[Network Administration] : Postfix and LDAP recipients

Given that I’ve already put my addresses into the LDAP directory, I’m going to use that to pull my recipients for local delivery. There is information on the Postfix website, here and here.

Appropriate section of /etc/postfix/main.cf

# all main to the domain is slated for local delivery
mydestination = $mydomain, $myhostname, localhost.$mydomain, localhost
# Set aliases to the postfix configuration directory
alias_maps = hash:${config_directory}/aliases
alias_database = hash:${config_directory}/aliases
# Local recipients are stored in ldap
# Alias maps also needs to be added here to accept mail for aliases locally
local_recipient_maps = ldap:${config_directory}/ldap-recipients.cf $alias_maps

The file ldap-recipients.cf file has the information to connect to the LDAP server.

server_host = <SERVER>
search_base = ou=users,dc=example,dc=com
version = 3
query_filter = mail=%s
result_attribute = uid
start_tls = yes
tls_require_cert = yes
tls_ca_cert_file = <CA certificate chain>

We require the verification of the LDAP certificate, so we need to specify the certificate chain.

[Network Administration]: OS X and Mobile Accounts

I have both Ubuntu and Linux machines. One of the goals is to have access to all of the same information regardless of where I log in, and to have it transparent to the machine that I’m actually using. Continue reading “[Network Administration]: OS X and Mobile Accounts”

[Network Administration]: Automounter over LDAP

This is basically an update to the autofs and automounter page that was published earlier to reflect some changes to how things are set up now. I still have my automount maps in the LDAP directory, but the DN for the maps is updated to the currently provided autofs schema that comes with the Ubuntu package instead of the rfc2307bis schema which seems to have languished in draft form. I’ve also unified some of the files across both Linux machines and OS X. Continue reading “[Network Administration]: Automounter over LDAP”

[Network Authentication]: OS X Kerberos Authentication and LDAP Authorization

I’ve also enabled Kerberos authentication and LDAP authorization on my OSX machine in addition to Linux machines. OSX supports Kerberos out of the box and deploys it for authentication against an OSX server. Also, the native OpenDirectory implementation is OpenLDAP, so we should be able to talk with our LDAP directory. Additionally, we’ve generated the directory entries with the records that we’ll need for OSX authorization, we just need to enable it. Continue reading “[Network Authentication]: OS X Kerberos Authentication and LDAP Authorization”

[Network Administration]: Linux Kerberos Authentication and LDAP Authorization

Once principals are added to the Keberos Database, and the account information is added to the LDAP directory, then the client Linux machines can be configured to access the information and allow for network accounts to be used. Continue reading “[Network Administration]: Linux Kerberos Authentication and LDAP Authorization”

[Network Administration]: Network Accounts

At a basic level, the Kerberos KDC manages the passwords, and the LDAP directory is used to manage user accounts and user groups for both Linux systems and OSX systems. In order to do this, the Kerberos KDC needs to have users and passwords, and the directory needs entries with some basic information that both systems require for authorization. Once the information is in both the KDC and the directory, then both linux and OSX systems can be configured to use the information.
Continue reading “[Network Administration]: Network Accounts”

[Network Administration]: LDAP Directory Service – Frontend and Scripts

I’ve got my authentication service and directory set up and running. Now it needs to be populated. In addition to keeping user and group records, I’m going to be using this for a couple of different services in addition to keeping user and group records such as automount maps and information for a mail server (currently in a MySQL database) as well as more traditional directory information. I’ve created the directory to be more deep than wide putting daemon information under it’s own organizational unit. There are also some packages to manage the entries in Perl.
Continue reading “[Network Administration]: LDAP Directory Service – Frontend and Scripts”