LDAP schema change on existing server

Adding a new LDAP schema can already be tricky. Changing a LDAP schema on an existing server ressembles an operation at the living heart – especially if you’re using the new config backend at cn=config. I’ll describe how I’ve interchanged the nis schema for the rfc2307bis schema.

Since quite a long time I’ve been using openLDAP to store all my user accounts for mailserver, owncloud, seafile, … I not only store user accounts in the LDAP but also user groups, preferably as GroupOfNames objects. With my recent decision to drop owncloud for seafile and davical I’ve come to a problem. All my user groups are GroupOfNames, davical however can only work with the alternative posixGroups. Of course I could add another (posix)Group for groups I want to share dates and contacts with. But as those groups are the same I want to share files with I don’t like to do the work in double and want to use the existing GroupOfNames. With the nis schema active a group can either be a GroupOfNames or a posixGroup. By changing the nis schema for the rfc2307bis schema posixGroups will no longer be structural. So with that active a group can be both, a GroupOfNames AND a posix group. Problem solved.
However this migration won’t be easy.
Continue reading “LDAP schema change on existing server”

Installing arch linux on my new desktop machine

After using arch linux for quite a time on my laptop it’s time to move on a new machine. So I’ll install arch again this time taking I slightly different approach than on the laptop. So here I’ll descripe all the steps I’ve taken to get arch up and running. It’s more a documentation for myself but it might also be helpful to some.

A short info on the machine first: It’s a AMD A10 7870K with 16GB RAM, 2 SSDs (30GB and 500GB) and 4 TB HDD.

Continue reading “Installing arch linux on my new desktop machine”

Adjust a picture’s create date using exiftool

Another important command I tend to forget. Sometimes I forget to set my camera clock correctly before a shooting. That’s bad especially when I’m using two cameras with different date/time settings. Then all my images appear mixed up as I normally sort by time. On linux however it’s easy to fix using exiftool:

exiftool "-DateTimeOriginal+=5:10:2 10:48:0" FILE

will correct the create date of the image FILE by adding 5 years, 10 months, 2 days 10 hours and 48 minutes. Continue reading “Adjust a picture’s create date using exiftool”

Installing arch linux on my ThinkPad

After having worked almost 2 years with fedora, I decided to switch to arch linux. In this post I’ve written down the steps I took to install arch linux on my ThinkPad W510.
I’ve just been too annoyed by almost reinstalling the system at least once a year with every release. And there have been kernel panics and gnome shell hangs coming and going and I couldn’t really find out why. I didn’t want to spend much time on that either. I don’t want to say fedora is bad, I just have the feeling that arch linux is better for me. So after trying it in a virtual box I’m going to give it a try on my laptop. This writeup is not intented to be a arch linux install tutorial’ (there are many) or replace the wunderful arch linux wiki. It’s just a note for me what I did but I hope it might me helpful for somebody else as well.
Continue reading “Installing arch linux on my ThinkPad”

Luks automount encrypted disk on linux

Sometimes it is useful to automatically mount a luks encrypted disk. In this post I’m going to describe to do this safely.

  • My workstation, a Lenovo Thinkpad W510 has a drive bay, where you either store a hdd or a optical drive. I usually have a hdd placed there but sometimes I need the optical drive. So I don’t want to put the disk into /etc/fstab or /etc/crypttab. But I also don’t want to mount it manually evry time.
  • On my homeserver I use a SATA hotswap disk to make backups. I have two of those hdd, swap them weekly and always keep one of them at my workplace. These backup disks are encrypted of course. When changing the disk I always have ssh onto the server, find the disk, decrypt it and mount it. Would be great if I just had to plug it in.
  • Same ideas also apply to external data or backup disks

Continue reading “Luks automount encrypted disk on linux”

DKIM with amavis and postfix

DKIM (DomainKeys Identified Mail) is a mechanism to sign emails cryptographically. It can be used to ensure an email was really sent by the domain it claims to come from. Therefore it is an interesting feature in spam checking.

In this post I’m going to describe how I set up DKIM with amavis to sign all outgoing messages with the key of my domain. This works well in my setup with postfix, dovecot and amavis (amavisd-new), for your own setup you might have to change some things. Continue reading “DKIM with amavis and postfix”