LDAP integration for sudo users

Outline

Let’s assume you have an OpenLDAP server installed for easily creating your groups, keeping your users organised and assigning specific permissions to users in certain groups. The server just runs fine, all your groups are easily maintained, users are created for all your software instances by conducting a few configuration tasks.

Now and then companies grow or see a change in the administrative structure. The admin user base grows, some admins are appointed to handle tasks related to infrastructure, some other admins are appointed to care about specific server side applications. Some companies might have even to deal with fluctuation in staff, so in any case – users need to be created and have permissions assigned in order to fulfil their tasks.

Now for that given structure, admin users need an LDAP account for being part of the company’s communication infrastructure (mail, instant messaging, folder permissions), but on the other hand need to be part of the sudo group, as lots of applications need root access for changing their basic setup or handling configuration tasks.

The Problem

This means: You need to create LDAP user accounts for daily tasks and system user accounts for conducting admin tasks, thus resulting in redundant user data, messed up folder structure and simply a non-consistent layout of the company’s data management. Of course, keeping admin tasks separated from daily tasks by applying separate roles to one single user seems to be a viable concept, but what if you just don’t want to care about permissions, roles and stuff – let’s just assume you want to keep your workflow simple. Apart from that, it does not make sense to simply create a user with the same credentials in either the LDAP and the UNIX realm, as you need to take care not to mess up home directories. This again does not solve the problem of adding LDAP users to specific groups which sometimes need to conduct tasks in system folders – think of www-data here.

The Solution

Let’s give users of the server’s LDAP structure the privilege to use sudo! First of all, a couple of definitions for the rest of this post.

Disclaimer and Big Warning: Read this guide carefully. Read the docs. Read the man pages. Read everything again. Fire up a Virtual Machine and try it in a testing environment first. You don’t want to hurry through the process, as you can wreak havoc big time / destroy everything / release the kraken / cause nausea and heart attack if you do not take care. In other words: Kids, don’t try this at home.

Intended LDAP structure for the demo environment

dc =Domain Component, cn = Common Name, ou = organizational Unit
Together these components form the dn = Distinguished Name (unique throughout the structure).

LDAP structure

+dc=testlab,dc=dev
|—cn=admin
|
|—+ou=Groups
|  |—cn=mySudoGroup
|
|—+ou=Sudoers
|  |—cn=%admin
|  |—cn=%sudo
|  |—cn=%mySudoGroup
|  |—cn=defaults
|  |—cn=root
|
|—+ou=Users
   |—uid=mySudoUser

So there are three Organizational Units serving as ‘containers’ for other ‘objects’. The admin user is to be defined in the configuration of the LDAP structure, more specifically in rootbinddn.

Groups: mapping of UNIX-groups in the system, container for LDAP groups
Sudoers: equivalent mapping of /etc/sudoers by applying the sudoRole
Users: LDAP user – actual members of the LDAP groups

Hint: If groups and users already exist, just the Sudoers need to be added to the directory.

1. Preparation

For the demo setup we used the domain ubuser.testlab.dev, LDAP thus comprises of the following domain component: dc=testlab,dc=dev
Now for the most important part: LDAP needs to know the hostname of the server.

/etc/hosts

127.0.0.1       ubuser
192.168.254.56  ubuser.testlab.dev ubuser

If there’s an existing DNS, you should lookup the DNS entries of course. Let’s install OpenLDAP, sudo-ldap and phpldapadmin.

[email protected]

apt-get -y install slapd ldap-utils sudo-ldap phpldapadmin

The config directory is /etc/conf/slap.d, containing two important database files:

  • config.ldif (olcDatabase={0}config.ldif)
  • hdb.ldif (olcDatabase={1}hdb.ldif)

2. Configure OpenLDAP

[email protected]

sudo dpkg-reconfigure slapd

Domain name: as in /etc/hosts or on the DNS server
Database: HDB
Password to be used for cn=admin,dc=testlab,dc=dev   #for this demo: 'test'

Next we have to add schemes to the directory. Schemes represent classes (in a vague explanation) for creating directory objects.
schemes

# these 4 already exist, so we'll meet the error 'duplicate entry'
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/core.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/cosine.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/inetorgperson.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldif

# add additional classes
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/misc.ldif
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/openldap.ldif

Now we check the configuration to be correct:

[email protected]

sudo cat /etc/ldap/slapd.d/cn\=config/olcDatabase\=\{0\}config.ldif
sudo cat /etc/ldap/slapd.d/cn\=config/olcDatabase\=\{1\}hdb.ldif

3. Creating Organizational Units

Now we load OUs to the directory. For the purpose of validating we can make use of phpldapadmin from now on.

