davrot/smime_unibremen_ldap_exchane_server
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
smime_unibremen_ldap_exchan.../README.md
davrot baf47c3bcc README.md aktualisiert
2025-01-07 22:23:39 +01:00

167 lines
7.1 KiB
Markdown
Raw Permalink Blame History

# Docker und Co Vorbereitungen
```
apt update
apt upgrade
apt install git pkg-config libssl-dev curl mc argon2 ca-certificates net-tools
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
apt install docker-compose
echo "{" > /etc/docker/daemon.json
echo ' "iptables": false' >> /etc/docker/daemon.json
echo "}" >> /etc/docker/daemon.json
systemctl restart docker
sed -i -e 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/g' /etc/default/ufw
ufw reload
iptables -t nat -A POSTROUTING ! -o docker0 -s 172.18.0.0/16 -j MASQUERADE
ufw allow in on docker0
ufw route allow in on docker0
ufw route allow out on docker0
docker run hello-world
ufw allow 443
ufw allow 80
ufw allow 22
ufw enable
# Add root to the /etc/aliases file and add the msmtprc file to /etc
apt -y install msmtp msmtp-mta mailutils
hostname keys.neuro.uni-bremen.de
cat /etc/hostname
echo "root: davrot@neuro.uni-bremen.de" > /etc/aliases
echo "defaults" > /etc/msmtprc
echo "tls on" >> /etc/msmtprc
echo "tls_starttls off" >> /etc/msmtprc
echo "tls_certcheck off" >> /etc/msmtprc
echo "tls_trust_file /etc/ssl/certs/ca-certificates.crt" >> /etc/msmtprc
echo "logfile /var/log/msmtp.log" >> /etc/msmtprc
echo "" >> /etc/msmtprc
echo "# University SMTP server" >> /etc/msmtprc
echo "account uni-bremen" >> /etc/msmtprc
echo "host smtp.uni-bremen.de" >> /etc/msmtprc
echo "port 465" >> /etc/msmtprc
echo "from overleaf@uni-bremen.de" >> /etc/msmtprc
echo "user overleaf" >> /etc/msmtprc
echo "password REDACTED" >> /etc/msmtprc
echo "set_from_header on" >> /etc/msmtprc
echo "auth on" >> /etc/msmtprc
echo "" >> /etc/msmtprc
echo "# Set a default account" >> /etc/msmtprc
echo "account default : uni-bremen" >> /etc/msmtprc
echo "" >> /etc/msmtprc
echo "aliases /etc/aliases" >> /etc/msmtprc
chmod 644 /etc/msmtprc
touch /var/log/msmtp.log
ln -s /usr/bin/msmtp /usr/sbin/sendmail
echo "Test message" | mail -s "Test subject" root
```
# Config and test ldap
```
# We need in /etc/ldap/ldap.conf
URI ldaps://keys.neuro.uni-bremen.de
BASE dc=smime,dc=uni-bremen,dc=de
URI ldaps://smime.neuro.uni-bremen.de
# TLS certificates (needed for GnuTLS)
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
TLS_REQCERT allow
# Locally:
ldapwhoami -D cn=admin -W
# Remote:
ldapwhoami -H ldaps://smime.neuro.uni-bremen.de:636 -D cn=admin -W
```
# Check
```
ldapsearch -x -H ldaps://smime.neuro.uni-bremen.de -b "ou=people,dc=smime,dc=uni-bremen,dc=de"
```
```
[...]
