3 commits - Installation_Guide/en-US

Jeroen van Meeuwen vanmeeuwen at kolabsys.com
Sun Aug 5 16:42:39 CEST 2012


 Installation_Guide/en-US/Kolab_Server_Configuration.xml                                   |   18 +++
 Installation_Guide/en-US/sect-Repository_Configuration-Installation_with_RPM_Packages.xml |   53 ++++++++++
 2 files changed, 71 insertions(+)

New commits:
commit 3511f67c8c7b78e389089fe76129ce361a5074a6
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Sun Aug 5 15:42:26 2012 +0100

    Add verbiage on allowing anonymous binds

diff --git a/Installation_Guide/en-US/Kolab_Server_Configuration.xml b/Installation_Guide/en-US/Kolab_Server_Configuration.xml
index 824c1a9..f568919 100755
--- a/Installation_Guide/en-US/Kolab_Server_Configuration.xml
+++ b/Installation_Guide/en-US/Kolab_Server_Configuration.xml
@@ -114,6 +114,23 @@ PyKolab, visit http://www.kolabsys.com</screen>
         <para>
             When run against an existing configuration file that is not <filename>/etc/kolab/kolab.conf</filename> (but, for example, <filename>/etc/kolab/kolab-setup.conf</filename>), the setup process will take the existing configuration and set up a 389 Directory Server accordingly. This allows for greater flexibility in, among others, which root DN is used. You may discard the configuration file used for the setup afterwards, it contains no information of value other then for troubleshooting purposes, and it is not written to by the setup process.
         </para>
+        <section id="sect-Community_Installation_Guide-LDAP_Component-Allowing_Anonymous_Binds">
+            <title>Allowing Anonymous Binds</title>
+            <para>
+                By default, Kolab Groupware sets up the LDAP server so that no anonymous binds are allowed. This is a security consideration, aiding in preventing certain reconnaissance attack vectors.
+            </para>
+            <para>
+                This means by default, the LDAP server port(s) could be exposed to the Internet, meaning your "Road Warrior" users would be able to use the LDAP address book.
+            </para>
+            <para>
+                It prevents, however, the graphical 389 Directory Server console application from being used, as it binds anonymously first, to find the LDAP entry used to login with.
+            </para>
+            <para>
+                Should you need to use the graphical 389 directory server console, and you feel confident other security configuration is sufficient, you can allow anonymous binds from the get-go by specifying the <literal>--allow-anonymous</literal> command-line option to <command>setup-kolab</command>.
+            </para>
+
+        </section>
+
         <section id="sect-Community_Installation_Guide-LDAP_Component-Accounts_Created">
             <title>Accounts Created</title>
             <para>


commit 9ae576092f561974be7b47cb028fc311d7dc4b6c
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Sun Aug 5 15:05:37 2012 +0100

    Publican clean_ids does it again

diff --git a/Installation_Guide/en-US/Kolab_Server_Configuration.xml b/Installation_Guide/en-US/Kolab_Server_Configuration.xml
index 5685d9b..824c1a9 100755
--- a/Installation_Guide/en-US/Kolab_Server_Configuration.xml
+++ b/Installation_Guide/en-US/Kolab_Server_Configuration.xml
@@ -86,6 +86,7 @@ Options:
 
 PyKolab is a Kolab Systems product. For more information about Kolab or
 PyKolab, visit http://www.kolabsys.com</screen>
+
         </para>
 
     </section>


commit 2d27567f1d54db477730e2124316e6dfefa1c1a5
Author: Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen at kolabsys.com>
Date:   Sun Aug 5 15:05:07 2012 +0100

    Add verbiage on acceptable and unacceptable third party repositories that may be configured on the system

diff --git a/Installation_Guide/en-US/sect-Repository_Configuration-Installation_with_RPM_Packages.xml b/Installation_Guide/en-US/sect-Repository_Configuration-Installation_with_RPM_Packages.xml
index eed08ff..a07deae 100644
--- a/Installation_Guide/en-US/sect-Repository_Configuration-Installation_with_RPM_Packages.xml
+++ b/Installation_Guide/en-US/sect-Repository_Configuration-Installation_with_RPM_Packages.xml
@@ -247,6 +247,59 @@
 
     </section>
 
+    <section id="sect-Community_Installation_Guide-Installation_with_RPM_Packages-Configuration_Considerations_for_Additional_Repositories">
+        <title>Configuration Considerations for Additional Repositories</title>
+        <para>
+            Many additional third party software repositories exist, some of which provide packages also provided as part of the Red Hat Enterprise Linux or CentOS standard package repositories, the EPEL add-on repository Kolab Groupware requires, and/or the Kolab Groupware software repositories itself.
+        </para>
+        <para>
+            Acceptable third party add-on software repositories include:
+        </para>
+        <para>
+            <itemizedlist>
+                <listitem>
+                    <para>
+                        EPEL (required)
+                    </para>
+
+                </listitem>
+                <listitem>
+                    <para>
+                        RPM Fusion (optional)
+                    </para>
+
+                </listitem>
+
+            </itemizedlist>
+
+        </para>
+        <para>
+            Repositories that the system must not be using, include:
+        </para>
+        <para>
+            <itemizedlist>
+                <listitem>
+                    <para>
+                        RPM Forge
+                    </para>
+
+                </listitem>
+                <listitem>
+                    <para>
+                        Webmin
+                    </para>
+
+                </listitem>
+
+            </itemizedlist>
+
+        </para>
+        <para>
+            Should the repository you wish to use not be listed here, please consult the <ulink url="mailto:kolab-devel at kolab.org">Kolab Development mailing list</ulink>.
+        </para>
+
+    </section>
+
     <section id="sect-Community_Installation_Guide-Installation_with_RPM_Packages-CentOS">
         <title>CentOS</title>
         <para>





More information about the commits mailing list