[email protected]

mkdir ~/ldapdata
nano ~/ldapdata/add_ous.ldif

*Content of add_ous.ldif*
dn: ou=Groups,dc=testlab,dc=dev
objectClass: top
objectClass: organizationalUnit
ou: Groups

dn: ou=Users,dc=testlab,dc=dev
objectClass: top
objectClass: organizationalUnit
ou: Users

dn: ou=Sudoers,dc=testlab,dc=dev
objectClass: top
objectClass: organizationalUnit
ou: Sudoers

Now we add the data specified above to the directory by using:

add_ous.ldif

ldapadd -f ~/ldapdata/add_ous.ldif -x -D "cn=admin,dc=testlab,dc=dev" -W

4. Add data

Here we add the user and group data for authenticating users and handing over sudo privileges to them.
[email protected]

nano ~/ldapdata/add_data.ldif

add_ous.ldif

dn: cn=mySudoGroup,ou=Groups,dc=testlab,dc=dev #cn=mySudoGroup
objectClass: top
objectClass: posixGroup
cn: mySudoGroup
gidNumber: 10000 #add this entry

dn: uid=mySudoUser,ou=Users,dc=testlab,dc=dev
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
uid: mySudoUser
sn: McSurname
givenName: Sudora
cn: Sudora McSurname
displayName: Sudora McSurname
uidNumber: 10000
gidNumber: 10000 #add this entry
userPassword: sudora12
gecos: Sudora McSurname
loginShell: /bin/bash
homeDirectory: /profiles/sudora
mail: [email protected]
telephoneNumber: 555-2368
st: AT
manager: uid=mySudoUser,ou=Users,dc=testlab,dc=dev
shadowExpire: -1
shadowFlag: 0
shadowWarning: 7
shadowMin: 8
shadowMax: 999999
shadowLastChange: 10877
title: Testuser

Then add the user data to the directory

[email protected]

ldapadd -f ~/ldapdata/add_data.ldif -x -D "cn=admin,dc=testlab,dc=dev" -W

5. Grant sudo privileges to users

We’ve already installed sudo-ldap in the beginning. This tool provides a new scheme which is being copied to the scheme-directory.

[email protected]

sudo cp /usr/share/doc/sudo-ldap/schema.OpenLDAP /etc/ldap/schema/sudo.schema

We convert the scheme to an ldif-file:

[email protected]

sudo echo "include /etc/ldap/schema/sudo.schema" > ~/ldapdata/sudoSchema.conf

slapcat -f ~/ldapdata/sudoSchema.conf -F /tmp/ -n0 -s "cn={0}sudo,cn=schema,cn=config" > ~/ldapdata/cn\=sudo.ldif
nano ~/ldapdata/cn\=sudo.ldif

The header of the file must look like this now. If it doesn’t, remove {0}.

sudo.ldif

dn: cn=sudo,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: sudo

You must remove the following lines from the end of the file, otherwise the existing database will be corrupted.

sudo.ldif

structuralObjectClass: olcSchemaConfig
entryUUID: 10dae0ea-0760-102d-80d3-f9366b7f7757
creatorsName: cn=config
createTimestamp: 20080826021140Z
entryCSN: 20080826021140.791425Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20080826021140Z

You read the disclaimer, right? You did not hurry, but took your time and carefully removed the lines above, right? If not, please let me introduce you to my dear old friend Kefka.

