Arief Yudhawarman

Masih belajar buat blog

LDAP Tutorial (2)

with one comment


Security Policy

We are going to build an Access Control Policy (ACP a.k.a. ACL) based on Corporate Policy which states:

  1. The directory entry owner is able to see and update ALL the directory attributes including passwords.
  2. Human Resources must be able to update ANY entry but must not be able to read or write the users password.
  3. The Directory entries carlicence, homepostaddress and homephone must not be readable by anyone except human resources and the owner of the directory entry.
  4. All users must authenticate (anonymous access is not allowed).
  5. The IT department must be able to update or change the password entry on ALL directory entries.

Whatever your opinions of the above policy we are going to have to provide the access controls to implement it. The first thing we have do is to create two groups one for hrpeople and one for itpeople to enable us to assign group permissions. We will locate these groups using a groups branch under the DIT root. The diagram below shows our new structure.


Read the rest of this entry »

Advertisements

Written by awarmanf

November 1, 2017 at 2:59 am

Posted in Linux, LDAP, perl

Tagged with , ,

LDAP Tutorial (1)

leave a comment »


LDAP

LDAP is an acronym for Lightweight Directory Access Protocol, it is a simplified version of the X.500 protocol. The directory setup in this section will be used for authentication. Nevertheless, LDAP can be used in numerous ways: authentication, shared directory (for mail clients), address book, etc.

To describe LDAP quickly, all information is stored in a tree structure. With OpenLDAP you have freedom to determine the directory arborescence (the Directory Information Tree: the DIT) yourself. We will begin with a basic tree containing two nodes below the root:

  • People node where your users will be stored
  • Groups node where your groups will be stored

Before beginning, you should determine what the root of your LDAP directory will be. By default, your tree will be determined by your Fully Qualified Domain Name (FQDN). If your domain is example.com (which we will use in this example), your root node will be dc=example,dc=com.

Entries are in a tree-like structure called Directory Information Tree (DIT)

Read the rest of this entry »

Written by awarmanf

October 27, 2017 at 6:42 am

Posted in Linux, LDAP, perl

Tagged with , ,

Zimbra Email Administration

with one comment


Zimbra Email Administration

Kantor tempat penulis bekerja sudah lama menggunakan produk Zimbra terutama produk OSE (Open Source Edition). Untuk administrasi email sehari-hari seperti buat account email baru, disable account email, buat email alias, dll penulis menggunakan script bash di Server Zimbra yang dikustomasi sendiri alih-alih menggunakan aplikasi web Zimbra Admin. Kemudian ada penambahan domain baru dimana pengelolaan domain ini membutuhkan user lain – non admin – yang bisa mengelola administrasi email sehari-hari melalui aplikasi web.

Usai melakukan searching di google penulis menemukan link Zimbra Domain Admin. Aplikasi web tersebut berbasis PHP dan memungkinkan user non admin untuk melakukan operasi buat dan hapus account email, ganti password, cek kuota email dan cek login terakhir user.

Read the rest of this entry »

Written by awarmanf

October 18, 2017 at 2:58 pm

Posted in Linux, zimbra, perl

Tagged with , , ,

SMS Web

with 2 comments

Pada artikel yang lalu penulis sudah membahas aplikasi SMS Gateway dengan Perl. Di aplikasi itu untuk mengirim sms dilakukan melalui init script atau buat file txt yang disimpan di folder tertentu agar bisa diproses oleh aplikasi. Di kesempatan ini penulis membahas aplikasi kirim sms dengan script cgi melalui web. Kirim sms bisa dilakukan dengan lebih mudah baik melalui browser atau wget.

Contoh link untuk kirim sms melalui browser:
http://smsserver/cgi-bin/sms.cgi?user=user&pass=password&to=085236001234&txt=Tes%20kirim%20sms

Contoh kirim sms melalui wget:
wget -O hasil.txt “http://smsserver/cgi-bin/sms.cgi?user=user&pass=password&to=085236001234&txt=Tes kirim sms”

Kita lihat bahwa kalau kirim sms menggunakan browser maka user harus melakukan karakter encoding seperti karakter spasi harus diencode menjadi %20.

