|
|
| (One intermediate revision by the same user not shown) |
| Line 1: |
Line 1: |
| − | Notes on configuration of [[Armitage]].
| + | Delete |
| − | | |
| − | == LDAP Installation ==
| |
| − | Following along with the [[https://spacefed.net/wiki/index.php/Howto/Spacenet/Setup_LDAP SpaceFed]] instructions.
| |
| − | | |
| − | Worked well until step 4 (Add a samba domain Unix ID pool). Here the command to add the objects had to be:
| |
| − | sudo ldapadd -x -D cn=admin,dc=techinc,dc=nl -W -h localhost < id-pools.ldif
| |
| − | | |
| − | Added structural objects: ou=people,dc=techinc,dc=nl and ou=groups,dc=techinc,dc=nl
| |
| − | | |
| − | Added groups:
| |
| − | * cn=everybody,ou=groups,dc=techinc,dc=nl - all people/meatsacks (not machines, systems or automations) in the system.
| |
| − | * cn=members,ou=groups,dc=techinc,dc=nl - all members should be in this group
| |
| − | | |
| − | == Importer system ==
| |
| − | | |
| − | * Created dedicated non-login user "memberizer" that will run the member creation script.
| |
| − | * Set $HOME of memberizer to 0700 to prevent snooping.
| |
| − | * $ git clone https://github.com/chotee/memberizer.git
| |
| − | * Created a virtualenv in memberizer: $ virtualenv pyenv
| |
| − | * $ apt-get install python-dev libladp-dev libsasl-dev # (or it will complain about missing .h files in the next step)
| |
| − | * $ pyenv/bin/python setup.py develop # (could be "install" as well, but I expect to receive updates, so better to use the code in-place)
| |
| − | | |
| − | === Mail outbound ===
| |
| − | * Installed Debian package 'sendemail' to send email, but don't know what the techinc MTA is for sending.
| |
| − | | |
| − | === GPG ===
| |
| − | | |
| − | Created gpg keyring with memberizer@techinc.nl: 324B E31C F74F 3078 1EB9 AB22 F71A 39FF D2AB FD78
| |
| − | | |
| − | Imported keys of Chotee and Wizzup.
| |
| − | | |
| − | == Secondary products ==
| |
| − | | |
| − | === CA ===
| |
| − | | |
| − | Created a CA authority for signing the LDAP SSL certificates. No idea of Techinc already has something like this. Might need to regenerate the files if it turns out a CA already exists and is being used.
| |
| − | | |
| − | If not, we now have a CA to sign our stuff with.
| |
| − | | |
| − | | |
| − | [[Category:SpaceFED]]
| |