Now we apply the sudo scheme:
[email protected]

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f ~/ldapdata/cn\=sudo.ldif
sudo service slapd restart

Next we can load the ‘old’ sudo users to our directory:

[email protected]

sudo -i
SUDOERS_BASE=ou=Sudoers,dc=testlab,dc=dev
export SUDOERS_BASE
perl /usr/share/doc/sudo-ldap/sudoers2ldif /etc/sudoers >> ~/sudoMaster.ldif
exit
sudo mv /root/sudoMaster.ldif ~/ldapdata/sudoMaster.ldif
ldapadd -f ~/ldapdata/sudoMaster.ldif -D "cn=admin,dc=testlab,dc=dev" -W -x

After that we can add our own containers, which do not necessarily need to be associated with the new ones. In this case a mySudoContainer will be created, which will be linked to an LDAP-group.

[email protected]

sudo nano ldapdata/sudoMyGroup.ldif

sudoMyGroup.ldif

dn: cn=%sudoMyGroup,ou=Sudoers,dc=testlab,dc=dev # cn=%sudoMyGroup
objectClass: top
objectClass: sudoRole
cn: %sudoMyGroup # mind this line
sudoUser: %sudoMyGroup # mind this line
sudoHost: ALL
sudoRunAsUser: ALL
sudoRunAsGroup: ALL
sudoCommand: ALL
sudoOrder: 5

Important: This file is the equivalent to the sudoers-entries in /etc/sudoers. Therefore sudoUser: has to have the same name as the group created above (see “4. Add data”), if LDAP should care about user authentication.

[email protected]

ldapadd -f ~/ldapdata/sudoMaster.ldif -D "cn=admin,dc=testlab,dc=dev" -W -x

Create indices: We need to create indices for our user in order to make a database lookup possible.

indices.ldif

dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: uid eq
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: sudoUser eq,sub
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcDbIndex
olcDbIndex: cn eq

After this step we can modify the configuration by:
[email protected]

sudo ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f indices.ldif

6. Authentication for clients via LDAP

As we are ready server side, we can now turn our clients to smart ones capable of authenticating against LDAP, letting them know there’s a server providing us with authentication data. This is going to happen via PAM and via Name Service Switch (nsswitch). In order to authenicate against LDAP, we need to install a few packages

[email protected]

sudo apt-get install ldap-auth-client nscd

At first we create and configure /etc/ldap.conf:

host 127.0.0.1
base dc=testlab,dc=dev
uri ldap://127.0.0.1/
rootbinddn cn=admin,dc=testlab,dc=dev
ldap_version 3
bind_policy soft
nss_base_passwd         ou=Users,dc=testlab,dc=dev?one
nss_base_shadow         ou=Users,dc=testlab,dc=dev?one
nss_base_group          ou=Groups,dc=testlab,dc=dev?one
sudoers_base ou=Sudoers,dc=testlab,dc=dev
pam_password md5

We create a symlink in order to avoid trouble concerning backwards compatibility (especially for nss):

[email protected]

sudo ln -s /etc/ldap.conf /etc/ldap/ldap.conf

Next we configure our nsswitch.conf:

[email protected]

sudo auth-client-config -t nss -p lac_ldap

The order of the entries “files” and “ldap” is of high importance, so we need to take care. The option “Sudoers” has to be added, so the lookup order goes “local users” first and then “LDAP users”.

/etc/nsswitch.conf

passwd: files ldap
group:  files ldap
shadow: files ldap
hosts:  files dns ldap
networks: files ldap
netgroup: nis
sudoers: ldap files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

PAM

After nsswitch.conf is done, we focus on setting up the PAM environment. Optionally, we can create local home-dirs. Let’s create the config file for PAM:

[email protected]

nano /usr/share/pam-configs/mkhomedir

/usr/share/pam-configs/mkhomedir

Name: activate mkhomedir
Default: yes
Priority: 900
Session-Type: Additional
Session: required pam_mkhomedir.so umask=0022 skel=/etc/skel

Then we are able to configure PAM properly:

[email protected]

sudo pam-auth-update

Make sure to at least check the following options:

pam-auth-update

] Unix Authentication
[
LDAP Authentication
[*] activate mkdhomedir

Whenever a new user is created via LDAP, then the directory for authenticating against LDAP is being created as well.

