In addition to the standard sudoers file, sudo may be configured via LDAP. This can be especially useful for synchronizing sudoers in a large, distributed environment. You need to have LDAP server and client...
There is a plenty of Linux distributions, so there is not my point to describe how to configure autofs in every one of them. This description is based on RedHat/CentOS, but it can be...
Last time I wrote about autofs configuration on LDAP server, now it is time to configure autofs client in Solaris. I assume that in DUAConfigProfile, objectClasses and attributes are already defined. You can check...
If you have LDAP server as user repository it is also good to have NFS server to store their home directories. To avoid autofs map configuration on every host, you can use LDAP service...
I wrote before about schema conversion to LDIF format and how to add schemas offline by uploading them to config/schema directory in OpenDJ. Now I will describe how to extend schema online, without restart...
Sometimes you need to combine two or more LDAP directories with same suffixes to one directory or you just need to have a proxy. My first attempts to combine two OpenLDAP directories was to make replication from two different sources. This solution however has some disadvantages. First of all: to have syncprov replication your environment must be uniform, this means all source servers and proxy needs to be OpenLDAP. Second: I observed that this is not so stable, because of mentioned earlier issues with OpenLDAP replication.
(Polski) Ostatnim razem pisałem o uwierzytelnianiu użytkowników w katalogu LDAP aby umożliwiać im odbieranie i nadawanie poczty. Teraz nadszedł czas aby skonfigurować Postfixa aby dostarczał pocztę do właściwych skrzynek.
Jeśli sam kompilujesz Postfixa musisz pamiętać o dodaniu do niego wsparcia dla LDAP. Mój opis tym razem bazuje na Ubuntu, więc trzeba tylko zainstalować odpowiedni pakiet postfix-ldap:
$ sudo -i
# apt-get install postfix-ldap
To załatwi sprawę wsparcia map
ldap: w Postfixie.
Teraz idziemy do konfiguracji Postfixa:
soft@wega:~/openldap% ./drf_openldap-2.4.25_conf cc: Sun C 5.10 SunOS_sparc 2009/06/03 usage: cc [ options] files. Use 'cc -flags' for details MANPATH=/usr/local/share/man:/usr/local/man:/usr/share/man PATH=/usr/local/bin:/usr/bin:/opt/SUNWspro/bin:/usr/ccs/bin CFLAGS=-fast -xautopar CPPFLAGS=-I/usr/local/ssl/include -I/usr/local/BerkeleyDB.5.1/include -I/usr/local/include CXXFLAGS=-fast -xautopar LDFLAGS=-L/usr/local/ssl/lib -R/usr/local/ssl/lib -L/usr/local/BerkeleyDB.5.1/lib -R/usr/local/BerkeleyDB.5.1/lib -L/usr/local/lib -R/usr/local/lib ============================================= dmake clean [y|n] ? n
I suppose that Dovecot and Postfix are up and running, and you can receive and send mail with system user (see previous posts). It is time to configure authentication in LDAP.
Use of directory service to user authentication allows for flexible management of mail system, hosting and so on. LDAP is established standard for authentication and authorization and almost all software which requires authentication support this protocol.
Let’s begin from POP3/IMAP Dovecot server, which also deliver authentication mechanism for Postfix:
/usr/bin/sudo -i cd /etc/dovecot vi dovecot-ldap.conf
In this file you need to define LDAP server/s parameters, authentication method, filter and attributes. I list those most important:
hosts = localhost auth_bind = yes base = o=hosting,dc=example,dc=com scope = subtree user_attrs = homeDirectory=home user_filter = (&(objectClass=mailUser)(mail=%u)) pass_attrs = mail=user,userPassword=password pass_filter = (&(objectClass=mailUser)(mail=%u))
The power of directory service is possibility to define your own object classes, attributes, rules and so on. It also allows grouping it in schemas, which you can add to LDAP configuration.
As for now most of schemas, which you can find in Internet is organized into blocks, which contains definitions of attributes and object classes. This looks like:
attribute type definition:
attributetype ( 188.8.131.52.4.1.323184.108.40.206.9 NAME 'accountStatus' DESC 'The status of a user account: active, disabled' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 220.127.116.11.4.1.1418.104.22.168.26 SINGLE-VALUE )