Configuring Multiple DIT in a Single server

Let's say if we have one domain called fireblade.com and we need to configure fireblade.net in the same server please follow the following steps.

Note: fireblade.com domain already exist and we are configuring the fireblade.net domian in addition and adding a OU called people OU.
My LDAP server's hostname is

master-ldap1.fireblade.com - 192.168.56.22

Open the configuration file and define the second domain

# vim /etc/openldap/slapd.conf 

add the below lines.

database       bdb
suffix         dc=fireblade,dc=net"
rootdn         "cn=Manager,dc=fireblade,dc=net"
rootpw         redhat

directory       /var/lib/ldap/firenix-net

index objectClass                       eq,pres
index ou,cn,mail,surname,givenname      eq,pres,sub
index uidNumber,gidNumber,loginShell    eq,pres
index uid,memberUid                     eq,pres,sub
index nisMapName,nisMapEntry            eq,pres,sub

Save and restart LDAP

# /etc/init.d/ldap restart

Create ldif called test.ldif

1. vim test.ldif

dn: dc=fireblade,dc=net
dc: fireblade
description: Example Network Operations
objectClass: dcObject
objectClass: organization
o: Firenix, Inc.

dn: ou=people, dc=fireblade,dc=net
ou: people
description: All people in organisation
objectClass: organizationalUnit

Add the ldif to the DATABASE

#  ldapadd -D "cn=Manager,dc=fireblade,dc=net" -W -x -f test.ldif

Now the server contains two domains fireblade.com and fireblade.net



Enjoy !!!

Openldap ACL Key word examples

0: o=suffix
   1: cn=Manager,o=suffix
   2: ou=people,o=suffix
   3: uid=kdz,ou=people,o=suffix
   4: cn=addresses,uid=kdz,ou=people,o=suffix
   5: uid=hyc,ou=people,o=suffix

Then:

   dn.base="ou=people,o=suffix" match 2;
   dn.one="ou=people,o=suffix" match 3, and 5;
   dn.subtree="ou=people,o=suffix" match 2, 3, 4, and 5; and
   dn.children="ou=people,o=suffix" match 3, 4, and 5.

OpenLDAP group ACL

In this scenario all the members in a particular group can update the Directory server data.



Create group called administrators add suresh as user under "dc=fireblade,dc=com" usingthe


following LDIF

dn: cn=administrators,dc=fireblade,dc=com
objectClass: groupOfNames
cn: administrators
member: cn=suresh,ou=People,dc=fireblade,dc=com

LDIF for suresh is given below

dn: cn=suresh,ou=People,dc=fireblade,dc=com
objectClass: posixAccount
objectClass: top
objectClass: person
cn: suresh
gidNumber: 3001
homeDirectory: /home/suresh
sn: suresh
uid: suresh
uidNumber: 3000
userPassword:: e1NIQX1QSFo4UWEreEt0b1VBWkR0Z3RzLzJURGk3Nk09

Open the openldap configuration file and add the following configuration

access to dn.children="dc=fireblade,dc=com"
       by self write
       by group.exact="cn=administrators,dc=fireblade,dc=com" write
       by * auth

Save and exit the configuration and restart the service.

/etc/init.d/ldap restart

Connect to LDAP as suresh and try to modify the filed. Now you can modify the fields.

Enjoy !!!!!

Openldap ACL Implimentation

Giving Permission to change password for the authenticated current user
 
By using this configuration only currently authenticated user can change the password themselves. He can't view or change the others passwords.

Open /etc/openldap/slapd.conf

# vim /etc/openldap/slapd.conf

After the line rootdn          "cn=Manager,dc=fireblade,dc=com" enter the below configurations.

access to attrs=userPassword
    by self write
    by * auth

access to *
      by * read

Save the configuration and restart the openldap

# /etc/init.d/openldap restart

Giving permission to the Manager to update the filed of his Employee

# vi /etc/openldap/slap.conf

After the line rootdn "cn=Manager,dc=fireblade,dc=com" enter the below configurations.

access to dn.exact="uid=sulthan,ou=People,dc=fireblade,dc=com"

   attrs=carLicense,homePhone,mobile,pager,telephoneNumber
   by self write
   by set="this/manager & user" write
   by * read

Save the configuration file and restart the ldap using th below command

# /etc/init.d/ldap restart

NOTE: Create user sulthan with objectClass: IntetOrgPerson and suresh as his manager using any of the LDAP client like Apache Directory Studio.

