saush

Graduation day!

Posted in law by sausheong on July 29, 2006

I graduated today from my Graduate Certificate in International Arbitration. The passing rate was much lower than I expected — only 22 our of 32 in the class graduated today — that was quite a humbling thought as well.

Graduation Graduation all photo
So, I’m an arbitrator now. Well, not yet, not until I handle a real case at least. But what I’ve learnt during the classes and the practicum are useful nonetheless. It reminded me of a discussion about CMMI effectiveness and the neutrality and fairness of any CMMI evaluation, since the lead appraiser can sometimes come from the same organization, and the other appraisers in the SEPG are usually from the same organization itself. From that perspective, arbitration really covered all grounds regarding neutrality and fairness, very rigourously and it is an interesting comparison. My studies on Law has given me much new perspective when looking at processes and management.

Anyway. I’ll be joining the Singapore Institute of Arbitrators as a Fellow as soon as I send in my application. See what happens next.

Spam blog comments

Posted in general by sausheong on July 21, 2006

I’ve been hit very badly by spam blog comments recently that I’ve closed off many of my blog entries from comments. Unfortunately there’s no mass turning off of blog comments in WordPress (or at least I don’t know how to) so I’m still getting huge amounts of mails asking me to approve blog comments. However that’s not really what I want either — I just want to automatically bump off such spam blog comments.
Anyone with any good proven ideas on how to counter this?

Hello world!

Posted in Uncategorized by sausheong on July 21, 2006

Welcome to WordPress.com. This is your first post. Edit or delete it and start blogging!

Ruby/Rails user authentication with Microsoft Active Directory

Posted in Rails, Ruby by sausheong on July 18, 2006

Firstly you need to know that Active Directory is actually an implementation of LDAP in Windows 2000/2003 Server, and it follows most of the convention in any LDAP server. After that, it is relatively simple to use Active Directory as your authentication server. I’m going to show you how to use Active Directory to authenticate your users, but not to do stuff that changes the Active Directory entries.

What you will need to try this:

  • An Active Directory Server which you have an account (this might be your Domain Controller, in Windows parlance)
  • The Active Directory Server needs to be accessible through port 389, the standard LDAP port. If you are using a corporate Active Directory, your system administrator would have probably sealed off all ports except those necessary (which normally doesn’t include port 389)
  • Ruby/LDAP installed. There are other ways of access LDAP servers including the easier ActiveLDAP but Ruby/LDAP shows a lower level of access. In any case ActiveLDAP actually wraps around Ruby/LDAP so you’ll need that anyway. I’ll include a short writeup on getting Ruby/LDAP on your Windows machine

That’s it! Let’s start.

Getting Ruby/LDAP on your Windows machine

For this I’m assuming you are running Windows XP. For Linux or other variants you can try to build it yourself. The Ruby/LDAP project is an open source project that provides a library for Ruby applications to access LDAP servers. To install it on Windows, the best tutorial I’ve found is at Olivier’s Toolbox. This gem (pun intended) even provided a RubyGem that you can download and install!

> gem install ldap-0.9.5-mswin32.gem

Alternatively you can try following Olivier’s instructions to build the gem or even try it from the source itself if you’re not into Windows.

Authenticating with Ruby/LDAP

This little piece of code below (open sourced under MIT License) is a concise and direct method of authenticating a user with Ruby/LDAP and getting the groups that the user is assigned to.

require 'ldap'

class Auth
connection = nil
host = "localhost"
port = 389
dn = nil

def initialize(dn,host="localhost",port=389)
@host = host
@port = port
@dn = dn
end

def login(login, pass)
begin
conn = LDAP::Conn.new(@host, @port)
conn.set_option( LDAP::LDAP_OPT_PROTOCOL_VERSION, 3 )
conn.bind( login, pass )
@connection = conn
return true
rescue => e
false
end
end

def get_member_of(username)
result = @connection.search2( @dn, LDAP::LDAP_SCOPE_SUBTREE, "cn=#{username}", ["memberOf"])
members_of = Array.new
result.first["memberOf"].each { |str|
members_of < < str.split(',')[0].split('=')[1]
}
members_of
end

def close
@connection.unbind unless @connection == nil
@connection = nil
end

end

# testing the code
auth = Auth.new("CN=Users,DC=myserver,DC=com",ad.myserver.com, 389)
auth.login("sausheong@myserver.com", "password")
groups = auth.get_member_of("Sau Sheong Chang")
auth.close

Note that your username needs to be in the form of username@domainname. This is apparently a peculiarity with Active Directory, which is different from more standard LDAP servers. The rest of the code is quite self-explanatory. If you want something that allows you to authenticate quickly, this is the shortcut:

require 'ldap'

class Auth
connection = nil
host = "localhost"
port = 389
dn = nil

def initialize(host="localhost",port=389)
@host = host
@port = port
end

def authenticate(login, pass)
begin
conn = LDAP::Conn.new(@host, @port)
conn.set_option( LDAP::LDAP_OPT_PROTOCOL_VERSION, 3 )
conn.bind( login, pass )
return true
rescue => e
false
ensure
conn.unbind unless conn == nil
conn = nil
end
end

end

# test the code
auth = Auth.new("ad.myserver.com", 389)
if auth.authenticate("sausheong@myserver.com", "password")
puts "You're authenticated!"
end

Drop me a mail if you have any questions on the code.

My Yahoo account hacked!

Posted in general, payment & banking by sausheong on July 18, 2006

Last week my Yahoo account was hacked. I didn’t realise it until some people asked me why I was sending them some funny urls. I still don’t know what was sent though I’m half-afraid it’s something pornographic :(

Identity theft is something I read and write about some time back and this is something that hit me the second time. Although generally I’m quite relaxed with my identify and credentials, this has taught me to be more cautious about my accounts and my general outlook on security.

There were some reports of phishing in some local and foreign banks, particularly Citibank and OCBC. As I have written before, phishing is only the tip of the iceberg, nastier things lurk at the bottom of that particular cesspool. It’s been some time since I wrote about that, maybe I’ll continue that again.
You’ll never know who’s out there, waiting for you to make that misstep, waiting to pounce on your mistakes.

Follow

Get every new post delivered to your Inbox.

Join 449 other followers