Skip to content

Yubico key has arrived!

AsteriskCatalystJabber/XMPPOpenLDAPOpenSIPSOpen SourcePerlPostgreSQLSquidSuretec It's taken us a while to get round to ordering one of these Yubikeys from Yubico, but they do look great and have lots of documentation via the wiki.

We're going to be testing them via the pam module for SSH access (and of course using pam_ldap).

So, users in LDAP[?] via pam, and a Yubikey, let's see how it goes!

(will be interesting for logging in a SIP handset via Asterisk or FreeSWITCH that needs one too and all the others technologies Suretec use and support (Catalyst, Perl, PostgresSQL, Squid and more....). We'll see....

Suretec now have a merchant account!

AsteriskCatalystDojoJabber/XMPPLinuxOpenLDAPOpenSIPSOpen SourcePerlPostgreSQLSquidSuretec It's been a long process, almost 6 weeks, what with the new laws regarding PCI DSS compliance as of the 1st of October 2009, PCI DSS Scans, Business plans, website terms and connditions and many more things we have a merchant account at last!!!

This is mainly for our new Internet Telephony Service Provider called SureVoIP which is currently live with various customers but has no front facing sales and marketing site yet, only the admin and customer portal.

We'll keep you posted with a proper press release in due course.

Thanks,

Gavin.

LDAPCon 2009 Call For Papers

OpenLDAPOpen SourceSuretec The International Conference on LDAP[?] is a technical forum for IT professionals interested in LDAP and related topics like directory servers, directory management applications, directory integration, identity and access management, and meta directories.

It focuses on implementation and integration of LDAP servers and LDAP-enabled client applications. The event will bring together vendors, developers, active and prospective LDAP practitioners to share their experiences about deployment strategies, service operations, interoperability, discuss LDAP usage in new projects and learn about upcoming trends and developments.
Topics

You are involved with LDAP in interesting projects?

- You do LDAP client development?
- You have used LDAP like no-one before?
- You have innovative concepts in LDAP Integration?

Why not share your experiences, good and bad, with others?

We look for speakers who ae willing to talk about:

Continue reading "LDAPCon 2009 Call For Papers"

Realtime Integration Of Asterisk 1.4 With Kamailio/OpenSIPS 1.5.x

AsteriskJabber/XMPPOpenLDAPOpenSIPSOpen SourceSuretec This has just appeared on voip-info.org via our Google Alerts and will answer
a lot of questions that appear on the Kamailio and OpenSIPS mailing lists:

http://www.voip-info.org/wiki/view/Realtime+Integration+Of+Asterisk+1.4+With+Kamailio+1.5.x

All that is left is to switch to LDAP[?] authentication using the OpenSIPS LDAP module and res_config_ldap Asterisk plugin ;-)

Cheers.

OpenLDAP Quick Tips: Replication Strategies

OpenLDAPOpen SourceSuretec Hi All,

Here's the 22nd tip in the "OpenLDAP Quick Tips" series:

"You are not sure what type of OpenLDAP replication to use, but you know you need to".

This tip won't actually go into the technical setup (and isn't very quick ;-) ) of the different replication types, we'll leave that for another set of tips. You can always read up on them yourself in the Replication section of the OpenLDAP 2.4 Administrator's Guide. Or if you're coming to the UKUUG's annual Large Installation Systems Administration (LISA) you'll be able to hear Howard Chu and myself give our talks:

- OpenLDAP Replication Strategies - Gavin Henry (Suretec Systems & OpenLDAP project)
- OpenLDAP and MySQL: Bridging the Data Model Divide - Howard Chu (Symas Corp. & OpenLDAP project).

Andrew Findlay (Skills 1st), another respected authority on LDAP[?] will also be giving a talk on Writing Access Control Policies for LDAP.


Anyway, on to the strategies.

Continue reading "OpenLDAP Quick Tips: Replication Strategies"

OpenLDAP Quick Tips: Interacting with LDAP from shell scripts by Vincent van Gelder

OpenLDAPOpen SourceSuretec Hi All,

Here's the 21st tip in the "OpenLDAP Quick Tips" series kindly contributed by Vincent van Gelder.