LDIF for both sulthan and suresh are given below.

dn: cn=sulthan,ou=People,dc=fireblade,dc=com
objectClass: posixAccount
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: sulthan
gidNumber: 20001
homeDirectory: /home/smunaver
sn: Sulthan Munaver
uid: sulthan
uidNumber: 20000
manager: uid=suresh,ou=People,dc=fireblade,dc=com
telephoneNumber: 666677777777
userPassword:: e1NIQX1QSFo4UWEreEt0b1VBWkR0Z3RzLzJURGk3Nk09

dn: cn=suresh,ou=People,dc=fireblade,dc=com
objectClass: posixAccount
objectClass: top
objectClass: person
cn: suresh
gidNumber: 3001
homeDirectory: /home/suresh
sn: suresh
uid: suresh
uidNumber: 3000
userPassword:: e1NIQX1QSFo4UWEreEt0b1VBWkR0Z3RzLzJURGk3Nk09

Suresh is the Manager for Sulthan and he can update the fields such as carLicense,homePhone,mobile,pager,telephoneNumber.

Enabling logging in Openldap

To enable logging in the Openldap follow the steps given below.

# vim /etc/openldap/slapd.conf

Add the below line

 loglevel 256

Save the file
Restart ldap

# service ldap restart

Open /etc/syslogd.conf

# vi /etc/syslogd.conf

Add the lone at the end of the file
local4.*   /var/log/openldap.log

Create a file in /var/log/openldap.log

# touch /var/log/openldap.log

Save the file
Restart Syslog

#service syslog restart

Enjoy !!!!!

Directory Server Components

1. Main process of Directory server is ns-slapd

2. Made up of a front end which handles network communication and extensible which contain basic server functions.

3. Database is Sleepycat Berkrly DB.

4. Redhat management console.

To start Management console

# centos-idm-console 

5. Redhat administration server which can handle start,stop,restart and view logfiles. 

6. Httpd.worker is the process.

Configuring SSL in LDAP server

Operating System used: Centos 6.3

Install Openldap by running the below command.

# yum install openldap-*

Copy slapd.conf file to the required location /etc/openldap

# cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf

Copy DB_CONFIG to the required location

# cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

Change the ownership by running the below command

# chown ldap.ldap /var/lib/ldap/DB_CONFIG

Open the the main LDAP configuration file and setup the Domain and Manager password.

# vim /etc/openldap/slapd.conf

database        bdb
suffix          "dc=fireblade,dc=com"
checkpoint      1024 15
rootdn          "cn=Manager,dc=fireblade,dc=com"

rootpw          redhat

Save the configuration file and start ldap. Now LDAP will start in normal mode the port 389.

# /etc/init.d/slapd restart

OPENLDAP with SSL

Open the configuration file and make the following changes below.

TLSCACertificatePath /etc/openldap/certs
TLSCertificateFile /etc/openldap/certs/slapdcert.pem
TLSCertificateKeyFile /etc/openldap/certs/slapdkey.pem

Go to /etc/openldap/certs and create the required certificates

# cd /etc/openldap/certs 

# openssl req -new -x509 -nodes -out /etc/openldap/certs/slapdcert.pem -keyout /etc/openldap/certs/slapdkey.pem -days 365

Fill the required details while certificate creation
Country Name (2 letter code) [XX]:IN State or Province Name (full name) []:Kerala Locality Name (eg, city) [Default City]:Cochin Organization Name (eg, company) [Default Company Ltd]:FIREBLADE Organizational Unit Name (eg, section) []:IT Common Name (eg, your name or your server's hostname) []:fireblade Email Address []:admin@fireblade.com

Start LDAPS by running the below command

# /etc/init.d/slapd restart

Confirm LDAP is running in the SSL mode by running the below command.

# netstat -ntlp | grep 636

Installing Centos Directory Server

 

Installing Centos-Directory-Server and initial login.

DNS should be properly configured

Add following file to /etc/yum.repos.d/

# vim CentOS-Testing.repo

[c5-testing]
name=CentOS-5 Testing 
baseurl=http://dev.centos.org/centos/$releasever/testing/$basearch/
enabled=0
gpgcheck=1
gpgkey=http://dev.centos.org/centos/RPM-GPG-KEY-CentOS-testing

Save the file and exit

Install the directory server using yum

# yum install centos-ds

Install Supported rpm

# yum install xorg-x11-xauth bitstream-vera-fonts dejavu-lgc-fonts urw-fonts

Setting up java

# mv /usr/bin/java /usr/bin/java_old

Download the latest vesrion of java to /opt from the Sun and install it

# cd /opt

# tar xvzf jdk-7u5-linux-i586.tar.gz

# vim /etc/profile and add the following lines 

JAVA_HOME=/opt/jdk1.7.0_05
export JAVA_HOME
PATH=PATH=$PATH:$HOME/bin:$JAVA_HOME/bin

save and exit the file

# source /etc/profile

Configure the directory server using the following command

#  setup-ds-admin.pl 

After configuration start the services

# /etc/init.d/dirsrv start 
# /etc/init.d/dirsrv-admin start

Open Directory server administration console

# centos-idm-console

Login with the following details in login prompt.