Aplikasi ini mendukung kirim sms ke lebih dari satu nomor tujuan. Lihat contoh pada akhir tulisan ini.

Read the rest of this entry »

Written by awarmanf

January 4, 2017 at 9:12 am

Posted in Linux, perl

Instalasi Xen Hypervisor pada Debian Wheezy

leave a comment »


Xen Hypervisor

Xen is an open-source (GPL) type-1 or baremetal hypervisor, which makes it possible to run many instances of an operating system or indeed different operating systems in parallel on a single machine (or host).
Here are some of the Xen Project hypervisor’s key features:

  • Small footprint and interface (is around 1MB in size). Because it uses a microkernel design, with a small memory footprint and limited interface to the guest, it is more robust and secure than other hypervisors.
  • Operating system agnostic: Most installations run with Linux as the main control stack (aka “domain 0”). But a number of other operating systems can be used instead, including NetBSD and OpenSolaris.
  • Driver Isolation: The Xen Project hypervisor has the capability to allow the main device driver for a system to run inside of a virtual machine. If the driver crashes, or is compromised, the VM containing the driver can be rebooted and the driver restarted without affecting the rest of the system.
  • Paravirtualization: Fully paravirtualized guests have been optimized to run as a virtual machine. This allows the guests to run much faster than with hardware extensions (HVM). Additionally, the hypervisor can run on hardware that doesn’t support virtualization extensions.

Guest types
Xen supports running two different types of guests: Paravirtualization (PV) and Full or Hardware assisted Virtualization (HVM). Both guest types can be used at the same time on a single Xen system. It is also possible to use techniques used for Paravirtualization in an HVM guest: essentially creating a continuum between PV and HVM. This approach is called PV on HVM. See the Xen Overview on the Xen wiki for more information.

Domain 0
Xen has a special domain called domain 0 which contains drivers for the hardware, as well as the toolstack to control VMs. Domain 0 is often referred to as dom0. Before installing Xen you should install Debian on the host machine. This installation will form the basis of Domain 0.

Xen Architecture

Xen Architecture

Referensi:

  1. Xen
  2. Xen Project Software Overview

Read the rest of this entry »

Written by awarmanf

September 7, 2016 at 3:30 am

Posted in Linux, virtualization, xen

SMS Gateway dengan Perl

with one comment


SMS Gateway

Pada pertengahan tahun 2005 penulis mengerjakan proyek SMS Gateway untuk proses perhitungan suara pada Pilkada di Jember. Pada saat itu penulis menggunakan aplikasi SMS Server Tool (smstools) dan modem GSM Siemens MC35i dan TC35i. Harganya per biji waktu itu 2,1 juta.

Modem GSM Siemens

Modem GSM Siemens

Dibandingkan dengan aplikasi sms server saat ini seperti kannel atau gammu, smstools sangatlah sederhana. Aplikasi smstools-1.14.3.tar.gz yang saat itu penulis pakai hanya mempunyai fitur konfigurasi sms. Untuk pengolahan sms yang masuk dilakukan melalui script programming seperti bash atau perl begitu pula untuk menyimpan sms ke dalam database seperti MySQL.


Modem GSM

Beberapa tahun kemudian penulis mendapatkan tugas di kantor membuat SMS Gateway untuk broadcast sms internal ke staff kantor baik pusat maupun cabang. Dengan memperhatikan kepraktisan dan kemudahan penulis menggunakan kannel dan playSMS sedangkan modem gsm menggunakan “Wavecom Fast Track” dengan koneksi serial.

Wavecom Fast Track

Wavecom Fast Track


Read the rest of this entry »

Written by awarmanf

August 18, 2016 at 2:42 pm

Setup Free Radius dengan Autentikasi ke OpenLDAP

with 4 comments

Topologi

Topologi radius openldap

Topologi radius openldap


Server dan Router:

  1. OpenLDAP
    • ether0: 192.168.1.2
  2. Radius Server
    • ether0: 192.168.1.3
  3. Mikrotik
    • ether1: 192.168.1.1
    • ether2: 192.168.10.1

Read the rest of this entry »

Written by awarmanf

January 6, 2015 at 2:24 am