Category: Cloud

All about my self-hosted webapps.

Ldap user login

After having set up a ldap replica on my home server it seems to be a good idea to use this ldap to manage the user accounts. Or to enable the existing accounts in the ldap to log in the server.
In this post I’m going to describe my setup of ldap user login.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Ldap replication with syncrepl and ssl

In this post I’m going to describe how I use ldap replication to sync user accounts from my web server to my home server.
On my home server I’m going to setup a ldap server as well. As the user accounts on the “web server” are already stored in a ldap it seems logical to use ldap replication to keep both servers in sync. The ldap on the “web server” (my rented server running mail server, web server, onwcloud etc.) will be used as master, the home server will be the slave. It seems now to be common to talk about provider and consumer instead of master and slave. By the way I consider these terms to be more apropriate for the situation they describe.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Encrypt ldap connections with ssl

In the future I want to use the user accounts stored in the LDAP database on this server also from “outside”. So it’s time to secure outbound connection with SSL before opening the port. Unfortuantly this is a bit tricky. After some trying and googling I got it to work like this:

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Root login with ssh key only

More security for the server – at least a little bit. A short description how to setup linux to allow root login with ssh key only and why this can be a quite secure solution.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Enabling the memberof overlay for openldap

The memberof overlay is great to query if a certain user in an ldap is member of a certain group. However this ldap-module has to be enabled and configured to work with groupOfNames which I’m using instead of posixGroup. Using the dynamic configuration in cn=config this is not self-explanatory.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Fighting spam

As my mailserver setup included just a avery basic spamassassin configuration far too many spam mails could get throuh. Although approximatly 95% could be banned I wanted to try improving my setup:

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Mailserver with ldap tutorial – part 8: webmail interface

Sometimes it can be very useful to be able to read mails via a webmail interface. I’ve decided to use the very powerful but also a bit complex horde framework which also offers clients for calendaring and adressbooks.

Edit 15.05.2012: Meanwhile I’ve switched to roundcube. Horde has proven to be over complicated and rough in the process of updating. As the installation auf roundcube works more or less out of the box I’m not going to describe it here.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Mailserver with ldap tutorial – step 7: mobile access

Although almost all smartphones support IMAP I’ve decided to setup the Exchange-ActiceSync (EAS) protocol. I’m planning to setup calendaring and shared contacts later and some smartphones (as my Palm Pre) only support this via EAS. There is an open source implementation of this protocol called z-push which is originally designed to work with the zarafa gropupware server. This implementation is designed to work with the zarafa groupware server only. There also is an inoffical version which supports multiple backends. Unfortunatly this will not become part of the official releases due to licensing problems.
My setup described here is based on the unofficial release by forgetaboutit.net.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Mailserver with ldap tutorial – part 6: sieve

Sometimes it is useful to have the mailserver sort mails in different folders – especially when you use different deveices to read your mail. You could have a folder spam for mails tagged as spam by spamassasin and mailinglists for mailinglist which you maybe don’t want to read on your smartphone. A nice and mighty way to do such filtering is to use sieve.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Mailserver with ldap tutorial – part 5: virus and spam protection

After I’ve described how to set up and test a mailserver with openldap, postfix and dovecot it still needs some basic filters for virus and spam protection.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More