cn=Directory Manager
password=**********
Administration url=http://localhost:9830

If you wan to remove the initial configuration and reconfigure it Please do the below steps

Log files         /var/log/dirsrv/slapd-instance
Configuration files     /etc/dirsrv/slapd-instance
Instance directory     /usr/lib/dirsrv/slapd-instance
Database files         /var/lib/dirsrv/slapd-instance 

Enjoy !!!!!!

 

Using find in Linux

1. To find out all the Mp3 files in the system and to move /home/songs

# find / -name '*.mp3' -print -exec mv '{}' ~/songs \;

2. To print out all the Mp3 file names with odd charecters ( Doesn't matter whether upper or lower case)

# find . -name '*.mp3' -print0 | xargs -i -0 cp '{}' /back

3

Creating Swap file in the BSD

Creating a 512 MB file using below command.

# dd if=/dev/zero of=/swap1/swap0 bs=1024k count=512

# chmod 600 /swap1/swap0

Convert the file in to Swap usingthe belwo command

# mdconfig -a -t -t vnode -f /swap1/swap0 -u

# swapon /dev/md0

Check the swap availability using the below command

# swapinfo OR # top 

Make the setup persistent across the reboot add the below line to /et/rc.conf

swapfile="/swap1/swap0"

To turn off Swap

#swapoff /dev/md0

Storage Provisioning - BSD

FreeBSD Device Names

da - storage name begins with da is is SCSI|SATA|USB

ad - IDE mass storage

fla - flash

cd - SCSI|SATA cd-roms

acd - IDE cd roms 

fd - floppy

/var/run/demsg.boot contains log of detected hardware @ last boot.

# dmesg - this comment also give the same output.

I have added a 4 GB disk to the system and I am partitioning this as 4 GB pation and mounting this /storage

Steps involved:

1. # sysinstall

2. Select the option  >> 

3.This will lead us to the fdisk window and in fdisk window select  option. 

4.In the next screen select No boot loader option 

Save and quit
2. Re-enter sysinstall

a. configure
b.label
c. assign one or more label and mount point.
d. exit and check if the mount points suing # df -h and # cat /etc/fstab

Update /etc/fstab
/dev/ada1s1d /storage ufs rw 2 2

Checksum

Checksums are used for integrity check of contents.

2. Multiple types are there

a. md5 - 128 bit 
b. sha1 - 160 bit 
c. sha256 - 256 bit 

Locations of Checksum Binaries in BSD.

# which md5

 /sbin/md5

# which sha1
 
 /sbin/sha1

# which sha256

 /sbin/sha256

md5 waits on STDIN for input (use CTRL-D to terminate STDIn stream) - Generates a unique finger print.
Example.
vasanth aa8adc7e1fb2c83161357130a4281c1a
Checksum do not garantee that a man in the middle has not viewed your content. It simply means the content is intact.
Checksum strings do not vary with time. They are solely content-dependent.

b. sha1 - vasanth-  6a04ed4f77798a2e8661e44cc9746f329af953af

c. sha256 - vasanth - b932a819680211a67c15707c88ca2070c55093139c12dbacb34597f2d3c0467f

To generates unique fingerprint for the strings

# md5|sha1|sha256 -s "STRING"

Generating Fingerprint for the files.

# md5 filename

Create a file called check.txt and create finger print for the file.

# cat check.txt

This is fingerprint check file.

Run the following command to get the fingerprint using md5,sha1,sha256

# CFILE=check.txt ; md5 $CFILE && sha1 $CFILE && sha256 $CFILE

 MD5 (check.txt) = 1da283e6addeca541faff8d2c617dea4
 SHA1 (check.txt) = ab5a2ea17198ac8f17225bbfa4d7135e70deb744
 SHA256 (check.txt) = 3f6309880627d03d8941774456f865058f19db449f67f5165ec7a76f73a1375e

Checksums are only as goo as the security behind the provider of the content Generating the checksums and saving in file

# CFILE=check.txt ; md5 $CFILE >> $CFILE.sums && sha1 $CFILE >> $CFILE.sums && sha256 $CFILE >> $CFILE.sums

[root@basd1 ~]# cat check.txt.sums
MD5 (check.txt) = 1da283e6addeca541faff8d2c617dea4
SHA1 (check.txt) = ab5a2ea17198ac8f17225bbfa4d7135e70deb744
SHA256 (check.txt) = 3f6309880627d03d8941774456f865058f19db449f67f5165ec7a76f73a1375e

Publish sums file with source so that receiver can check the integrity of the source by checking the fingerprint.