"You need to carry out LDAP[?] operations using shell scripts".

The following is an example sent in by Vincent van Gelder (you can e-mail your tip to us too):

------------------------
The following script I use when interacting with ldap[?] from shell scripts:


http://members.tripod.com/vgoenka/unixscripts/unldif.sed.txt


Sample script:

CODE:
###################################### #!/bin/bash PHOTO=/tmp/tux.jpg IFS=$'\n' for dn in $(ldapsearch -ZZ -LLL -A -b 'ou=Users,ou=Intranet,o=Company,c=NL' -s one '(&(!(jpegPhoto=*))(objectClass=inetOrgPerson))' jpegPhoto \  | unldif  | grep '^dn' ) do     echo $dn     echo "changetype: modify"     echo "add: jpegPhoto"     echo "jpegPhoto::$(openssl base64 -in $PHOTO | sed 's/^/ /')"     echo done ######################################


The sample script fetches users from ldap whithout a photo and adds a
default photo. Output is a ldif.

It also demonstrates how to add binary attributes from shell using
openssl tool.

The unldif script makes sure the dn is always just one line.

--
Met vriendelijke groet,

Vincent van Gelder
------------------------


Thanks,

Gavin.

If you have an entry for our "OpenLDAP Quick Tips" series, why not e-mail your tip to us.

P.S. For direct access to this section, you can click OpenLDAP Quick Tips.

OpenLDAP Source vs Symas OpenLDAP

Open SourceSuretec We've just published two comparisons of OpenLDAP source management versus Symas OpenLDAP Packages:

Nothing special, just a quick comparison.

Suretec®

OpenLDAP Quick Tips: Enable in Directory Monitoring

OpenLDAPOpen SourceSuretec Hi All,

Here's the 20th tip in the "OpenLDAP Quick Tips" series:

"You need to obtain information regarding the current state of your slapd instance":

slapd(8) supports an optional LDAP[?] monitoring interface you can use to obtain information regarding the current state of your slapd instance. For instance, the interface allows you to determine how many clients are connected to the server currently. The monitoring information is provided by a specialized backend, the monitor backend. A manual page, slapd-monitor(5) is available.


At the end of your slapd.conf file add:

CODE:
database monitor


and restart.

You'll now be able to query information like the following and use it in your monitoring tools:

CODE:
dn: cn=Total,cn=Connections,cn=Monitor structuralObjectClass: monitorCounterObject monitorCounter: 4 entryDN: cn=Total,cn=Connections,cn=Monitor subschemaSubentry: cn=Subschema hasSubordinates: FALSE



Thanks,

Gavin.

If you have an entry for our "OpenLDAP Quick Tips" series, why not e-mail your tip to us.

P.S. For direct access to this section, you can click OpenLDAP Quick Tips.

OpenLDAP Quick Tips: Encrypt your Oracle Berkeley DB if necessary

OpenLDAPOpen SourceSuretec Hi All,

Here's the 18th tip in the "OpenLDAP Quick Tips" series:

"You need to encrypt the raw bdb files":

This might be useful various reasons:

It may actually provide some value to sites that do regular backups of their raw DB files. It may actually be useful in some cases where you provide an encryption key on separate removable media (e.g. a USB flash drive). It might actually prevent a news article down the road on how some organization lost their 5 million record customer database and now all that unprotected data is now being exploited by criminals.

I doubt it, of course. It exacts a performance penalty on every DB operation, so I don't think anyone will be able to use this long-term. For the off-site backup scenario, it makes more sense to just encrypt the backup images (tar format or whatever backup utility is used). That way you only spend cycles on encryption once, at backup time. Any site that's savvy enough to do automated backups can certainly figure out how to protect those backups with encryption.


