Arief Yudhawarman

Masih belajar buat blog

Archive for the ‘LDAP’ Category

LDAP Tutorial (2)

with one comment


Security Policy

We are going to build an Access Control Policy (ACP a.k.a. ACL) based on Corporate Policy which states:

  1. The directory entry owner is able to see and update ALL the directory attributes including passwords.
  2. Human Resources must be able to update ANY entry but must not be able to read or write the users password.
  3. The Directory entries carlicence, homepostaddress and homephone must not be readable by anyone except human resources and the owner of the directory entry.
  4. All users must authenticate (anonymous access is not allowed).
  5. The IT department must be able to update or change the password entry on ALL directory entries.

Whatever your opinions of the above policy we are going to have to provide the access controls to implement it. The first thing we have do is to create two groups one for hrpeople and one for itpeople to enable us to assign group permissions. We will locate these groups using a groups branch under the DIT root. The diagram below shows our new structure.


Read the rest of this entry »

Advertisements

Written by awarmanf

November 1, 2017 at 2:59 am

Posted in LDAP, Linux, perl

Tagged with , ,

LDAP Tutorial (1)

leave a comment »


LDAP

LDAP is an acronym for Lightweight Directory Access Protocol, it is a simplified version of the X.500 protocol. The directory setup in this section will be used for authentication. Nevertheless, LDAP can be used in numerous ways: authentication, shared directory (for mail clients), address book, etc.

To describe LDAP quickly, all information is stored in a tree structure. With OpenLDAP you have freedom to determine the directory arborescence (the Directory Information Tree: the DIT) yourself. We will begin with a basic tree containing two nodes below the root:

  • People node where your users will be stored
  • Groups node where your groups will be stored

Before beginning, you should determine what the root of your LDAP directory will be. By default, your tree will be determined by your Fully Qualified Domain Name (FQDN). If your domain is example.com (which we will use in this example), your root node will be dc=example,dc=com.

Entries are in a tree-like structure called Directory Information Tree (DIT)

Read the rest of this entry »

Written by awarmanf

October 27, 2017 at 6:42 am

Posted in LDAP, Linux, perl

Tagged with , ,

Setup Free Radius dengan Autentikasi ke OpenLDAP

with 4 comments

Topologi

Topologi radius openldap

Topologi radius openldap


Server dan Router:

  1. OpenLDAP
    • ether0: 192.168.1.2
  2. Radius Server
    • ether0: 192.168.1.3
  3. Mikrotik
    • ether1: 192.168.1.1
    • ether2: 192.168.10.1

Read the rest of this entry »

Written by awarmanf

January 6, 2015 at 2:24 am

Ubah Password LDAP Root Zimbra

leave a comment »

Sewaktu masih menggunakan zimbra versi 6.x penggantian password ldap root dilakukan dengan perintah:

[zimbra@server ~]$ zmldappasswd -r newpassword
Updating local config and LDAP


Namun usai upgrade zimbra ke versi 7.2.1 ternyata penggantian password ldap root tidak bisa dilakukan dengan cara demikian. Saat dilakukan penggantian password muncul error seperti di bawah ini:

[zimbra@server ~]$ zmldappasswd -r newpassword
Updating local config and LDAP
TLS: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Penulis sudah googling namun tidak menemukan solusi untuk masalah di atas.
Akhirnya setelah membaca manual LDAP, masalah di atas dipecahkan dengan cara ubah password melalui perintah ldapmodify secara interaktif. Sebagaimana kita ketahui ldap root itu adalah user root atau dn: cn=config LDAP (dn: distinguished name).
Read the rest of this entry »

Written by awarmanf

January 6, 2015 at 2:18 am

Posted in LDAP, Linux, zimbra

Tagged with , ,

Backup Email Secara Live – 2

leave a comment »

Pada tulisan sebelumnya telah dibahas strategi atau langkah-langkah untuk backup email secara live dengan menggunakan MTA Postfix + Courier-Imap + Courier-Authlib sebagai Mail Server Backup. Selanjutnya pada tulisan ini akan dibahas backup email menggunakan Zimbra Open Source Edition.

Schema Live Email Backup

Schema Live Email Backup

Secara garis besar adalah sebagai berikut:

  • Backup email user dilakukan secara transparent dengan membuat rule sender_bcc dan recipient_bcc di konfigurasi postfix Server Mail.
  • Setup Server Mail Backup dengan Zimbra Open Source Edition untuk menerima trafik backup email incoming dan outgoing dari Server Mail.
  • Setup email filtering di account email user yang akan dibackup untuk menyimpan berkas email masuk ke folder Inbox dan Sent.

Read the rest of this entry »

Written by awarmanf

January 6, 2015 at 2:13 am

Posted in LDAP, Linux, postfix, zimbra

Tagged with , , ,

Instalasi Zimbra 8.5 + Samba 3.6.9 PDC di CentOS 6.5

with 10 comments

Prolog

Artikel ini ditulis untuk menjawab keingintahuan teman-teman di facebook dan milis id-zimbra yang bertanya apakah Zimbra ZCS 8.5 bisa terintergrasi dengan Samba PDC (Primary Domain Controller) agar menjadi database user terpusat untuk autentikasi user Linux maupun Windows. Hal ini bisa dicapai dengan mengkonfigurasi Zimbra LDAP yang bekerja sebagai database user terpusat untuk PAM (Pluggable Authentication Modules), NSS (Name Service Switch), dan Samba ldapsam password backend.

Referensi dasar artikel ini adalah tulisan di wiki zimbra UNIX and Windows Accounts in Zimbra LDAP and Zimbra Admin UI namun ada perubahan significant untuk modifikasi Zimbra LDAP di ZCS Zimbra 8.5.0 agar support Samba PDC yakni:

  • File zimlet zimbra_posixaccount.zip dan zimbra_samba.zip disimpan ke /opt/zimbra/zimlets/ alih-alih /opt/zimbra/zimlets-extra/
  • Zimbra LDAP menggunakan database type mdb (sebelumnya bertype hdb) sehingga saat menambahkan indexes untuk PAM dan Samba harus menggunakan DN (distinguished name) dn: olcDatabase={2}mdb,cn=config
  • Modifikasi LDAP ACL untuk DN olcDatabase={2}mdb,cn=config mulai dari entry ke-10
  • Harus menambahkan DN root uid=root,ou=people,dc=domain,dc=tld agar proses intergrasi Samba PDC lancar

Read the rest of this entry »

Written by awarmanf

November 6, 2014 at 9:43 am

Posted in centos, LDAP, Linux, samba, zimbra

Tagged with , , , ,