Category: Cloud

All about my self-hosted webapps.

LDAP schema change on existing server

Adding a new LDAP schema can already be tricky. Changing a LDAP schema on an existing server ressembles an operation at the living heart – especially if you’re using the new config backend at cn=config. I’ll describe how I’ve interchanged the nis schema for the rfc2307bis schema.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Setup a davical server on debian

For quite a long time I’ve been using owncloud to sync my calendars, contacts and files between different devices. However I never found it really satisfying. To me owncloud almway made the impression to be feature ladden but not really finished. An impression that got deepend by the last major updates. Features (or modules) got disabled by the update procedure and needed to be reenabled (and often reconfigured) manually. So after each updated I needed to reconfigure the syncing of my calendars, addresses, …. Not a good experience. So I’ve looked out for an alternative. To sync files I’m using a self-hosted install of seafile by now. For calendars and contacts I will give DAViCal a try. DAViCal is a CalDav/CardDAV server only made to manage your contacts and calendars – nothing else.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Advanced spam filtering – spamassassin myql user preferences

I’ve recently changed the config of my spamassassin and just now noticed that the SPAM folder in my inbox is empty. So what has happened? When changing the config of spamassassin from file to database I only did the half thing. So spamassassin/amavis got stuck with a mixed config and did the default thing: delete spam immediatly. Although I don’t have missed a mail (at least I don’t know of any mail I missed) I prefer having spam mails put in the spam box over deleting them.
So here is the whole thing which I found at http://technology.mattrude.com:

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

DKIM with amavis and postfix

DKIM (DomainKeys Identified Mail) is a mechanism to sign emails cryptographically. It can be used to ensure an email was really sent by the domain it claims to come from. Therefore it is an interesting feature in spam checking.

In this post I’m going to describe how I set up DKIM with amavis to sign all outgoing messages with the key of my domain. This works well in my setup with postfix, dovecot and amavis (amavisd-new), for your own setup you might have to change some things.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Creating samba shares

The samba server is THE fileserver solution for linux. It can server linux clients as well as windows or mac clients and provides host, user or group based access control. In this post I’ll describe how I setup up a samba server using accounts stored in my ldap replica.
Note that this howto is referring to debian wheezy.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Setting up shared mailboxes in dovecot

[edited 28.06.2013]
Sometimes you need mail adresses and postboxes that need to be accessed by multiple persons. In a company for example there could be a mailbox sales@yourcompany.com and if you are planning for example a wedding it can be a good idea to have an account wedding@yourdomain.tld that can be accessed by you and yor (future) wife. It is definitly not the best idea to create a “normal” account and just give the password to all people who might need it. This might leed to confusion (and data loss). In my opinion accounts should always be bound to a person.
The solution for my LDA (aka mailserver) dovecot is called “SharedMailboxes”, ie mailboxes that are shared between users and linked to their accounts. It wasn’t that easy to setup but finally I could get it to work in the following way:

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Ldap user login

After having set up a ldap replica on my home server it seems to be a good idea to use this ldap to manage the user accounts. Or to enable the existing accounts in the ldap to log in the server.
In this post I’m going to describe my setup of ldap user login.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Ldap replication with syncrepl and ssl

In this post I’m going to describe how I use ldap replication to sync user accounts from my web server to my home server.
On my home server I’m going to setup a ldap server as well. As the user accounts on the “web server” are already stored in a ldap it seems logical to use ldap replication to keep both servers in sync. The ldap on the “web server” (my rented server running mail server, web server, onwcloud etc.) will be used as master, the home server will be the slave. It seems now to be common to talk about provider and consumer instead of master and slave. By the way I consider these terms to be more apropriate for the situation they describe.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Encrypt ldap connections with ssl

In the future I want to use the user accounts stored in the LDAP database on this server also from “outside”. So it’s time to secure outbound connection with SSL before opening the port. Unfortuantly this is a bit tricky. After some trying and googling I got it to work like this:

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Root login with ssh key only

More security for the server – at least a little bit. A short description how to setup linux to allow root login with ssh key only and why this can be a quite secure solution.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More