Principle of Programming

http://www.cprogramming.com/how_to_learn_to_program.html

Learning to program isn’t something you can do in an afternoon, but it doesn’t have to be a life’s work, either. There are lots of things you can do to make it easier on yourself when you are learning to program. You already know about The 5 Most Common Problems New Programmers Face–And How You Can Solve Them. Now, discover how to get the most out of your learning.

One common theme across many of these tips is:

don’t go too fast; get it right before moving on.

When I was teaching C, there were always a few students who came into the class knowing a bit about programming. Inevitably, some of these students did great in the first few weeks only to fall further and further behind as the course went on. Why? They went too fast through the introductory part of the course, thinking they knew it all–but they rarely did. They knew some of the material, but not enough to have a strong grasp of the fundamentals.

At the same time, you must not stop making progress–you can go too slow as well as too fast. Don’t avoid a topic after you’ve mastered everything leading up to it. By facing more challenging ideas, you’ll help cement your grasp of the basics.
1. Look at the Example Code

Reading is usually about the words on the page, but learning to program is about code. When you’re first learning to program, you should make sure to look at, and try to understand, every example. When I first learned to program, I would sometimes read the code examples before the text, and try to figure out what they did. It doesn’t always work, but it did force me to look at the example very carefully, and it often helped make the writeups clearer.

If you want to see what sample code looks like, you can read this site’s introductory programming tutorial. This tutorial spends a great deal of time talking about the sample code to help you work through exactly what the code does.
2. Don’t Just Read Example Code–Run It

But when you’re reading a programming tutorial (or book), it’s easy to look at the sample code and say “I get it, I get it, that makes sense”. Of course, you might get it, but you might not get it, and you just don’t know it. There’s only one way to find out–do something with that code.

If you haven’t already, get a compiler like Code::Blocks set up.

Then type the sample code into a compiler–if you type it, instead of copying and pasting it, you will really force yourself to go through everything that is there. Typing the code will force you to pay attention to the details of the syntax of the language–things like those funny semicolons that seem to go after every line.

Then compile it and run it. Make sure it does what you think it does.

Then change it. Software is the most easily changed machinery on the planet. You can experiment easily, try new things, see what happens; the changes will happen almost immediately, and there is no risk of death or mayhem. The easiest way to learn new language features is to take some code that works one way, and change it.
3. Write your Own Code as Soon as Possible

Once you understand something about the language–or even if you’re still getting your head around it–start writing sample programs that use it. Sometimes it’s hard to find good ideas for what programs to write. That’s OK, you don’t have to come up with every idea at the beginning.

You can find some programming challenges on this site.

You can also reimplement the examples from the book or tutorial you are reading. Try to do so without looking back at the sample code; it won’t be as easy as it seems. This technique can work especially well if you tweak the sample code.

If you can’t think of a small program to write, but you have in mind a larger program you want to implement, like a game, you could start building small pieces that you can later use for a game. Whether you use them later or not, you will get the same useful experience.
4. Learn to Use a Debugger

I already talked about the importance of debugging in The 5 Most Common Problems New Programmers Face–And How You Can Solve Them. But it bears repeating; the sooner you learn good debugging techniques, easier it will be to learn to program.

The first step in doing so is to learn how to use a tool called a debugger, which allows you to step through your code.

A debugger will allow you to step line by line through a piece of code. It will let you see the values of variables, and whether the code inside an if statement is executed.

A debugger can help you quickly answer questions about what your code is doing.
int main()
{
int x;
int y;
if( x > 4 ) // <-- what is the value of x here? { y = 5; // <-- did this line of code execute? } } A final word about debuggers: the first time you learn about a debugger, it will take you longer to fix the problems with your code. After the tenth or so bug, it will really start to pay off. And believe me, you will have way more than ten bugs in your programming career. I often saw students unwilling to use a debugger. These students really made life hard on themselves, taking ages to find very simple bugs. The sooner you learn to use a debugger, the sooner it will pay off. 5. Seek out More Sources If you don't understand something, there's a good possibility the way it was explained just didn't click. First, look for alternative explanations. The internet is filled with information about programming, and some explanations work better for different people; you might need pictures, someone else might not. There are also lots of good books with detailed explanations. But if that doesn't work, the easiest way to figure out where your misunderstanding lies is to ask someone else. But try to go beyond saying, "I don't understand. Please explain." You're likely to get a link back to the same text you didn't understand. Instead, rephrase your understanding of the text in your words. The more your question reveals about what you are thinking, the easier it will be for a knowledgeable expert to answer it. Programmers sometimes have a reputation for being grumpy about answering questions, but I think the reason is that they want to make progress in a conversation, and that requires both sides to put in effort. If you ask a smart, detailed question that shows you are thinking, you will generally get good results. There are plenty of places you can go to ask questions. You can always email me, or post on our message board, or ask an expert. In the coming days, I'll be writing more about how to learn to program effectively. Stay tuned, by subscribing to our RSS feed, signing up for email notifications, or following @alexallain on twitter.