Enjoy !!!

User Management in FreeBSD

These tools provide ability to manage the users across the system.
adduser is

# adduser 

Below are the steps involved when using adduser command in freeBSD.

Username: hemanth
Full name: Hemanth Murali
Uid (Leave empty for default):
Login group [hemanth]:
Login group is hemanth. Invite hemanth into other groups? []:
Login class [default]:
Shell (sh csh tcsh bash rbash nologin) [sh]: bash
Home directory [/home/hemanth]:
Home directory permissions (Leave empty for default):
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username   : hemanth
Password   : *****
Full Name  : Hemanth Murali
Uid        : 1002
Class      :
Groups     : hemanth
Home       : /home/hemanth
Home Mode  :
Shell      : /usr/local/bin/bash
Locked     : no
OK? (yes/no): yes
adduser: INFO: Successfully added (hemanth) to the user database.
Add another user? (yes/no): yes
Username:

IN BSD adduser script updates password in two files

1. /etc/password

2. /etc/master.password 

adduser script automatically copies the /usr/share/skel directory dot files to users home directory.
REMOVING A LOCAL USER

[root@basd1 ~]# rmuser
Please enter one or more usernames: hemanth
Matching password entry:

hemanth:*:1002:1002::0:0:Hemanth Murali:/home/hemanth:/usr/local/bin/bash

this the entry you wish to remove? yes
Remove user's home directory (/home/hemanth)? yes
Removing user (hemanth): mailspool home passwd.

-y option with rmuser will remove with taking yes for all the questions

# rmuser -y hemnath 

To update the user attributes.

#chpass -s /bin/csh vasanth

The above command will change the uer shell to csh.

FreBSD imposes no account linits regarding: expiration and mandatory password change.

To change users password

# passwd username 

To list the attributes of a user

# pw show user vasanth
 Output:
vasanth:*:1001:1001::0:0:Vasanth Muraleedharan:/home/vasanth:/usr/local/bin/bash

To change the shell of the user using pw

# pw mod user vasanth -s /bin/sh

pw command changes the following files - /etc/passwd,/etc/master.passwd,group

Enjoy !!!

Gnome/X-setup in FreeBSD

By default in freeBSD there is no GUI installed.
Installing X and Gnome

Check the location of pkg_add by the below command.

# whereis pkg_add 

Output should be

pkg_add: /usr/sbin/pkg_add /usr/share/man/man1/pkg_add.1.gz

To install the X environment enter the below command.

# pkg_add -r xorg

After installation check the location of xorg by running the below command

# whereis xorg

Output should be

xorg: /usr/ports/x11/xorg

Installing GNOME

Add the below lines in /etc/rc.conf
gnome_enable="YES"
Save the file


Make the following lines in /etc/rc.conf

hald_enable="YES"
dbus_enable="YES"

Add the following lines in /etc/fstab

proc          /proc   procfs rw 0 0

This line is must for the Gnome to work properly.


Generate xorg.conf file by running the below command
Login as root

# Xorg -configure

Now a file named xorg.conf.new will be generated in the /root directory. Copy the file in to xorg.conf

# cp xorg.conf.new to xorg.conf 

# cp xorg.conf /etc/X11

Now we can start X in FreeBSD

# startx

Add the below line to /etc/rc.conf

gdm_enable="YES"
gnome_enable="YES"

and save the file
Install Gnome2 by running the below command

#pkg_add -r gnome2

After installation reboot the machine. No you can login to the Graphical environment.

Enjoy !!

Changing Network to DHCP in BSD

open /etc/rc.conf

and change the the line starts with ifconfig_em0 to below

ifconfig_em0=" DHCP"

save and restart the network

# /etc/rc.d/netif restart
 

insmod: error inserting '/lib/dm-region-hash.ko': -1 File exists

insmod: error inserting '/lib/dm-region-hash.ko': -1 File exists

If you compile the latest kernel version on CentOS you may get this error message and kernel panic:

insmod: error inserting '/lib/dm-region-hash.ko': -1 File exists
mount: could not find filesystem '/dev/root'

What do you ?

1) Compile again the kernel but add the following variable in the .config file





     CONFIG_SYSFS_DEPRECATED_V2=y


2) Compile kerne again:
     make; make modules ; make modules_install ; make install


3) The command make install installs the new kernel on /boot, grub config file also is updated.


