“myperl” perl connector module - openxpki · perl connector module scott hardin, 10/2015....
TRANSCRIPT
![Page 1: “myperl” Perl Connector Module - OpenXPKI · Perl Connector Module Scott Hardin, 10/2015. WhiteRabbit Security “myperl” in lieu of the system perl quagmire. WhiteRabbit Security](https://reader034.vdocuments.us/reader034/viewer/2022042306/5ed248500a2a59041e798cc2/html5/thumbnails/1.jpg)
WhiteRabbitSecurity
“myperl”&
Perl Connector Module
Scott Hardin, 10/2015
![Page 2: “myperl” Perl Connector Module - OpenXPKI · Perl Connector Module Scott Hardin, 10/2015. WhiteRabbit Security “myperl” in lieu of the system perl quagmire. WhiteRabbit Security](https://reader034.vdocuments.us/reader034/viewer/2022042306/5ed248500a2a59041e798cc2/html5/thumbnails/2.jpg)
WhiteRabbitSecurity
“myperl”in lieu of the system perl quagmire
![Page 3: “myperl” Perl Connector Module - OpenXPKI · Perl Connector Module Scott Hardin, 10/2015. WhiteRabbit Security “myperl” in lieu of the system perl quagmire. WhiteRabbit Security](https://reader034.vdocuments.us/reader034/viewer/2022042306/5ed248500a2a59041e798cc2/html5/thumbnails/3.jpg)
WhiteRabbitSecurity WhiteRabbitSecurity
Perl Alternatives• System Perl: Perl and CPAN modules are tailored to
system administration tasks and vendor-supplied tools
• “local::lib”: Uses System Perl, but installs additional CPAN modules to separate directory
• “perlbrew”: Independent Perl, but packaging targeted for developers, not deployment in data centers
• “myperl”: Independent Perl deployed in /opt/myperl
![Page 4: “myperl” Perl Connector Module - OpenXPKI · Perl Connector Module Scott Hardin, 10/2015. WhiteRabbit Security “myperl” in lieu of the system perl quagmire. WhiteRabbit Security](https://reader034.vdocuments.us/reader034/viewer/2022042306/5ed248500a2a59041e798cc2/html5/thumbnails/4.jpg)
WhiteRabbitSecurity WhiteRabbitSecurity
Benefits of “myperl”• Independent from vendor Perl and CPAN
• Simplifies process for updating CPAN modules
• Simplified support for related distributions (e.g. Debian vs Ubuntu, SuSE vs RedHat)
• Use “Pinto” to pin versions for specific CPAN modules
• Debian and RPM (SLES 11) packages currently available for use by OpenXPKI
![Page 5: “myperl” Perl Connector Module - OpenXPKI · Perl Connector Module Scott Hardin, 10/2015. WhiteRabbit Security “myperl” in lieu of the system perl quagmire. WhiteRabbit Security](https://reader034.vdocuments.us/reader034/viewer/2022042306/5ed248500a2a59041e798cc2/html5/thumbnails/5.jpg)
WhiteRabbitSecurity
Perl “Connector”A flexible connection to a hierarchical data structure
![Page 6: “myperl” Perl Connector Module - OpenXPKI · Perl Connector Module Scott Hardin, 10/2015. WhiteRabbit Security “myperl” in lieu of the system perl quagmire. WhiteRabbit Security](https://reader034.vdocuments.us/reader034/viewer/2022042306/5ed248500a2a59041e798cc2/html5/thumbnails/6.jpg)
WhiteRabbitSecurity WhiteRabbitSecurity
Perl “Connector”• Generic connection to a data set in a hierarchical
structure
• Key names are in dotted-name format (e.g: ‘root.parent.child.attr’)
• Connector objects may have different object types representing different sources of data or types of data structures
![Page 7: “myperl” Perl Connector Module - OpenXPKI · Perl Connector Module Scott Hardin, 10/2015. WhiteRabbit Security “myperl” in lieu of the system perl quagmire. WhiteRabbit Security](https://reader034.vdocuments.us/reader034/viewer/2022042306/5ed248500a2a59041e798cc2/html5/thumbnails/7.jpg)
WhiteRabbitSecurity WhiteRabbitSecurity
Simple Data Access