# davrot, people, smime.uni-bremen.de
dn: uid=davrot,ou=people,dc=smime,dc=uni-bremen,dc=de
objectClass: top
objectClass: person
objectClass: nsAccount
objectClass: nsOrgPerson
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: davrot
cn: David Rotermund
givenName: David
sn: Rotermund
mail: davrot@uni-bremen.de
userSMIMECertificate: c3ViamVjdD1DID0gREUsIFNUID0gQnJlbWVuLCBPID0gVW5pdmVyc2l0
XEMzXEE0dCBCcmVtZW4sIG9yZ2FuaXphdGlvbklkZW50aWZpZXIgPSAiR09WREUrSEIiLCBlbWFpb
EFkZHJlc3MgPSBkYXZyb3RAdW5pLWJyZW1lbi5kZSwgU04gPSBSb3Rlcm11bmQsIEdOID0gRGF2aW
QsIENOID0gRGF2aWQgUm90ZXJtdW5kDQppc3N1ZXI9QyA9IE5MLCBPID0gR0VBTlQgVmVyZW5pZ2l
uZywgQ04gPSBHRUFOVCBQZXJzb25hbCBDQSA0DQotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0N
Ck1JSUhOekNDQlIrZ0F3SUJBZ0lRWFhRTElvOVZhY3NaTUVCNFFhdWdVVEFOQmdrcWhraUc5dzBCQ
VF3RkFEQkcNCk1Rc3dDUVlEVlFRR0V3Sk9UREVaTUJjR0ExVUVDaE1RUjBWQlRsUWdWbVZ5Wlc1cF
oybHVaekVjTUJvR0ExVUUNCkF4TVRSMFZCVGxRZ1VHVnljMjl1WVd3Z1EwRWdOREFlRncweU5ERXh
Nall3TURBd01EQmFGdzB5TmpFeE1qWXkNCk16VTVOVGxhTUlHeU1Rc3dDUVlEVlFRR0V3SkVSVEVQ
TUEwR0ExVUVDQk1HUW5KbGJXVnVNUnd3R2dZRFZRUUsNCkRCTlZibWwyWlhKemFYVERwSFFnUW5Kb
GJXVnVNUkV3RHdZRFZRUmhFd2hIVDFaRVJTdElRakVqTUNFR0NTcUcNClNJYjNEUUVKQVJZVVpHRj
JjbTkwUUhWdWFTMWljbVZ0Wlc0dVpHVXhFakFRQmdOVkJBUVRDVkp2ZEdWeWJYVnUNClpERU9NQXd
HQTFVRUtoTUZSR0YyYVdReEdEQVdCZ05WQkFNVEQwUmhkbWxrSUZKdmRHVnliWFZ1WkRDQ0FpSXcN
CkRRWUpLb1pJaHZjTkFRRUJCUUFEZ2dJUEFEQ0NBZ29DZ2dJQkFJKzJ0V1hDWnQ1anNtQ1Fmd2tGM
HZTRzA2MWYNCllaRGltcVNFRnZUTjVNTzNkOFdIWkRJZThxNVZKWFJ5b1lxa2hCSG43YkFzTlVKNT
FNRjlmOFhIRk1VckhZdmsNClF2Tjl5OHd5NXo4c2xnOGZxZzJCOVo2M0NQMTVqOEpMTU1aVHFVTGZ
QWDdmajZwMTZWSGlMT29Cb1MzTFBLMWYNCmhVRnlNUTRDMzhCT0R2TXFHYzJ3Q05XRm1uczl6QXo1
U0V1Y3g3Vm44VGdvRldwRlVaUWVxdEFhd3oyQXVQdkgNCk1ZcFA3SGVQWHhiVDJNRVRDTnpvQmZYa
TV2Y3B4T2M0UUpVSFBNT0hwQ3Z5Sk1rVWJKZjR2RnBIS0VTQlRjWjENCnBSSG03TVAzR3NSb2c5el
VpS1kvRVFvNUF5SWlKN0ZkMFIxZVdGdmJRZTZCdm0wMEJTVTA4TTA0a0NYU284R0cNCnEyYnpDK0k
3cnVQb1dxNWY1ZW5OSHYxQW9JaGpBWXlva01oUDA4emxwSkxVekR4YTZhRkRvSUNnNWZKQkN3SS8N
ClhJbC92WmUyd1RKd0VtMHl0WTdhdlo2a2llWXY0R0xEemtUZy9xdWpySU9uMEdRMk5uQk1jNExFO
EdRYWIrL0QNCnFnenhrcFlYcGxNSzYxS3ZJbUFmSzhkREVhb1B2RUJXcFFSNUthd0Z1U0g3c1pEaW