7. Generating dumps of the LDAP configuration

cat /etc/ldap/slapd.d/cn\=config/olcDatabase\=\{1\}hdb.ldif

[email protected]

# output
# AUTO-GENERATED FILE – DO NOT EDIT!! Use ldapmodify.
# CRC32 ad778726
dn: olcDatabase={1}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: dc=testlab,dc=dev
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou
s auth by dn="cn=admin,dc=testlab,dc=dev" write by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by self write by dn="cn=admin,dc=testlab,dc=dev" write by *
  read
olcLastMod: TRUE
olcRootDN: cn=admin,dc=testlab,dc=dev
olcRootPW:: e1NTSEF9TEZDZzYzUW9JeEdBM0xWYlhRQkd6eGVmSzNTSTVIMnk=
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbIndex: objectClass eq
olcDbIndex: uid eq
olcDbIndex: sudoUser eq,sub
olcDbIndex: cn eq
structuralObjectClass: olcHdbConfig
entryUUID: df30cc88-5f76-1033-9603-1365e0375bee
creatorsName: cn=config
createTimestamp: 20140423210624Z
entryCSN: 20140424002650.397541Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20140424002650Z

[email protected]

cat /etc/ldap/slapd.d/cn\=config/olcDatabase\=\{0\}config.ldif

# output
# AUTO-GENERATED FILE – DO NOT EDIT!! Use ldapmodify.
# CRC32 7d56d2a8
dn: olcDatabase={0}config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
,cn=auth manage by * break
structuralObjectClass: olcDatabaseConfig
entryUUID: df302cd8-5f76-1033-95fb-1365e0375bee
creatorsName: cn=config
createTimestamp: 20140423210624Z
entryCSN: 20140423210624.249945Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20140423210624Z

Conclusion

So, now we can finally be admins and users at once. We do not have to change accounts when entering directories or if we want to modify files. This is neat. If you want to go in-depth concerning your LDAP directories, we highly recommend taking a look at shelldap, you can find the Ubuntu documentation here.

This tutorial was created by our fellow developer webDAVe. Do you feel there’s anything missing? Have you released the kraken? If you have any questions, feel free to comment either here or on our Google+ page!

Christopher Semmler's picture

Christopher Semmler

Christopher Semmler is our CEO and works in our IT and Finance Division. Apart from Business Development he makes technology decisions, works on platforms and Digital Marketing. He holds a Magister degree in Corporate Finance and Information Systems, loves to play with new tech and is specialised in the low level area.

Comments

  1. Sven's picture
    Sven (not verified)

    Great post- will study this carefully.

  1. Radit's picture
    Radit (not verified)

    i've got error when trying add this command ldapadd -f ~/ldapdata/add_data.ldif -x -D "cn=admin,dc=testlab,dc=dev" -W ldap_add: Invalid syntax (21) additional info: gidNumber: value #0 invalid per syntax

  1. Saqib Ali's picture
    Saqib Ali (not verified)

    Are there any GUI based apps for managing Sudoer Rules in LDAP? Using a LDAP Browser is not a very user-friendly way for managing a large number of Sudo Rules. FreeIPA has a UI for managing Sudoer Rules, but it requires 389 Directory Server, and we don't use that in our environment (for good reasons)

  1. Kelly Dillon's picture
    Kelly Dillon (not verified)

    As an expert Web report arrangement, RAQ Report gives coordination as Jar bundle to software engineers. Buy Custom Essay Online. Without autonomous report server, application framework, and free administration system of client authorizations, it can help software engineers to actualize reconciliation advantageously.

  1. MartinSteven's picture
    MartinSteven (not verified)

    When turning upward a sudoer utilizing LDAP there are just a few LDAP inquiries for every summon. The main inquiry is to parse the worldwide choices. The second is to coordinate against the user's name and the gatherings that the client has a place with. The exceptional ALL tag is coordinated in this inquiry as well assignment service. In the event that no match is returned for the user's name and gatherings, a third inquiry gives back all sections containing client net groups and other non-Unix gatherings and verifies whether the user has a place with any of them.

  1. Kate Marten's picture
    Kate Marten (not verified)

    If no match is returned for the client's name and social occasions, a third request gives back all areas containing customer net gatherings and other non-Unix get-togethers and confirms whether the client has a place with any of them.nursing assignment writing service Thanks for shearing this amazing post with us I would love to come gain to this website soon.