# Get a scalar value at the leaf of the tree my $val = $connector->get( qw{smartcard.owners.bob} );
# Allow delimiter in get() string my $val = $connector->get( [ qw{smartcard owners bob.builder} ] );
# Get a list of values at the leaf of the tree my @vals = $connector->get_list( qw{smartcard.owners} );
![Page 8: “myperl” Perl Connector Module - OpenXPKI · Perl Connector Module Scott Hardin, 10/2015. WhiteRabbit Security “myperl” in lieu of the system perl quagmire. WhiteRabbit Security](https://reader034.vdocuments.us/reader034/viewer/2022042306/5ed248500a2a59041e798cc2/html5/thumbnails/8.jpg)
WhiteRabbitSecurity WhiteRabbitSecurity
Built-in Data Types
• Authentication::LDAP
• Authentication::Password
• Env
• File::Path
• File::Simple
• Memory
• Static
Direct Access to Specific Data Source Types
![Page 9: “myperl” Perl Connector Module - OpenXPKI · Perl Connector Module Scott Hardin, 10/2015. WhiteRabbit Security “myperl” in lieu of the system perl quagmire. WhiteRabbit Security](https://reader034.vdocuments.us/reader034/viewer/2022042306/5ed248500a2a59041e798cc2/html5/thumbnails/9.jpg)
WhiteRabbitSecurity WhiteRabbitSecurity
Multi (Multiple Types) Logical View
smartcards: tokens: token_1: status: ACTIVATED token_2: status: DEACTIVATED owners: joe: tokenid: token_1 bob: tokenid: token_2
LDAP Subtree: “tokens”
LDAP Subtree: “owners”
![Page 10: “myperl” Perl Connector Module - OpenXPKI · Perl Connector Module Scott Hardin, 10/2015. WhiteRabbit Security “myperl” in lieu of the system perl quagmire. WhiteRabbit Security](https://reader034.vdocuments.us/reader034/viewer/2022042306/5ed248500a2a59041e798cc2/html5/thumbnails/10.jpg)
WhiteRabbitSecurity WhiteRabbitSecurity
Multi (Multiple Types) Implementation View
connectors: ldap-query-owners: class: Connector::Proxy::Net::LDAP basedn: ou=people,dc=example,dc=org server: uri: ldaps://example.org bind_dn: uid=user,ou=Directory \ Users,dc=example,dc=org password: secret
connectors: ldap-query-tokens: class: Connector::Proxy::Net::LDAP basedn: ou=smartcards,dc=example,dc=org server: uri: ldaps://example.org bind_dn: uid=user,ou=Directory \ Users,dc=example,dc=org password: secret
smartcards: @tokens: connector:connectors.ldap-query-token @owners: connector:connectors.ldap-query-owners
![Page 11: “myperl” Perl Connector Module - OpenXPKI · Perl Connector Module Scott Hardin, 10/2015. WhiteRabbit Security “myperl” in lieu of the system perl quagmire. WhiteRabbit Security](https://reader034.vdocuments.us/reader034/viewer/2022042306/5ed248500a2a59041e798cc2/html5/thumbnails/11.jpg)
WhiteRabbitSecurity WhiteRabbitSecurity
Proxy (for CPAN Modules)
• Config::Std
• Config::Versioned
• DBI
• LDAP
• Proc::SafeExec
• SOAP::Lite
• YAML
Currently Supported Modules
![Page 12: “myperl” Perl Connector Module - OpenXPKI · Perl Connector Module Scott Hardin, 10/2015. WhiteRabbit Security “myperl” in lieu of the system perl quagmire. WhiteRabbit Security](https://reader034.vdocuments.us/reader034/viewer/2022042306/5ed248500a2a59041e798cc2/html5/thumbnails/12.jpg)
WhiteRabbitSecurity WhiteRabbitSecurity
Builtin::File::Pathreads .pem files from /var/openxpki/
crl-fileProxy::Net::LDAP::SingleLDAP subtree containing CRLs
crl-ldap
Proxy::YAMLRead carddata.yaml(configured for tests only)
testingProxy::SOAP::Lite::usersRead internal company database
legacy-user-dataProxy::Net::LDAP::SimpleInternal Employees
ldap-intProxy::Net::LDAP::SimpleExternal Employees
ldap-ext
Builtin::SystemRuns executable with args
derive-puk
• • •
publishingnotifications
card2user
resolver
cardinfo
smartcard system
crypto server ca-one ca-NNN
openxpki
realms
• • • • • • • • •
• • •
Example Configuration
![Page 13: “myperl” Perl Connector Module - OpenXPKI · Perl Connector Module Scott Hardin, 10/2015. WhiteRabbit Security “myperl” in lieu of the system perl quagmire. WhiteRabbit Security](https://reader034.vdocuments.us/reader034/viewer/2022042306/5ed248500a2a59041e798cc2/html5/thumbnails/13.jpg)
WhiteRabbitSecurity
“Thank you”
Scott Hardin, 10/2015