Nagios, Kanidm and LDAP Authentication

Here’s an example Apache configuration file for using Kanidm’s LDAP server to authenticate access to Nagios. The below file is also available as a github gist <IfModule mod_ssl.c> <VirtualHost *:443> ServerName monitoring.example.com ServerAdmin [email protected] SSLEngine on SSLCertificateFile /etc/letsencrypt/live/monitoring.example.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/monitoring.example.com/privkey.pem ScriptAlias /cgi-bin "/usr/local/nagios/sbin/" <Directory "/usr/local/nagios/sbin"> Options ExecCGI AllowOverride None <RequireAll> Require all granted AuthName "Nagios Access" AuthType Basic AuthLDAPURL "ldaps://kanidm.example.com:636/dc=kanidm,dc=example,dc=com?name?sub?(name=*)" TLS AuthBasicProvider ldap Require valid-user </RequireAll> </Directory> Alias / "/usr/local/nagios/share/" <Directory "/usr/local/nagios/share"> Options None AllowOverride None <RequireAll> Require all granted AuthName "Nagios Access" AuthType Basic AuthLDAPURL "ldaps://kanidm. [Read More]

rust openssl-src panic on install

I was trying to cargo install wasm-pack on an OpenSUSE Tumbleweed docker container and getting fucking stupid errors… turns out error handling is hard, let’s just assume everything’s going to work and .unwrap() all the things! error: failed to run custom build command for `openssl-sys v0.9.65` Caused by: ared" "no-ssl3" "no-unit-test" "no-comp" "no-zlib" "no-zlib-dynamic" "no-md2" "no-rc5" "no-weak-ssl-ciphers" "no-camellia" "no-idea" "no-seed" "linux-x86_64" "-O2" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64" Configuring OpenSSL version 1.1.1k (0x101010bfL) for linux-x86_64 Using os-specific seed configuration Creating configdata. [Read More]

Splunk, LDAP and Kanidm

This is an example LDAP configuration for Splunk connecting to Kanidm via LDAP. The configuration goes into /opt/splunk/etc/system/local/authentication.conf Replace kanidm.example.com with the hostname of the Kanidm server Replace dc=kanidm,dc=example,dc=com with the LDAP-format domain name of the system. Map your groups to your users. I’ve got two groups in Kanidm, splunk_users and splunk_admins [authentication] authSettings = kanidm.example.com authType = LDAP [kanidm.example.com] SSLEnabled = 1 anonymous_referrals = 1 charset = utf8 emailAttribute = mail enableRangeRetrieval = 0 groupBaseDN = dc=kanidm,dc=example,dc=com groupBaseFilter = (class=group) groupMappingAttribute = dn groupMemberAttribute = member groupNameAttribute = name host = kanidm. [Read More]

🪵 The 🪵 Great 🪵 Log 🪵 Post 🪵

So… this started out as me trying to start a discussion about logging on kanidm/kanidm and once I started, I couldn’t stop. Awkward. Is this about lots of logs, or great quality logs, or just ✨big✨ logs? Yes. 🪵 Ok, so everyone should like their logs, and making logs likeable requires them to be usable. What makes a usable log? Note: I’m not necessarily talking about platform metrics here; they’re related but not the focus. [Read More]

Tokyo Neopolitan - Japanese Pizza

I’ve been reading a lot of Craig Mod’s writing lately, and his article in Eater “Tokyo Neapolitan: The New Wave of Japanese Pizza” makes me really want to fly there. Right now. I feel like that most days, but … the art they bring to crafting things is just.. needed right now. But Kakinuma is adamant that his pizzas aren’t, in fact, Neapolitan. “Absolutely not,” he said. “They’re Kakinuma-style pizzas. [Read More]

IPv6 With Docker and Ansible

Please note: This is not authoritative information; if you use it and kittens pop out of your router or there’s some way simpler/better way to do things: don’t blame me for the kitten thing please document it and send me a link so I can learn from you. The Problem. IPv6. It’s a thing. Who even wants NAT anyway? Docker’s neat, it lets you run containers and stuff. [Read More]

Richard Branson and Neurodiversity

A recent post on Richard Branson’s blog about neurodiversity was a good read. The world needs a neurodiverse workforce to help try and solve some of the big problems of our time. Many people on the autism spectrum excel in areas such as logic, technology skills, problem-solving, pattern recognition, precision, sustained concentration, analysis and other unique cognitive functions. Yet people on the autism spectrum are often overlooked for jobs that they might be brilliant at. [Read More]

On Languishing

This article on the New York Times about the idea of “Languishing” explains a lot about my productivity in the last year or so. I’m finally hammering away at a lot of little medium-effort tasks - and not just because I started being medicated for my ADHD at age 37. 🤔 It wasn’t burnout — we still had energy. It wasn’t depression — we didn’t feel hopeless. We just felt somewhat joyless and aimless. [Read More]

512 Pixels on the Mac Chimes of Death

Quality post for sure - 512 Pixels on the historic sounds that Macs made when they failed to boot. I miss the whimsy in the personality of the early Macs. 🥰 I have to say the PowerPC Performa death sound with the little badoom-tish at the end was my favourite. [Read More]

Patching Proxmox for UI Issues

I had an issue in the Proxmox VE manager, where on Safari (all the time) or Firefox, when the screen width was too low, the various UI elements made it so I couldn’t access the buttons in the top left. I found that all of the necessary things to change were in /usr/share/pve-manager/js/pvemanagerlib.js. Messing around, I screwed it up and had to learn how to extract a file from a . [Read More]