LDAP_ host-based limited with Pam_filter Not Working

Recently, I was trying to migrate our all of the stuffs of LDAP into MysqlDB. The password with type: md5crypt (not very clear why using this by default). When using PAM_FILTER modules for host limiting, however it was failed. So googled find this solution. This is very helpful for me. Thanks to the author for this. 🙂

Reference link: http://computingfunnyfacts.blogspot.com/2008/01/pamfilter-not-working.html

Here is the blog content of :system-auth

config of /etc/ldap.conf

It’s working!
:::::::::::::::::::::::::::::::::::::::
pam_filter not working
So here is the problem you want to limit your cluster to a special user group. You have everything LDAP managed and use pam_ldap for authentication. But when you edit the /etc/ldap.conf and set a pam_filter nothing happens. First of all the the syntax of pam_filter :
(|(gidNumber=1028)(gidNumber=1160))
Will not work
Literally only
pam_filter gidNumber=1028
Will work. This is the way they stupidly implemented it
else if (!strcasecmp (k, “pam_filter”))
{
CHECKPOINTER (result->filter = strdup (v));
}

where v is everything after the ‘ ‘

while (*v != ‘\0’ && *v != ‘ ‘ && *v != ‘\t’)
v++;

*(v++) = ‘\0’;

For those that know C
So you can give it one value max. Now you have to modify the /etc/pam.d/system-auth file. The default configuration is:
[root@lxb5477 ~]# cat /etc/pam.d/system-auth.back | grep ldap
auth sufficient /lib/security/$ISA/pam_ldap.so use_first_pass
account [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_ldap.so
password sufficient /lib/security/$ISA/pam_ldap.so use_authtok
session optional /lib/security/$ISA/pam_ldap.so

But of course a optional is not really enough. You, of course, want that if the user doesn’t fulfill your filter he should be chucked into nirvana. So change to:
[root@lxb5477 ~]# cat /etc/pam.d/system-auth | grep ldap
auth required /lib/security/$ISA/pam_ldap.so
account required /lib/security/$ISA/pam_ldap.so
password requried /lib/security/$ISA/pam_ldap.so use_authtok
session required /lib/security/$ISA/pam_ldap.so

Through this if ldap fails the login fails.

But be aware that in /etc/nsswitch.conf files is before ldap
passwd: files ldap
shadow: files ldap
group: files ldap

Setting up LDAP autentication with sudoer access

Building Environment:
==================================
OS: CentOS 5.4(64 bit)
==================================
Packages:openldap-servers-2.3.43-12.el5_7.10
openldap-devel-2.3.43-12.el5_7.10
openldap-2.3.43-12.el5_7.10
openldap-2.3.43-12.el5_7.10
openldap-clients-2.3.43-12.el5_7.10
openldap-devel-2.3.43-12.el5_7.10
===================================
sudo-1.6.9p17-5.el5
===================================
Optional: WEB UI
phpldap
===================================

#### Server settings ######
1. Install openldap-server

yum install openldap-servers openldap-devel openldap openldap-clients

2. Config sldap.conf
# set schemas
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/sudoer.schema
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema

# DB type & dc setting
database bdb
suffix “dc=happyelements,dc=net”
rootdn “cn=manager,dc=happyelements,dc=net”
rootpw secret # this can by generated by “slappasswd”
#
directory /usr/local/openldap/var/openldap-data

3. /etc/openldap/ldap.conf for searching by ldapsearch

URI ldap://127.0.0.1/
BASE dc=happyelements,dc=net
TLS_CACERTDIR /etc/openldap/cacerts

4. Copy sudo schema to /etc/schema
cp /usr/share/doc/sudo-1.6.9p17/schema.OpenLDAP /etc/openldap/schema/sudoer.schema

5. Set database dir:
mkdir -p /usr/local/openldap/var/openldap-data
chown ldap:ldap /usr/local/openldap/var/openldap-data
cp /etc/openldap/DB_CONFIG.example /usr/local/openldap/var/openldap-data/DB_CONFIG