  1. James Cameron's picture
    James Cameron (not verified)

    Keeping manager errands remote from day by day activities by applying divide parts to one solitary client is by all accounts a feasible idea. Read more at essay writing company - Buyassignment.com

  1. DanielNorman's picture
    DanielNorman (not verified)

    This is an exceptionally instructive article of Do My Essay For Me. I additionally concur with your post title and your truly well clarify your perspective. I am exceptionally glad to see this post. Keep it up and share the all the more most related post.

  1. wondergirl's picture
    wondergirl (not verified)

    Don't worry because nothing is coming on the screen. It's like that. Just type your password and press enter. sudo password is the root password of Ubuntu. help with assignment writing . If you have installed Ubuntu yourself then you might have typed a password during installation.

  1. Mary Thompson's picture
    Mary Thompson (not verified)

    This is an incredibly enlightening article of SG220-50P-K9-NA. I moreover agree with your post title and your really well illuminate your point of view. I am particularly happy to see this post. Keep it up and share the more most related post.

  1. Aaron William's picture
    Aaron William (not verified)

    One route for chairmen to deal with that for substantial conditions is to store the sudo setup in a focal LDAP catalog, and simply design every nearby framework to indicate that LDAP registry. Assignment service That implies that updates just should be made in a solitary area, and any new standards are naturally perceived by neighborhood frameworks

  1. Helen Steiner's picture
    Helen Steiner (not verified)

    On the customer appliance, you will wants to install a few packages to create verification occupation suitably with an LDAP server. Best product demo videos - Seekclip.com

  1. kathybrunt's picture
    kathybrunt (not verified)

    A debt of gratitude is in order for your significant posting. I have gathered more than data from your site since I became more acquainted with some intriguing insights about Redmine. I should state it's a gift for Web expert assignment writer designers

  1. James Ross's picture
    James Ross (not verified)

    I was hoping for a book, but this is so much better. I am so excited to get my set. I will be ordering. Thank you. You’re awesome.

  1. jordansaq's picture
    jordansaq (not verified)

    yeezy350find When I saw your article, especially this post you satisfied me amazingly.

  1. 1len jordanss123's picture
    1len jordanss123 (not verified)
  1. Assignment help 's picture
    Assignment help (not verified)

    Nice post....Thanks for the post..if you need any assignment help visit our website for details... https://www.allassignmenthelp.com/

  1. Michael Jones's picture
    Michael Jones (not verified)

    Students could often find it tough to write their academic tasks. It could lead to they not getting desired grades in the academics. Opting for our assignment help online could be ideal for such students and they can get a complete assignment solution from us. www.allassignmenthelp.co.uk

  1. Pooja's picture
    Pooja (not verified)

    Amazing !! this post helps me a lot, thanks for sharing such an informative blog.A best educational blog post.Vedic astrology consultation

  1. Chemistry Research Papers's picture
    Chemistry Resea... (not verified)

    Picking a theme, recognizing a Chemistry Research Papers , and deciding an exploration convention all raise the test of keeping in touch with an unheard of level for anybody experiencing one surprisingly.

  1. johnsmith's picture
    johnsmith (not verified)

    This implies: You have to make LDAP client represents day by day assignments and framework client represents directing administrator undertakings, consequently bringing about access client information, Here is a link to my Website fouled up envelope structure and just a non-reliable design of the organization's information administration. Obviously, keeping administrator undertakings isolated from everyday errands by applying separate parts to one single client is by all accounts a reasonable idea,

  1. Hire Experts For Getting Best Assignment Assistance's picture
    Hire Experts Fo... (not verified)

    Thanks a bunch for sharing this post. I’m glad to find your post. Keep sharing!! Have a super fabulous day!!!

