and probably a separate database (or 3) and your connection gets logged and put in a database for somebody to write reports about and, and and... Phew... That's probably a lot of computers.

So I decided to count what I could. There is no way to know how many servers at google are required for my request, or what google analytics is going to do with it, but I /can/ count the external IP that I hit. So here's what I did. I created a cron job that looked at all established IP connections, logged them, and spat out only unique IP addresses. That took care of all of the things that I connected to. Then I took that output and ran a traceroute to each of those IPs, took that output and spat out the unique IPs there, and counted them up. Obviously, there's a huge margin for error here due to a lot of routers that won't respond to my traceroutes, but it gives me a little insight.

And what did I end up with?
1 Day: 404 connections for a total of 1107 including routers
2 Days: 728 connections for a total of 1744 including routers

Wow. Over one thousand machines per day are touched by my daily activities from my laptop alone. And I don't BitTorrent or Skype or use any other P2P app. I also don't social network. And I don't /think/ I'm a heavy web surfer...

OpenLDAP has a nice "feature" that allows for group members to continue to exist, even if the user does not exist any more. Really handy! Problem is, if you, say, have a user in the "Domain Admins" group, and you delete that account, and then some normal user comes along with the same username, they will end up with unexpected elevated privileges.

So I created a script that I run weekly that finds group members that no longer exist, and sends me a report. It also tells me which groups are empty.

This relies on my toolbox... Find it here.

Just to wrap up, and in case you are lazy like me, give you a whole file worth of subroutines. It's my toolbox and I'm giving it to you. I put this in a secure location and just call it from my other scripts. This makes the code much shorter in my other scripts, nearly auto-commenting, and avoids bugs because if it works in one, it will work in others.

NOTE: This uses the foundations in parts 1, 2 and 3. You can find them here: Part 1 Part 2 Part3

More foundational work. This stuff will configure for your site, and the routines that follow will regularly rely on them.

Hello and Welcome!

Over the course of my time as an Admin I've done a lot of Google searches and writeen a lot of code that has been very helpful to me in my work. I will be posting things here that hopefully will help you in your quest to master some of these technologies (Or simply stand on the shoulders of midgets).

I by no means consider myself a Perl or LDAP expert. It has been a "Learn as you go" ordeal. No formal training, just get things done on an as-needed basis.

I assume that you have a basic knowledge of PERL and LDAP.

Enjoy!

-Sean