6. Testing Servers
/etc/init.d/ldap start

7. Create entries related for LDAP Server:

#Paste following lines as file: happyelements.ldif
dn: dc=happyelements,dc=net
objectClass: dcObject
objectClass: organization
dc: happyelements
o: happyelements.net
description: happyelements.net

dn: cn=manager,dc=happyelements,dc=net
objectClass: organizationalRole
cn: manager

dn: ou=Group,dc=happyelements,dc=net
objectClass: organizationalUnit
ou: Group

dn: ou=People,dc=happyelements,dc=net
objectClass: organizationalUnit
ou: People

#Paste following lines into file sudoeraccess.ldif

objectClass: top
objectClass: organizationalUnit
ou: SUDOers

dn:cn=defaults,ou=SUDOers,dc=happyelements,dc=net
cn:defaults
sudoOption:ignore_dot
sudoOption:!mail_no_user
sudoOption:!root_sudo
sudoOption:log_host
sudoOption:logfile=/var/log/sudolog
sudoOption:!syslog
sudoOption:timestamp_timeout=10
objectClass:top
objectClass:sudoRole
description:DefaultsudoOption’s

dn:cn=Rule1,ou=SUDOers,dc=happyelements,dc=net
cn:Rule1
sudoOption:!authenticate
objectClass:top
objectClass:sudoRole
sudoHost:ALL
sudoCommand:ALL
sudoUser:ALL
description:AllowedwithoutpasswordforALLusers

Add entries into LDAP Server:
ldapadd -x -D “cn=manger,dc=happyelements,dc=net” -W -f happyelements.ldif
ldapadd -x -D “cn=manger,dc=happyelements,dc=net” -W -f sudoeraccess.ldif

ADD User entries:
# paste following lines into user_passswd.ldif
uid: root
cn: root
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$DpCxWpSc$E1Tsbg/CFnP1MZhvXqCdg1
shadowLastChange: 15117
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 0
gidNumber: 0
homeDirectory: /root
gecos: root

dn: uid=rma1,ou=People,dc=happyelements,dc=net
uid: rma1
cn: rma1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$70S56nN0$rW/Sjk0rCrem4s3.emGun.
shadowLastChange: 15399
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 10402
gidNumber: 10402
homeDirectory: /home/rma1

dn: uid=rma2,ou=People,dc=happyelements,dc=net
uid: rma2
cn: rma2
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
userPassword: {crypt}$1$yfRr5GkD$lgF8Xu8cN92OMyR7tRlsK0
shadowLastChange: 15399
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 10403
gidNumber: 10403
homeDirectory: /home/rma2

ADD group entries:
dn: cn=rma1,ou=Group,dc=happyelements,dc=net
objectClass: posixGroup
objectClass: top
cn: rma1
userPassword: {crypt}x
gidNumber: 10402

dn: cn=rma2,ou=Group,dc=happyelements,dc=net
objectClass: posixGroup
objectClass: top
cn: rma2
userPassword: {crypt}x
gidNumber: 10403

# Add entries into LDAP server

ldapadd -x -D “cn=manger,dc=happyelements,dc=net” -W -f user_passswd.ldif

# Add group entries

#paste following lines into ldif files with name: user_groups.ldif

#dn: cn=root,ou=Group,dc=happyelements,dc=net
#objectClass: posixGroup
#objectClass: top
#cn: root
#userPassword: {crypt}x
#gidNumber: 0

dn: cn=rma1,ou=Group,dc=happyelements,dc=net
objectClass: posixGroup
objectClass: top
cn: rma1
userPassword: {crypt}x
gidNumber: 10402

dn: cn=rma2,ou=Group,dc=happyelements,dc=net
objectClass: posixGroup
objectClass: top
cn: rma2
userPassword: {crypt}x
gidNumber: 10403

#ldapadd -x -D “cn=manger,dc=happyelements,dc=net” -W -f user_groups.ldif

### Client Settings ###
8. LDAP client settings

8.1 edit /etc/ldap.conf like this:

sudoers_base ou=SUDOers,dc=happyelements,dc=net
base dc=happyelements,dc=net
timelimit 120
bind_timelimit 120
idle_timelimit 3600
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,nscd,gdm

nss_base_passwd ou=People,dc=happyelements,dc=net?one
nss_base_shadow ou=People,dc=happyelements,dc=net?one
nss_base_group ou=Group,dc=happyelements,dc=net?one

uri ldap://127.0.0.1
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5

8.2 edit /etc/nsswitch.conf

sudoers: ldap files

That’s all we need do. Enjoy.

APPINDEX 1:
Reference links
Official sudoer manual: http://www.sudo.ws/sudo/man/1.8.4/sudoers.ldap.man.html
Setting Up A Centralised Authentication Server With Sudo Access Using LDAP:
http://fci.wikia.com/wiki/Setting_Up_A_Centralised_Authentication_Server_With_Sudo_Access_Using_LDAP
posix migration tools: http://www.padl.com/download/MigrationTools.tgz

APPINDEX 2:
3 methods to enforce host-based authentication:
using pam_check_host_attr in /etc/ldap.conf
#pam_check_host_attr yes
using pam_filter authentication in /etc/ldap.conf
#pam_filter |(host=10.130.142.103) (host=\*)
using nss_base_

authentication in /etc/ldap.conf

Continue reading “Setting up LDAP autentication with sudoer access”