Getting Started with OpenLDAP, Part 6

Before we get into creating centralised authentication and roaming profiles, we need to look at the process that ensures all users on the network get access to their data, irrespective of the location or system they log on to. It might be beyond the scope of an article pertaining to LDAP, but it is important in the context of centralised authentication environments, where all users must have access to their desktop. This feature is an essential requirement in modern computing environments and therefore, I feel the need to elaborate on auto-mounting here. Let’s get down to work The test...

read more

Getting Started with OpenLDAP, Part 5

In Part 4, we created an OpenLDAP-based address book with basic data. In this article, we will focus on centralised network authentication—a basic requirement of the networked world. Modern-day users centrally authenticate to a plethora of services that range from webmail service providers and office desktop passwords to ticket-booking sites for travel, entertainment, etc. Most of these sites and office servers save at least the username/password attributes in a centralised directory. In this article, we will configure Linux clients for authentication through a centralised directory. The...

read more

Getting Started with OpenLDAP, Part 4

I hope readers have explored the various attributes used to create records in LDAP directories. Once you have a list of the data items (attributes) that you want to store in your directory, the next step is to locate the appropriate ObjectClasses that contain those attributes. You can use multiple ObjectClasses in one record, but not all ObjectClasses can be used together. In this article, we will discuss how to find and use ObjectClasses to obtain all the attributes needed to store the desired data in a directory. Let us approach this exercise with a specific example—an addressbook, or in...

read more

Getting Started with OpenLDAP, Part 3

To understand ACLs and LDAP security better, we need to understand the underlying structure of data in a directory. In this part, we explore LDAP concepts such as schema, ObjectClasses and attributes — these will help us build an LDAP server capable of authenticating Linux users. A schema file can be understood to be analogous to a spreadsheet file. Each schema file defines certain ObjectClasses and attributes. ObjectClasses can be considered to be similar to each sheet within a spreadsheet file. Attributes are analogous to each column within a sheet. In other words, multiple attributes are grouped together in an ObjectClass. Multiple ObjectClasses can be grouped to form a record. The ability to use different schemas (or schemata) for a single record enables a directory to store records with different data—providing much greater flexibility. Let’s see all these in action.

read more

Getting Started with OpenLDAP, Part 2

In this part, we take a look at adding an initial level of security to OpenLDAP servers. We cover how to encrypt rootdn password with slappasswd, understand the structure of slapd.conf file, and disable anonymous directory read. We also learn the structure of slapd.conf and how to check it using slaptest, a utility that reads slapd.conf and checks whether it is in order or not — especially required in production environments, where configuration changes and updates must be thoroughly tested before applying them. Finally, we touch up on the sublect of ACLs (access controls) in slapd.conf.

read more

Getting Started with OpenLDAP, Part 1

LDAP (Lightweight Directory Access Protocol) is a protocol used to access directories. OpenLDAP is the open source implementation of LDAP. OpenLDAP software suite consists of a directory server and a client to access the directory. To be able to query other LDAP servers, only the openldap-client is required. In this article we will get started with installing and configuring an OpenLDAP client. Later we learn to install and configure the OpenLDAP server. We will also learn how to populate the directory server with data and search the directories anonymously.

read more

Understanding SELinux, Part 9

Understanding how subjects (or processes) that have been created in memory get their SELinux security contexts.

read more

Understanding SELinux, Part 8

Let’s look at how to set default security contexts for files using policy modules. We will also use policy modules to set rules that will automatically transition the default type assigned to files and folders at the time of creation.s

read more

Understanding SELinux, Part 7

Let’s explore how to go about creating real-life policy modules.

read more

Understanding SELinux, Part 6

In this article, we will learn about the basics of policy modules.

read more

Understanding SELinux, Part 5

In Part 4, we looked at allow rules in an SELinux policy. This time we will discuss SELinux error logs in order to decipher them and take corrective action.

read more

Understanding SELinux, Part 4

Let’s explore how Allow Rules are applied for access permissions to objects based on their Security Contexts.

read more

Understanding SELinux, Part 3

In Part 2 we barely scratched the surface of the SELinux Targeted Policy that’s shipped with RHEL 5. This month we will try to delve deeper into it’s building blocks.

read more

Understanding SELinux, Part 2

Let’s explore SELinux modes, and learn a few commands that will help in understanding SELinux policies better.

read more

Understanding SELinux, Part 1

In this introductory article, our focus will be on SELinux Type Enforcement to give you a feel of SELinux.

read more