parent
d870b63019
commit
55ecdb1bf6
6 changed files with 16 additions and 15 deletions
docs/space/srv-acraze
|
|
@ -1,7 +1,7 @@
|
|||
# About
|
||||
|
||||
This file contains the documentation of the it-sydikat ldap server at
|
||||
ldap.it-syndikat.org/blacksunempire.srv.it-syndikat.org, residing on acraze
|
||||
`ldap.it-syndikat.org`/`blacksunempire.srv.it-syndikat.org`, residing on acraze
|
||||
|
||||
# Maintainers
|
||||
|
||||
|
|
@ -68,7 +68,7 @@ User accounts are required to fullfill the following objectClasses:
|
|||
- posixAccount: Specifies that accounts may login on unix machines.
|
||||
- shadowAccount: Enables account to be used for PAM authentication.
|
||||
- organizationalPerson: Enables account to be used as member of organizatzion.
|
||||
- inetOrgPerson: Modernized organizationalPerson (RFC2798)
|
||||
- inetOrgPerson: Modernized organizationalPerson ([RFC2798](https://datatracker.ietf.org/doc/html/rfc2789))
|
||||
|
||||
uidNumbers are to be set incrementally and not re-used if someone is deleted
|
||||
from the ldap services database. gidNumbers are to be set equal to the
|
||||
|
|
@ -76,7 +76,8 @@ uidNumber.
|
|||
|
||||
## Password storage
|
||||
|
||||
According to RFC4519, passwords must be stored clear-text (which is was MS-AD
|
||||
According to [RFC4519](https://datatracker.ietf.org/doc/html/rfc4519),
|
||||
passwords must be stored clear-text (which is was MS-AD
|
||||
does) to provide functionality like Digest-auths and Radius servers. We
|
||||
store passwords as hashes, which is a direct violation of the RFC, but the most
|
||||
sane setup for a ldap server in the 2020s.
|
||||
|
|
@ -156,7 +157,7 @@ server. But in case we ever get one again, this is how one would have set it up.
|
|||
Secondary and primary ldap server synchronize via pulling from the secondary
|
||||
ldap server. It doesn't matter onto which server which action is performed,
|
||||
everything will be 2-way synced and merged. Primary has a user
|
||||
cn=replicator,dc=it-syndikat,dc=org which is:
|
||||
`cn=replicator,dc=it-syndikat,dc=org` which is:
|
||||
|
||||
```LDIF
|
||||
dn: cn=replicator,dc=it-syndikat,dc=org
|
||||
|
|
|
|||
|
|
@ -25,16 +25,16 @@ IP-Reputation for the space local networks.
|
|||
|
||||
For web-access of your avccounts, a roundcube webmail service is available
|
||||
at <https://webmail.it-syndikat.org/>, which is provisioned on
|
||||
droptek.srv.it-syndikat.org. To update it, download a new tarball from
|
||||
`droptek.srv.it-syndikat.org`. To update it, download a new tarball from
|
||||
[their website](https://roundcube.net/download/) and extract it over
|
||||
/var/www/roundcube. Don't forget to backup the config beforehand.
|
||||
`/var/www/roundcube`. Don't forget to backup the config beforehand.
|
||||
|
||||
### Postfix
|
||||
|
||||
Inbound, postfix gets mail from the haproxy instance runnning on
|
||||
srv.srv.it-syndikat.org (the ITS directed wireguard interface on
|
||||
srv.hc.it-syndikat.org). Outbound, it relays mail via postfix on
|
||||
srv.srv.it-syndikat.org which handles final delivery.
|
||||
`srv.srv.it-syndikat.org` (the ITS directed wireguard interface on
|
||||
`srv.hc.it-syndikat.org`). Outbound, it relays mail via postfix on
|
||||
`srv.srv.it-syndikat.org` which handles final delivery.
|
||||
Mail is being relayed for either the servers net or after ldap auth.
|
||||
Delivered mail is stored in `/var/vmail` and is owned by the given ldap user.
|
||||
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# About
|
||||
|
||||
The system is running as nero.srv.it-syndikat.org. The system may be reached as
|
||||
`vaultwarden.it-syndikat.org` or `vaultwarden.itsyndikat.org`.
|
||||
The system is running as `nero.srv.it-syndikat.org`. The system may be reached as
|
||||
<https://vaultwarden.it-syndikat.org> or <https://vaultwarden.itsyndikat.org>.
|
||||
|
||||
# Maintainers
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
# About
|
||||
|
||||
droptek.srv.it-syndikat.org is a web server serving general websites using php
|
||||
`droptek.srv.it-syndikat.org` is a web server serving general websites using php
|
||||
or statically generated sites. This webserver does not server the main
|
||||
it-syndikat site, which is located on web.srv.it-syndikat.org for legacy
|
||||
it-syndikat site, which is located on [`web.srv.it-syndikat.org`](web-its.md) for legacy
|
||||
reasons.
|
||||
|
||||
# Maintainers
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# About
|
||||
|
||||
web.srv.it-syndikat.org is a web server running the main it-syndikat website.
|
||||
`web.srv.it-syndikat.org` is a web server running the main <https://it-syndikat.org> website.
|
||||
This vm was migrated from the decomissioned parabox hypervisor and also acts as
|
||||
a database server for that site.
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# About
|
||||
|
||||
Ths system as crossfaith.srv.it-syndikat.org is currently hosting the ITS zabbix
|
||||
Ths system as `crossfaith.srv.it-syndikat.org` is currently hosting the ITS zabbix
|
||||
server. The system comes with its own postgresql server (to avoid needing the
|
||||
database it is meant to monitor) and uses an apache2.
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue