OpenLDAP Multi-Master Replication in FreeBSD – Part VIII: Clean Up

openldap logo

Clean Up:

After going through this exercise, several aspects of the software configuration needed cleaning up.

  • phpldapadmin:   Generic: User Account password hash defaults to md5
  • phpldapadmin:  Template Warnings of Attributes and Schemas not configured
  • Sendmail.schema:  Include sendmail.schema to slapd.conf
  • Samba.schema:  Include samba.schema to slapd.conf

 Generic User Account:

In phpldapadmin, the default Generic: User Account password hash defaults to md5.

 

Default password hash - md5
Default password hash – md5

 

To change the default password hash of md5 to ssha.  Locate the following in /usr/local/www/phpldapadmin/config/config.php:

/* Default password hashing algorithm. One of md5, ssha, sha, md5crpyt, smd5,
   blowfish, crypt or leave blank for now default algorithm. */
// $servers->setValue('appearance','password_hash_custom','md5');

 

Then, uncomment the following and change “md5” to “ssha”:

/* Default password hashing algorithm. One of md5, ssha, sha, md5crpyt, smd5,
 blowfish, crypt or leave blank for now default algorithm. */
 $servers->setValue('appearance','password_hash_custom','ssha');

 

Now, the default password hash is set to ssha.

 

Template Warnings:

When logging into phpldapadmin, the user is give template warning messages like this:

 

phpldapadmin template warnings
phpldapadmin template warnings

 

To prevent the offending messages from appearing locate the following in /usr/local/www/phpldapadmin/config/config.php:

/* Hide the warnings for invalid objectClasses/attributes in templates. */
// $config->custom->appearance['hide_template_warning'] = false;

 

Then, uncomment the following and change “false” to “true”:

/* Hide the warnings for invalid objectClasses/attributes in templates. */
   $config->custom->appearance['hide_template_warning'] = true;

 

Now, the annoying template messages will not appear!

 

Sendmail and Samba Schemas:

As Sendmail is the default MTU in FreeBSD and available for my users, I included the sendmail.schema in /usr/local/etc/openldap/slapd.conf file.  Also, the need for Samba in the future, the samba.schema was downloaded from samba.org and included in the slapd.conf file as shown below:

 

#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
include /usr/local/etc/openldap/schema/cosine.schema
include /usr/local/etc/openldap/schema/inetorgperson.schema
include /usr/local/etc/openldap/schema/nis.schema
include /usr/local/etc/openldap/schema/sendmail.schema
include /usr/local/etc/openldap/schema/samba.schema

# Define global ACLs to disable default read access........

 

Summary:

As a project gets to completion, it is often a good idea to review the little issues and correct them as opposed to leaving them unfinished.  Although none of the above affect the functionality of the project with the exception of the additional schemas, it is nice to have all the items completed.  Hope you enjoyed this post!

 

Additional Resources:

http://phpldapadmin.sourceforge.net

https://www.samba.org

Leave a Reply

Your email address will not be published. Required fields are marked *