LDAP comes handy to manage users and groups across many systems. However you’ll probably want only a subset of your users to login on console or over ssh. In this post I’ll describe my setup using pam_ldapd.
The Alix APUs are some really nice power efficient boards. However they don’t have any graphical output so installing an OS can be quite demanding. Since I just managed to get devuan running, I decided to write it down. Same procedure should as well be working for debian.
Continue reading “Installing devuan on a Alix APUC1”
Adding a new LDAP schema can already be tricky. Changing a LDAP schema on an existing server ressembles an operation at the living heart – especially if you’re using the new config backend at
cn=config. I’ll describe how I’ve interchanged the nis schema for the rfc2307bis schema.
Since quite a long time I’ve been using openLDAP to store all my user accounts for mailserver, owncloud, seafile, … I not only store user accounts in the LDAP but also user groups, preferably as GroupOfNames objects. With my recent decision to drop owncloud for seafile and davical I’ve come to a problem. All my user groups are GroupOfNames, davical however can only work with the alternative posixGroups. Of course I could add another (posix)Group for groups I want to share dates and contacts with. But as those groups are the same I want to share files with I don’t like to do the work in double and want to use the existing GroupOfNames. With the nis schema active a group can either be a GroupOfNames or a posixGroup. By changing the nis schema for the rfc2307bis schema posixGroups will no longer be structural. So with that active a group can be both, a GroupOfNames AND a posix group. Problem solved.
However this migration won’t be easy.
Continue reading “LDAP schema change on existing server”
For quite a long time I’ve been using owncloud to sync my calendars, contacts and files between different devices. However I never found it really satisfying. To me owncloud almway made the impression to be feature ladden but not really finished. An impression that got deepend by the last major updates. Features (or modules) got disabled by the update procedure and needed to be reenabled (and often reconfigured) manually. So after each updated I needed to reconfigure the syncing of my calendars, addresses, …. Not a good experience. So I’ve looked out for an alternative. To sync files I’m using a self-hosted install of seafile by now. For calendars and contacts I will give DAViCal a try. DAViCal is a CalDav/CardDAV server only made to manage your contacts and calendars – nothing else.
Continue reading “Setup a davical server on debian”
I’ve recently changed the config of my spamassassin and just now noticed that the SPAM folder in my inbox is empty. So what has happened? When changing the config of spamassassin from file to database I only did the half thing. So spamassassin/amavis got stuck with a mixed config and did the default thing: delete spam immediatly. Although I don’t have missed a mail (at least I don’t know of any mail I missed) I prefer having spam mails put in the spam box over deleting them.
So here is the whole thing which I found at http://technology.mattrude.com:
Continue reading “Advanced spam filtering – spamassassin myql user preferences”
DKIM (DomainKeys Identified Mail) is a mechanism to sign emails cryptographically. It can be used to ensure an email was really sent by the domain it claims to come from. Therefore it is an interesting feature in spam checking.
In this post I’m going to describe how I set up DKIM with amavis to sign all outgoing messages with the key of my domain. This works well in my setup with postfix, dovecot and amavis (amavisd-new), for your own setup you might have to change some things. Continue reading “DKIM with amavis and postfix”
The samba server is THE fileserver solution for linux. It can server linux clients as well as windows or mac clients and provides host, user or group based access control. In this post I’ll describe how I setup up a samba server using accounts stored in my ldap replica.
Note that this howto is referring to debian wheezy.
Continue reading “Creating samba shares”
Sometimes you need mail adresses and postboxes that need to be accessed by multiple persons. In a company for example there could be a mailbox email@example.com and if you are planning for example a wedding it can be a good idea to have an accoutn firstname.lastname@example.org that can be accessed by you and yor (future) wife. It is definitly not the best idea to create a “normal” account and just give the password to all people who might need it. This might leed to confusion (and data loss). In my opnion accounts should always be bound to a person.
The solution for my <bbr title=”Local Delivery Agent”LDA (aka mailserver) dovecot is called “SharedMailboxes”, ie mailboxes that are shared between users and linked to their accounts. It wasn’t that easy to setup but finally I could get it to work in the following way:
Continue reading “Setting up shared mailboxes in dovecot”
In this post I’m going to describe how I use ldap replication to sync user accounts from my web server to my home server.
On my home server I’m going to setup a ldap server as well. As the user accounts on the “web server” are already stored in a ldap it seems logical to use ldap replication to keep both servers in sync. The ldap on the “web server” (my rented server running mail server, web server, onwcloud etc.) will be used as master, the home server will be the slave. It seems now to be common to talk about provider and consumer instead of master and slave. By the way I consider these terms to be more apropriate for the situation they describe.
Continue reading “Ldap replication with syncrepl and ssl”