4) restart, you may get this error "insmod: error inserting '/lib/dm-region-hash.ko': -1 File exists" , don't worry about it, you may get this error because the kernel module dm-region-hash.ko is loaded two times.

To get Fastest apt-get repos in Debian

apt-get update
apt-get install apt-spy
apt-spy update
apt-spy -d unstable -s IN

Inactivity Time Out for Login shells

The following instructions were not practical for system which run Xwindows

To implement a 15-minute idle time-out for the default /bin/bash shell, create a new file tmout.sh in the directory /etc/profile.d with the following lines:

TMOUT=900
readonly TMOUT
export TMOUT

Run the following command to set time out as 15min

# set -r tmout 15

Find useful useful unix command

1. To find all the .conf file in / and copy it to /backup

# find . -name '*.conf' -print -exec cp '{}' ~/backup \;

No need to explain the options above except -print and exec.

-print - It is allways true and has a side effect of printing.

{} - This will replace the name of the file found.

\; - Means end of the line

---------------------------------------------------------------------------------------------------------

2. To find all the .txt files with odd characters( Contain upper and lowe case and numbers)

# find . -name '*.txt' -print0 | xargs -i -0 mv '{}' ~/backup

-print tell find to use null character insted of white space.

----------------------------------------------------------------------------------------------------------
3. To find all the files across the symbolic links

# find . -follow -name '*.txt' -print0 | xargs -i -0 mv '{}' ~/backup

-follow - This option help to find out the orgination of the symbolic links.

-----------------------------------------------------------------------------------------------------------

4. To find out all the.txt files case insensitively

# find . -follow -iname '*.txt' -print0 | xargs -i -0 mv '{}' ~/backup


------------------------------------------------------------------------------------------------------------

5. To find out file modified more than +90 days

# find . -name '*.txt' -mtime +90 -print


-mtime - Takes argument to specify the time frame.

--------------------------------------------------------------------------------------------------------------
6. To print out the files modified more than 7 days and less than 14 days


# find /home -mtime +7 -a -mtime -14 -print

---------------------------------------------------------------------------------------------------------------
7. To find the files with java extension

# find . -name '*java*' -print

----------------------------------------------------------------------------------------------------------------
8. To find the java files in all the directories in /

# find / -type d -name '*java*' -print

----------------------------------------------------------------------------------------------------------------
9. To find out all the block device files in /dev

# find /dev -type b -name '*' -print

----------------------------------------------------------------------------------------------------------------
10. To find out charecter special file in /dev

# find /dev -type c -name '*' -print

----------------------------------------------------------------------------------------------------------------
11. To find out all the directories in /

# find / -tyde d -name 'dev' -print

----------------------------------------------------------------------------------------------------------------
12. To find out the all the named pipes in dev directory

# find /dev -type p -name '*' -print

----------------------------------------------------------------------------------------------------------------
13. to find out all the symbolc link in /

# find / -type l -name '*' -print

----------------------------------------------------------------------------------------------------------------
14. To find all the files above 3MB

# find / +3000K -print

----------------------------------------------------------------------------------------------------------------
15. Finding Files By content

# grep -i vasanth /etc/passwd
(This can be used only when we have the vicinity of the file.)

----------------------------------------------------------------------------------------------------------------
16. To find the word vasanth from files inside /etc/

# find /etc -name '*' -exec grep -Hi vasanth '{}' \;

( Use of exec command:- When predicates are true upto that point it will execute the grep command for all the files.

'{}' is where the filename is put when executing the command
The \; indicates the end of the command
-H print if grep command find soomething

----------------------------------------------------------------------------------------------------------------



----------------------------------------------------------------------------------------------------------------
17. To find

SIMPLE SHELL SCRIPT TO BACKUP WHOLE MYSQL DATABASES AND KEEP ONLY TWO LATEST COPIES

#! /bin/bash
# Written by Vasanth.T.M, L2-Systems Engineer(*nix), Perfomix, Inc.


CKUPDATE=$(date +%d-%m-%Y)
BACKUPDIR=/mysqlbackup
DATABASES=$(mysql -u root -h localhost -pmysql -Bse 'show databases')


delete_old ()
{
echo Deleting old backup of backup of "$name"
name="$1"
find "$BACKUPDIR" -name "$name-*.sql.bz2" | sort | head -n -2 | xargs --no-run-if-empty rm -f
}

back ()
{
for GH in $DATABASES; do
echo "Creating mysql backup of $GH"
mysqldump -u root -pmysql $GH | bzip2 --compress --stdout > $BACKUPDIR/$GH-$CKUPDATE.sql.bz2
name=`basename $GH`
delete_old "$name"
done
}
back