LDAP schema change on existing server

Adding a new LDAP schema can already be tricky. Changing a LDAP schema on an existing server ressembles an operation at the living heart – especially if you’re using the new config backend at cn=config. I’ll describe how I’ve interchanged the nis schema for the rfc2307bis schema.

Since quite a long time I’ve been using openLDAP to store all my user accounts for mailserver, owncloud, seafile, … I not only store user accounts in the LDAP but also user groups, preferably as GroupOfNames objects. With my recent decision to drop owncloud for seafile and davical I’ve come to a problem. All my user groups are GroupOfNames, davical however can only work with the alternative posixGroups. Of course I could add another (posix)Group for groups I want to share dates and contacts with. But as those groups are the same I want to share files with I don’t like to do the work in double and want to use the existing GroupOfNames. With the nis schema active a group can either be a GroupOfNames or a posixGroup. By changing the nis schema for the rfc2307bis schema posixGroups will no longer be structural. So with that active a group can be both, a GroupOfNames AND a posix group. Problem solved.
However this migration won’t be easy.
Continue reading “LDAP schema change on existing server”

Setup a davical server on debian

For quite a long time I’ve been using owncloud to sync my calendars, contacts and files between different devices. However I never found it really satisfying. To me owncloud almway made the impression to be feature ladden but not really finished. An impression that got deepend by the last major updates. Features (or modules) got disabled by the update procedure and needed to be reenabled (and often reconfigured) manually. So after each updated I needed to reconfigure the syncing of my calendars, addresses, …. Not a good experience. So I’ve looked out for an alternative. To sync files I’m using a self-hosted install of seafile by now. For calendars and contacts I will give DAViCal a try. DAViCal is a CalDav/CardDAV server only made to manage your contacts and calendars – nothing else.
Continue reading “Setup a davical server on debian”

Ldap replication with syncrepl and ssl

In this post I’m going to describe how I use ldap replication to sync user accounts from my web server to my home server.
On my home server I’m going to setup a ldap server as well. As the user accounts on the “web server” are already stored in a ldap it seems logical to use ldap replication to keep both servers in sync. The ldap on the “web server” (my rented server running mail server, web server, onwcloud etc.) will be used as master, the home server will be the slave. It seems now to be common to talk about provider and consumer instead of master and slave. By the way I consider these terms to be more apropriate for the situation they describe.
Continue reading “Ldap replication with syncrepl and ssl”

Mailserver with ldap tutorial – part 8: webmail interface

Sometimes it can be very useful to be able to read mails via a webmail interface. I’ve decided to use the very powerful but also a bit complex horde framework which also offers clients for calendaring and adressbooks.

Edit 15.05.2012: Meanwhile I’ve switched to roundcube. Horde has proven to be over complicated and rough in the process of updating. As the installation auf roundcube works more or less out of the box I’m not going to describe it here.

This is step 7 of the 8 step tutorial for setting up a mailserver with openldap, postfix and dovecot using virtual users. You can find the overview here.
I’m asuming that all commands are executed with root rights.

Continue reading “Mailserver with ldap tutorial – part 8: webmail interface”

Mailserver with ldap tutorial – step 7: mobile access

Although almost all smartphones support IMAP I’ve decided to setup the Exchange-ActiceSync (EAS) protocol. I’m planning to setup calendaring and shared contacts later and some smartphones (as my Palm Pre) only support this via EAS. There is an open source implementation of this protocol called z-push which is originally designed to work with the zarafa gropupware server. This implementation is designed to work with the zarafa groupware server only. There also is an inoffical version which supports multiple backends. Unfortunatly this will not become part of the official releases due to licensing problems.
My setup described here is based on the unofficial release by forgetaboutit.net.

This is step 7 of the 8 step tutorial for setting up a mailserver with openldap, postfix and dovecot using virtual users. You can find the overview here.
I’m asuming that all commands are executed with root rights.

Continue reading “Mailserver with ldap tutorial – step 7: mobile access”