Stuff I'm Up To

Technical Ramblings

Proftpd and LDAP / Active Directory — May 10, 2018

Proftpd and LDAP / Active Directory

We’ve had a vsftpd server for a while and it’s performed very well for us. But it would appear that it’s not actively maintained. This may not be a problem as it still currently works just fine and we don’t have any obvious vulnerabilities with it, but as the OS it’s running on is Wheezy we need to move on at least up to Stretch. So I figured I’d try deploying a new server but configured with proftpd.

Continue reading

Advertisements
Apache Directory Studio — April 19, 2018

Apache Directory Studio

After upgrading Directory Studio – which is a simple case of extracting the tar.gz file into the location you want the executable eg.

$ cd /usr/bin
$ sudo tar xvzf ~/Downloads/ApacheDirectoryStudio-2.0.0.v20170904-M13-linux.gtk.x86_64.tar.gz

I got this error in the log file when running the new version.

org.osgi.framework.BundleException: Unable to acquire the state change lock for the module: osgi.identity;

Continue reading

Squid3 changes for Debian Jessie — July 21, 2017
Using LDAP with Active Directory — September 22, 2016

Using LDAP with Active Directory

Getting your Linux box to talk with Active Directory is pretty straight forward. But doing it securely will need you to have installed your CA certificate into your trusted certificates.

Mostly I’ll only setup anything to do with LDAP/Active Directory is a specific application requires it, otherwise I’ll leave out the Windows authentication bit. I generally don’t use LDAP/AD for the SSH PAM type logons and will configure LDAP when a web server or the like uses it, eg. php5-ldap is required.

Continue reading

Adldap2\Adldap2-Laravel — September 14, 2016
Dovecot, Postfix, Virtual Mailboxes and Active Directory — September 3, 2015

Dovecot, Postfix, Virtual Mailboxes and Active Directory

Well turns out that setting this up isn’t really as straight forward as simply treating Active Directory like LDAP. The main reason seems to be the way you need to authenticate and the limitations of doing any kind of user lookup whilst using auth_bind = yes, just doesn’t seem possible.

In order to resolve this is you have to live with having Dovecot use a static userdb table that returns the gid, uid and home – but then when you try to sort Postfix so that it delivers using Dovecot it fails because it cant use a static userdb to work out if the user account/mailbox exists or not.

So a little acceptance of that fact initially seem upsetting, but then when you get down to it anything that uses the smtpd for delivery is going to be checked for a valid mailbox anyhow.

Continue reading

VSFTPD, LDAP (Active Directory) and Virtual Users — August 4, 2015