  1. Vig's picture
    Vig (not verified)

    VIGYAN DHARA is the first Indian IIT-JEE/ NEET/AIIMS coaching Institute which is purely based on Historical Indian Education System that is the Gurukul Tradition of Education where students leave their homes during their studies.
    PMT coaching institute in hisar
    IIT Coaching center in hisar

  1. Assignment Help Sydney's picture
    Assignment Help... (not verified)

    Thanks a lot for sharing it, that’s truly has added a lot to our knowledge about this topic. Have a more successful day. 24*7 Assignment Help Sydney

  1. rojana's picture
    rojana (not verified)

    A speed limit device (SLD) OR Speed Governor means a device whose primary function is to control the speed of the engine in order to limit the vehicle speed to the pre-specified value.
    speed governor

  1. Niana Rona's picture
    Niana Rona (not verified)

    On the client apparatus, you will needs to introduce a couple of bundles to make confirmation occupation appropriately with a LDAP server. Assignment Service UK

  1. guaganteng's picture
    guaganteng (not verified)

    Nice post. I learn something more challenging on distinct blogs everyday. It will always be stimulating to read content off their writers and practice a little something from their store. I’d choose to use some with all the content in my small weblog whether you do not mind. Natually I’ll provide a link on your own internet weblog. Many thanks sharing. Cara Memperbesar Penis Cara Memperbesar Alat Vital Cara Memperpanjang Penis Cara Memperpanjang Alat Vital Cara Memperbesar Alat Vital Dengan Tangan Jasa SEO Jasa Pembuatan Website Safe Link Converter

  1. ROBERTA	's picture
    ROBERTA (not verified)

    Persuasi adalah paragraf yang mengajak, membujuk, atau mempengaruhi pembaca agar melakukan sesuatu. Ciri-cirinya: ada bujukan atau ajakaJual besi hollow Jual besi hollow Toko besi siku Jual pipa besi Toko pipa besi baja sch 40 sch 80 undangan pernikahan bentuk tas Supplier Besi H beam Agen Wiremesh Besi baja Jual plat kapal besi baja Pabrik besi beton master steel ms jual hp asus murah jual hp asus murah undangan pernikahan simple Supplier besi hollow Supplier besi hollow Toko pipa besi baja sch 40 sch 80 Supplier pipa besi Toko besi hollow undangan pernikahan simple undangan pernikahan ada fotonya Supplier Besi Beton Toko Wiremesh Besi baja Supplier plat kapal besi baja Pabrik besi beton ksty Toko besi hollow Toko besi hollow Toko Plat besi Toko pipa besi Toko besi beton Sni Ulir Polos undangan pernikahan aneh www.sentrabesibaja.com Jual Wiremesh Besi baja Toko plat kapal besi baja Pabrik besi beton krakatau steel Agen besi hollow Agen besi hollow Toko besi h beam Agen pipa besi Toko besi wf baja undangan pernikahan amplop Pabrik Welded Beam T beam King Queen Cross Castellated Beam Harga Wiremesh Besi baja Agen plat kapal besi baja Pabrik besi beton jcac Pabrik besi hollow Pabrik besi hollow Toko besi wf Pabrik pipa besi Toko besi unp undangan pernikahan batik Pabrik Bondek Cor Pabrik Wiremesh Besi baja Pabrik plat kapal besi baja Pabrik besi beton interworld steel is Distributor pipa besi Distributor pipa besi Toko wiremesh Distributor sch 40 Toko besi siku undangan pernikahan murah Pabrik Atap Spandek Sni jual laptop asus jual laptop asus jual laptop asus murah jual laptop asus murah undangan pernikahan kalender undangan pernikahan bahasa inggris islam Distributor Besi Siku Baja Distributor besi siku baja Pabrik besi beton gunung garuda Harga pipa besi Harga pipa besi Toko besi unp Harga sch 40 Toko Plat besi plat kapal undangan pernikahan online Pabrik Plat Bordes Kembang Supplier Besi Siku Baja Harga besi siku baja Pabrik besi beton delcoprima Jual pipa besi Jual pipa besi Toko besi cnp Jual sch 40 Toko besi h beam baja undangan pernikahan anti mainstream Pabrik Plat Besi Hitam Agen Besi Siku Baja Jual besi siku baja Pabrik besi beton cakra steel cs Supplier pipa besi Supplier pipa besi Toko besi hollow Supplier sch 40 Toko besi cnp undangan pernikahan cantik dan murah Pabrik Plat Kapal Bki Krakatau Steel Toko Besi Siku Baja Supplier besi siku baja Pabrik besi beton bjku Toko pipa besi Toko pipa besi Toko besi beton Sni Ulir Polos Toko sch 40 www.gudangbesibaja.com undangan pernikahan unik Pabrik Jual Besi Siku Baja Jual Besi Siku Baja Toko besi siku baja Pabrik besi beton Sni Ulir Polos Agen pipa besi Agen pipa besi ironsteelcenter.com Agen sch 40 Supplier besi Wf Baja undangan pernikahan yang unik Pabrik Besi Unp Baja Profil Kanal Harga Besi Siku Baja Agen besi siku baja Pabrik besi beton ais Pabrik pipa besi Pabrik pipa besi Supplier stainless steel Pabrik sch 40 Supplier bondek undangan pernikahan lucu Pabrik Besi Cnp Profil Baja Gording Pabrik Besi Siku Baja Pabrik besi siku baja Pabrik besi beton Distributor sch 40 Distributor sch 40 Supplier atap spandek Distributor besi Pipa sch 80 baja Supplier wiremesh undangan pernikahan bunga Pabrik Besi Hollow Distributor Besi Unp Baja Distributor besi wf jasa konstruksi baja Harga sch 40 Harga sch 40 Supplier baja ringan Harga besi Pipa sch 80 baja Supplier pipa besi baja sch 40 sch 80 undangan pernikahan islami Pabrik Wiremesh Supplier Besi Unp Baja Harga besi wf www.pusatbesibaja.co.id Jual sch 40 Jual sch 40 Supplier bondek Jual besi Pipa sch 80 baja Supplier besi hollow undangan pernikahan ada foto Pabrik Besi Pipa Baja Schedule 80 Agen Besi Unp Baja Jual besi wf www.pusatbesibaja.com link7n untuk berbuat sesuatu. Contoh:

