Tag: openldap

LDAP schema change on existing server

Adding a new LDAP schema can already be tricky. Changing a LDAP schema on an existing server ressembles an operation at the living heart – especially if you’re using the new config backend at cn=config. I’ll describe how I’ve interchanged the nis schema for the rfc2307bis schema.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Setup a davical server on debian

For quite a long time I’ve been using owncloud to sync my calendars, contacts and files between different devices. However I never found it really satisfying. To me owncloud almway made the impression to be feature ladden but not really finished. An impression that got deepend by the last major updates. Features (or modules) got disabled by the update procedure and needed to be reenabled (and often reconfigured) manually. So after each updated I needed to reconfigure the syncing of my calendars, addresses, …. Not a good experience. So I’ve looked out for an alternative. To sync files I’m using a self-hosted install of seafile by now. For calendars and contacts I will give DAViCal a try. DAViCal is a CalDav/CardDAV server only made to manage your contacts and calendars – nothing else.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Creating samba shares

The samba server is THE fileserver solution for linux. It can server linux clients as well as windows or mac clients and provides host, user or group based access control. In this post I’ll describe how I setup up a samba server using accounts stored in my ldap replica.
Note that this howto is referring to debian wheezy.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Ldap user login

After having set up a ldap replica on my home server it seems to be a good idea to use this ldap to manage the user accounts. Or to enable the existing accounts in the ldap to log in the server.
In this post I’m going to describe my setup of ldap user login.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Ldap replication with syncrepl and ssl

In this post I’m going to describe how I use ldap replication to sync user accounts from my web server to my home server.
On my home server I’m going to setup a ldap server as well. As the user accounts on the “web server” are already stored in a ldap it seems logical to use ldap replication to keep both servers in sync. The ldap on the “web server” (my rented server running mail server, web server, onwcloud etc.) will be used as master, the home server will be the slave. It seems now to be common to talk about provider and consumer instead of master and slave. By the way I consider these terms to be more apropriate for the situation they describe.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Encrypt ldap connections with ssl

In the future I want to use the user accounts stored in the LDAP database on this server also from “outside”. So it’s time to secure outbound connection with SSL before opening the port. Unfortuantly this is a bit tricky. After some trying and googling I got it to work like this:

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Enabling the memberof overlay for openldap

The memberof overlay is great to query if a certain user in an ldap is member of a certain group. However this ldap-module has to be enabled and configured to work with groupOfNames which I’m using instead of posixGroup. Using the dynamic configuration in cn=config this is not self-explanatory.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Mailserver with ldap tutorial – part 8: webmail interface

Sometimes it can be very useful to be able to read mails via a webmail interface. I’ve decided to use the very powerful but also a bit complex horde framework which also offers clients for calendaring and adressbooks.

Edit 15.05.2012: Meanwhile I’ve switched to roundcube. Horde has proven to be over complicated and rough in the process of updating. As the installation auf roundcube works more or less out of the box I’m not going to describe it here.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Mailserver with ldap tutorial – step 7: mobile access

Although almost all smartphones support IMAP I’ve decided to setup the Exchange-ActiceSync (EAS) protocol. I’m planning to setup calendaring and shared contacts later and some smartphones (as my Palm Pre) only support this via EAS. There is an open source implementation of this protocol called z-push which is originally designed to work with the zarafa gropupware server. This implementation is designed to work with the zarafa groupware server only. There also is an inoffical version which supports multiple backends. Unfortunatly this will not become part of the official releases due to licensing problems.
My setup described here is based on the unofficial release by forgetaboutit.net.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More

Mailserver with ldap tutorial – part 6: sieve

Sometimes it is useful to have the mailserver sort mails in different folders – especially when you use different deveices to read your mail. You could have a folder spam for mails tagged as spam by spamassasin and mailinglists for mailinglist which you maybe don’t want to read on your smartphone. A nice and mighty way to do such filtering is to use sieve.

This is a post from my old blog http://tech.cbjck.de. It has been moved here and slightly edited for better readability. It's also been adjusted to the new layout.
The content however is old and might be outdated.

Read More