Continue reading "OpenLDAP Quick Tips: Encrypt your Oracle Berkeley DB if necessary"

OpenLDAP Quick Tips: Always 'make test'

OpenLDAPOpen SourceSuretec Hi All,

Here's the 17th tip in the "OpenLDAP Quick Tips" series:

"You've successfully built your own instance of OpenLDAP but want to make sure you've done it right":

So, you've grabbed the latest version, compiled it and want to get started straight way, but stop! Hours and hours have been spent writing test scripts for OpenLDAP, so please, please, please run:

CODE:
make test


before

CODE:
su -c "make install"


and save the OpenLDAP Issue Tracking System from getting full with silly reports!

Also, see our installation section of the FAQ.

If this is too much, why not get supported, prepackaged versions of OpenLDAP: Symas™ OpenLDAP™ Directory Services™

Thanks,

Gavin.

If you have an entry for our "OpenLDAP Quick Tips" series, why not e-mail your tip to us.

P.S. For direct access to this section, you can click OpenLDAP Quick Tips.

OpenLDAP Quick Tips: Auditing - who modified what at what times?

OpenLDAPOpen SourceSuretec Hi All,

Here's the 16th tip in the "OpenLDAP Quick Tips" series (as requested by Bronius Motekaitis):

"You want to audit OpenLDAP for changes: who modified what at what times?":

Apart from normal logging via syslog there are two options for this; file based audit logging or LDAP[?] based logging (in directory).

For file based see Audit Logging and related man page slapo-auditlog:

The Audit Logging overlay can be used to record all changes on a given
backend database to a specified log file. Changes are logged as stan-
dard LDIF, with an additional comment header giving the timestamp of
the change and the identity of the user making the change.


For in directory logging see Access Logging and related man page slapo-accesslog:

The Access Logging overlay can be used to record all accesses to a
given backend database on another database. This allows all of the
activity on a given database to be reviewed using arbitrary LDAP
queries, instead of just logging to local flat text files.


Thanks,

Gavin.

If you have an entry for our "OpenLDAP Quick Tips" series, why not e-mail your tip to us.

P.S. For direct access to this section, you can click OpenLDAP Quick Tips.

OpenLDAP Quick Tips: Change loglevels on the fly!

OpenLDAPOpen SourceSuretec Hi All,

Here's the 15th tip in the "OpenLDAP Quick Tips" series:

"You want to change your OpenLDAP loglevel to get more information, but can't take your directory server offline":

If you've been following the OpenLDAP Quick Tips series, you would have already read Switch to the dynamic config backend (cn=config) and will now have a live slapd dynamic backend configured. If not, go back and read it over ;-)
Continue reading "OpenLDAP Quick Tips: Change loglevels on the fly!"

OpenLDAP Quick Tips: OpenLDAP Logfile analysis

OpenLDAPOpen SourceSuretec Hi All,

Here's the 14th tip in the "OpenLDAP Quick Tips" series and today it comes from "Pablo Chamorro":

"You want to analyse your OpenLDAP logfile":

There are various ways to do this yourself by hand, but the have community already done the work for you and written the:

OpenLDAP Logfile analysis utility:

ldap[?]-stats.pl is a Perl program that can be used to analyze and report on OpenLDAP logfiles. The available reports include: operations (e.g., Connect, Bind, Unbind) performed per host, unindexed searches, attributes requested, search filters used, total operations per server, and operation breakdowns by day, hour and month.


A short sample output would look like:
Continue reading "OpenLDAP Quick Tips: OpenLDAP Logfile analysis"

OpenLDAP Quick Tips: Use the FAQ!

OpenLDAPOpen SourceSuretec Hi All,

Here's my 13th tip in the "OpenLDAP Quick Tips" series:

"You have a question, but you're sure someone has been there before":

That's what our FAQ-O-Matic is for!

Search it, browse it and check the common areas:

  1. Installation

  2. Configuration

  3. Integration

  4. Maintenance

  5. Common Errors

  6. When all else fails...


When all else fails, join our mailing lists.

Thanks,

Gavin.

If you have an entry for our "OpenLDAP Quick Tips" series, why not e-mail your tip to us.

P.S. For direct access to this section, you can click OpenLDAP Quick Tips.
tweetbackcheck