What’s the use of having an OpenLDAP Directory if you do not have any clients connected to it? In this article, attaching a Macintosh 10.9 Client to the OpenLdap Directory with standard schemas and storing the contents of our Home Directory on a NFS File Server is demonstrated.
With the advent of NSA snooping, corporate espionage, and general employee mischief, it’s time to start utilizing encryption to snoop-proof data streams emanating from corporate networks. LDAP is but one of many protocols in which encryption is necessary – see flowchart below. This article will focus on using TLS/SSL on the interconnected streams of data originating from and to an OpenLDAP Server and its dependent services. It will not contain much in the area of OpenLDAP ACL’s as a means to segregate different users and data with differing levels of encryption, nor will it focus on SASL and Kerberos as a means to secure data. Again, these topics will present themselves in a future related article.
Part I of this series on OpenLPAD concentrates on configuring a simple OpenLDAP Server. Our goal in adopting OpenLDAP is to provide an authentication mechanism for our LAN Clients, in particular Macintosh OSX Clients, to login to the network and work with data on network shares. Additionally, the installation of OpenLDAP will include the new backend database lmdb – OpenLDAP’s own Lighting Memory-Mapped Database to store Openldap objects. Continue reading “Openldap and Multi-Master Replication in FreeBSD – Part I: OpenLDAP”
When FreeBSD 10 removed Bind from the base, a certain level of uneasiness and relief was felt in the FreeBSD Community. Always fond of Bind, it was time to move on to an alternate without all the complexity, security issues, licensing and feature bloat of Bind. For these and other reasons, Unbound was chosen as a caching DNS server and NSD for an authoritative DNS Server for local zones. Additionally, redundancy is required since this is a production environment which requires uninterruptible DNS resolution. Our environment will consist of two physical servers both configured as follows: Continue reading “Unbound Caching and NSD Local Authoritative Master Slave DNS Server – Part I”
In the past, the built-in ntpd server in Freebsd served me well. Since ntpd binds to all addresses on port 123, ntpd complained incessantly in jailed environments because jails expect to have exclusive access to the jail address. Although it did not cause my server or jails to crash, it’s always better to be safe than sorry and fix the problem now rather than wait for a problem to manifest itself.