OpenBSD ships with an LDAP daemon since 4.8. I have an all-in-one server from which the LDAP service has to be shipped out. I’m going to replace that OpenLDAP daemon with the LDAP daemon from OpenBSD 5.1. I already wrote about how to enable LDAP on OpenBSD 4.8.
Those will be updated notes for OpenBSD 5.1 and additional directions to allow monitoring the LDAP activity using SNMP and Xymon server.
In an Active Directory environments, you have (Windows) computers joined to a domain that does a lot a magic to allow you to use services without really thinking of it. You have Network Browsing, Exchange auto discovery…
I’m going to use general I.T. tools to explore the Active Directory and guess what we can connect to with our non-Microsoft system.
That day, at work, I had to check if an application has been implemented as it should have been.
The application was supposed to use Active Directory groups to filter users access to some data.
I’m no admin on my desktop ; but I had to find a “standard” way to query the corporate Active Directory.
Here’s the trick.
I have a LDAP instance running the OpenBSD’s ldapd. I installed the
openldap-client package so that I get
ldapsearch, but there doesn’t seem to be any
slapcat-like tool ; which may be used to backup the LDAP content in LDIF format.
Here’s a trick to dump the
ldapd content using
# ldapsearch -x -H ldaps://ldap.tumfatig.net -D "cn=admin,dc=tumfatig,dc=net" -W -b "dc=tumfatig,dc=net" -LLL > ldapd-"`date +%Y%m%d`".ldif
This generates a file in LDIF format which can be used by
ldapadd to fill another LDAP instance.
Like I did with NetBSD, this is how to build an almost complete Mail Server with OpenBSD.
We’re gonna use a Dovecot IMAP server and a Postfix SMTP server. Postfix will use Dovecot as a SASL service. Both will use LDAP to identify valid users and e-mail aliases. Mail sanitization will be provided by RBL, from Postfix, and by the
spamd shipped with OpenBSD.