New website deployed

I have not been as active on my blog for the last months as I would have liked, I have been busy working on this new site which has taken different forms before I was happy with it.

I wanted the website to first promote my IT consultant business and to have a seperate area for the blog. I also wanted some form of documentation system to replace the blog using some markup language. I first tried markdown, but later found asciidoc which has a lot more features.

After using Asciidoc a while I found the markdown library for Pyhton and with it's extensions I decided that Markdown would be enough for me. Markdown is also easier to render then Asciidoc.

I also decided that I should have the blog as my primary site, and to put the business into subpages on the blog.

So here is the result. It's not finished yet but good enough for release.

VIM save with sudo

A colleague of mine did the mistake of opening a file in vim without using sudo and when he was going to save the file he did not have permissions to do it.

He then googled and found a way to save the file without reopening the file and retyping the changes.

When saving a file in vim you use the :w command, and without any parameters it will save the buffer to the current file. You could also type a filename as parameter which would act like a "save as" leaving the current file unchanged.

You can also type:

:w !sudo sh -c "cat > %"

What is happening here is when using a command as a parameter to :w the buffer is sent as input to that command, which will be captured by cat and then written to %, the percent sign is a symbol for the current file.

You can also add this mapping to your .vimrc file for a nice shortcut

cmap w!! w !sudo sh -c "cat > %"

Gitlab HTTPS authentication returns exit code 128

We are running Gitlab at work as our source code repository. It has been working fine for most users, but some users has had trouble using HTTPS authentication. There was no issues to login to the Gitlab web ui, but when using a git client to clone a repository over HTTPS would result in an error message saying

exit code 128

We are using LDAP authentication in Gitlab against our Active Directory.

The issue

It turns out that this was only affecting users with an "å" character in their distinguishedName attribute in Active Directory.

When creating users in Active directory the users Full name is a combination of the first and last name, unless you manually change it. The full name is then used to set both the displayName and distinguishedName attribute.

This causes a problem when the user has an "å" in their first or last name, since that character will then be included in the distinguishedName attribute, and will cause LDAP authentication againt gitlab from git to fail.

Solution

Rename the user account and change the Full name to use an "a" instead of "å" this will fix the distinguishedName attribute while leaving the displayName untouched.

After this change the git client should now be able to authenticate.

But this also caused another issue, after the rename the user is unable to login to the Gitlab web ui.

This is because Gitlab stores the external identities (the distinguishedName of the users) in it's database. And after the rename it no longer matches the value in the database.

So to fix this I needed to alter the database and manually update the external identifier to match.

Connect to your gitlab database (we are using Postgresql for our database server)

sudo -u postgres -H psql gitlabhq_production

Then select from identities to see the current values

select * from identities;

Then update the values that no longer match

update identities set extern_uid = '<new distinguished name>' where user_id = <user id>

to exit psql type

\q

The user should now be able to authenticate both with git and the gitlab web ui.

Get lastlogondate for users in Active Directory

Needed to get the last logon date for a customers users in our active directory.

Here is the Powershell script I used

1
2
3
4
Import-Module Active-Directory

Get-ADUser -Filter * -SearchBase "OU=users,DC=example,DC=com" -property lastlogondate -Server
dc1.example.com | ft name,lastlogondate

If you don't get any logon dates try to change the Server parameter to another domain controller since the user needs to have authenticated against the domain controller in order to have a timestamp.