  1. well17's picture
    well17 (not verified)

    Moonlight Films and Theatre Studio operates under the Moonlight Films and Theatre Society , a non-profit association whose goals are to spread knowledge of and interest in theatrical and media arts through education.
    Acting school in Delhi Weekend acting workshop Filmmaking courses in delhi and Take One School of Mass Communication considered as a part of the Top Mass Communication Colleges in India. It was set up in the year 2003 by honing media experts who met with a mutual vision of giving a stage to the adolescent of the nation. Mass communication college in Delhi Mass Communication and Journalism Courses

  1. Shaun Bess's picture
    Shaun Bess (not verified)

    The moveable web request looks unbelievable. Be that as it may, I do have a misperception with respect to Mobilize html web fashionable free. Mobilize states that can it utilize any bootstrap topic? How would I import the custom dissertation writing topic into the request? It appears just as I practically stayed with just the Mobilize topic.

  1. jahatloh's picture
    jahatloh (not verified)

    Mantenha o excelente trabalho, eu li alguns artigos neste site e acho que seu blog na web é realmente interessante e poder para as pessoas de informações excelentes. 1. Jasa SEO 3. Jasa Pembuatan Website Google Url Shortener

  1. Assignment help's picture
    Assignment help (not verified)

    Thanks for this article. It contains the information i was searching for and you have also explained it well. We are also a service provider that deal in the assignment writing help sector. So, the students struggling to write their college assignments can opt for our online assignment help and can get a quality assignment written from us.

  1. Tim's picture
    Tim (not verified)

    adding sudo to ldap for my sssd project worked perfectly, thank you!

  1. Brazilian hair wigs on sale's picture
    Brazilian hair ... (not verified)

    Interesting post. I Have Been wondering about this issue, so thanks for posting. Pretty cool post.It 's really very nice and Useful post.Thanks Brazilian hair wigs on sale

  1. คาสิโนออนไลน์'s picture
    คาสิโนออนไลน์ (not verified)

    I am hoping the same best effort from you in the future as well. In fact your creative writing skills has inspired me. คาสิโนออนไลน์

  1. myfinancelab's picture
    myfinancelab (not verified)

    Hi buddies, it is great written piece entirely defined, continue the good work constantly. myfinancelab

Add comment