[ClearOS_6] Make ldap service listen to all IP

In ClearOS We can set Ldap service listen to all interface by setting Publish Policy option to All Networks, but maybe for security concern the service was not for ldap but ldaps (SSL ldap protocol) which listen in port 636.

Because there is an application that will be using ClearOS ldap as authentication backend cannot using ldaps (as it’s been hardcoded from  vendor) so we need to force ldap (port 389) service to listen in all IP.

So here’s the steps.

  • Edit init service for slapd
vi /etc/init.d/slapd
  • Go to line number 72 then add following lines.
for ip in $AUTOMAGIC_LANIPS; do
      harg="$harg ldap://$ip"
done
  • Save and exit, then restart slapd service to apply the changes
service slapd restart
  • Make sure the modified file will not replaced if there is update for package openldap-servers (do as your own risk)
vi /etc/yum.conf
  • Under section [main] add following line
exclude=openldap-servers
  • make sure ldap service port are listening to all available IP.
netstat -tnap | grep LISTEN | grep 389

 

Advertisements

[ZIMBRA] Prevent User Customizing “FROM” header

Background

Some of our Zimbra customers are complaining for authenticated user can customizing FROM header which can lead to fraud email. this issue can be reproduce by using thunderbird once compose an email as following picture.

customize_from_header.png

or by using this script, change variables username, password, fake_from and to_addr based on your environment.

Solution

I created customized milter engine using python milter library for my workaroud with following features:

Continue reading “[ZIMBRA] Prevent User Customizing “FROM” header”

Using HTTPS on CherryPY

Here’s CherryPY app configuration for using HTTPS:


cherrypy.config.update({
  'server.ssl_module': 'builtin',
  'server.ssl_certificate': '/opt/myapp/conf/cert/cert.crt',
  'server.ssl_private_key': '/opt/myapp/conf/cert/cert.key',
})

for ssl module module you can use builtin or pyopensll (by installing pyOpenSSL module). Use this command if you want create self sign certificate.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout cert.key -out cert.crt

Dump & Restore MongoDB With Specified Collection and DB

For example i have collection with name logs and db postfix, the output for dumped DB will be located to /tmp/backupmong


mongodump --out /tmp/backupmong/ --collection logs --db postfix

The command above will generating 2 files .bson and .metadata.json

Here’s the command for restoring the database (collection) by using .bson file.


mongorestore /tmp/backupmong/postfix/logs.bson -d anotherdb -c anotercol

[Zimbra] Sender Restriction to Distribution List

Distribution list in Zimbra is a mail grouping that makes broadcast mail much easier, but in some corporation there is restriction for limiting only for such user that can send mail to distribution list. If you are using zimbra Network Edition you may just using Zimbra Admin Console but CLI still best friend for those who using OSE 🙂 .

Grant user access for account omar@mymail.ok to send to such distribution list

zmprov grr dl distme@mymail.ok usr admin@mymail.ok sendToDistList

Revoking user access.

zmprov rvr dl distme@mymail.ok usr omar@jmymail.ok sendToDistList

Get access list (grants) to distribution list called distme@mymail.ok

zmprov gg -t dl distme@mymail.ok

Note:

  • You must activate Zimbra Milter Service for using this service.
  • i just using grantee-type usr (user) in this example, you may change to another grantee-type if you want to (grp, egp, all, dom, edom, gst, key, pub, email).
  • In every time the rights is changed you must reload mta service by run command zmmtact reload

[Django] Exception AppRegistryNotReady

I Just migrate all projects application into Django version 1.8, all  django apps are migrated smoothly but there is an error in simple my script that using Django ORM (used for background tasks).


...

django.core.exceptions.AppRegistryNotReady: Models aren't loaded yet.


 

After some searching in google this page helped me. so i just add these line of code on top of my django script.


import django
django.setup()