lDQmlzSTlhMU1vM044eGMNCjh0L08wWURtdCtvRnh1K2ZLSlBzdVFJY2R2Q1N4cU1xS0k1bGNFaVo
rdWF5YkZjY2loZVdBK2FlT0d1ajc2T2wNCmNKVGxhU2lpd2tDNkNYam1pNGFYWnhlb1dBZkhsenhy
WEg1aVI2aHA2VFNoRThPUXVqdmM1TU5RQXYxRDdYU2cNCkpLRHJpSDRmR0VoOW9NVHJBZ01CQUFHa
mdnR3lNSUlCcmpBZkJnTlZIU01FR0RBV2dCUnBBS0hISVZqNDRNVWINCklMQUszYWRSdnhQWjVEQW
RCZ05WSFE0RUZnUVVUVmNKYmRseC9uKytZbGRPS0dIdzkwNkdwQWt3RGdZRFZSMFANCkFRSC9CQVF
EQWdXZ01Bd0dBMVVkRXdFQi93UUNNQUF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdRR0NDc0cN
CkFRVUZCd01DTUZBR0ExVWRJQVJKTUVjd09nWU1Ld1lCQkFHeU1RRUNBUW9FTUNvd0tBWUlLd1lCQ
lFVSEFnRVcNCkhHaDBkSEJ6T2k4dmMyVmpkR2xuYnk1amIyMHZVMDFKVFVWRFVGTXdDUVlIWjRFTU
FRVURBakJDQmdOVkhSOEUNCk96QTVNRGVnTmFBemhqRm9kSFJ3T2k4dlIwVkJUbFF1WTNKc0xuTmx
ZM1JwWjI4dVkyOXRMMGRGUVU1VVVHVnkNCmMyOXVZV3hEUVRRdVkzSnNNSGdHQ0NzR0FRVUZCd0VC
Qkd3d2FqQTlCZ2dyQmdFRkJRY3dBb1l4YUhSMGNEb3YNCkwwZEZRVTVVTG1OeWRDNXpaV04wYVdkd
kxtTnZiUzlIUlVGT1ZGQmxjbk52Ym1Gc1EwRTBMbU55ZERBcEJnZ3INCkJnRUZCUWN3QVlZZGFIUj
BjRG92TDBkRlFVNVVMbTlqYzNBdWMyVmpkR2xuYnk1amIyMHdId1lEVlIwUkJCZ3cNCkZvRVVaR0Y
yY205MFFIVnVhUzFpY21WdFpXNHVaR1V3RFFZSktvWklodmNOQVFFTUJRQURnZ0lCQURmTUFaajYN
Clk2SkNabjE1Y3lRaUhnQXo3bFpTa3JVcnF4b3F4aHBNRTFIbTJBOHlUU0tpd0JmZmFyZVhpTVRYR
FFvdXpPRE0NClpZYVRMdThWZ2Q0ZGdWZEtsSU5DbWxyTElPUHFVeUpQdkMyNnhiUGNlUVA4NkUrbU
ZIYTljRzZnd0pTLzR6UGUNCmp6V1VRbFo4eTVhdDNxU2R3TW1CRTNHRXRlLzJaWkZzcHdTS0JQWWc
rRjA3L0dBcHRKa3VWT2M2UFhwdlEzQlYNClN6TlR3bGRuQ1lNNEZhQmdCRWd5blNEdC8wbmpDQzk2
bEdGQVdhWlB2RkVtelRoaEhyeHd3ZWlDUmpuRDlpdi8NCjhXNWxubkQra1lTOWt5cXJaNzVWNERYV
0RZeks2azEwSmtWaW5rS1lWaGY1VDcvQnkyKzU4b2ZUZDZtcVhmWmsNCkZ2ME5HeTE0Ky8vZUY5Yl
YzTmF2TlA5OGVkY2FsTWJiTkIxZEhJWVV1TEJhbHgwV2xGWXdVV05uVU5Wb2JoZUsNClJQVUZZUE9
MNmYrOGZTQmJQVGRmT2t5SXpxeHhmZDIzN1NTS2h5d0ZURm9pY0Vha1lLRUtySGFKdHJmRGVTKzUN
ClZjVzJNNi9nM2psUysvSU40ZDRxVGNNcnJiVHBaRkorYnNualRSZjBjeHlUa3hOVmhJRmpMekd2S
G5WaGY1SXINCkw4MStqdVBOZkJ5SXptWWRTVmhHRG1TZDhpOWY3a3VWaDh2VS9Kc0tDbXlOdGNXQ3
V3OEdsR1QyVkhTYTkzVUQNCk1rM3pWTU5SOFlvazNXV0oxV3BuOWtCSjBjaDBEYWdadEVxNEpWZUE
5blYvL0ZYQlZHTzBtaFdvUGwwQ1lMbzANCmgwbWwyM1Q5VXYrdEZjQzM4MXRWRmNJOEdxVUNJUlBM
NllKcw0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==
[...]
```
Reference in a new issue View git blame Copy permalink