Appendix

Appendix
- ➟ DNS
  - ➟ Preliminaries

dig (domain information groper)
nslookup

> dig learn.mi.hdm-stuttgart.de

; <<>> DiG 9.16.1-Ubuntu <<>> learn.mi.hdm-stuttgart.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63891
...
;; ANSWER SECTION:
learn.mi.hdm-stuttgart.de. 6593	IN	A	141.62.64.28

;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) ...

> dig +noall +answer www.hdm-stuttgart.de
www.hdm-stuttgart.de.	3600	IN	A	141.62.1.53
www.hdm-stuttgart.de.	3600	IN	A	141.62.1.59

Record	Explanation
A	IPV4 Host address
AAAA	IPv6 host address
ALIAS	Auto resolved alias
CNAME	Canonical name for an alias
MX	Mail eXchange
NS	Name Server
PTR	Pointer
SOA	Start Of Authority
SRV	location of service
TXT	Descriptive text

dig +noall +answer -t NS hdm-stuttgart.de
hdm-stuttgart.de.	3600	IN	NS	iz-net-4.hdm-stuttgart.de.
hdm-stuttgart.de.	3600	IN	NS	dns3.belwue.de.
hdm-stuttgart.de.	3600	IN	NS	iz-net-3.hdm-stuttgart.de.
hdm-stuttgart.de.	3600	IN	NS	dns1.belwue.de.
hdm-stuttgart.de.	3600	IN	NS	iz-net-2.hdm-stuttgart.de.

Appendix
- ➟ LDAP

Exercises are based on the OpenLDAP server implementation.

Related material at http://www.openldap.org.

Lightweight Directory Access Protocol
Vendor independent
IETF standard:

Clients interact with servers using a directory access protocol

Command

Result

ldapsearch \
  -h localhost ❶ \
  -D "cn=admin,dc=betrayer,dc=com" ❷\
  -w password -x ❸\
  -b "dc=betrayer,dc=com" ❹\
  -s sub ❺ \
  -LLL ❻

dn: dc=betrayer,dc=com ❶
objectClass: top
objectClass: dcObject
objectClass: organization
o: Betrayers heaven ❷
dc: betrayer 

dn: cn=admin,dc=betrayer,dc=com ❸
objectClass: simpleSecurityObject
objectClass: organizationalRole
cn: admin ❹
description: LDAP administrator
userPassword:: e1NT...dE53N1E= ❺

dn: uid=clark,ou=finance,dc=betrayer,dc=de ❶
cn: Sandy Clark
homeDirectory: /home/clark
sn: Clark
uid: clark ❷
uidNumber: 21101
givenName: Sandy
loginShell: /bin/bash
mail: clark@betrayer.com ❸
mail: finance@betrayer.com
postOfficeBox: 10G
userPassword: {SSHA}noneOfYourBusiness

Structuring LDAP entry data.
Categories:
- Structural
- Auxiliary
- Abstract

Abstract classes:

To be extended by other classes

Structural classes:

Each entry requires exactly one.
Specify the “main” type of object.
Must not inherit from auxiliary classes.

Auxiliary classes:

Provide non-conflicting supplementary information.
Think of (Java™) interfaces.
Must not inherit from structural classes.

Class                       |   Instance uid=clark,ou=finance,dc=betrayer,dc=de
----------------------------+---------------------------------------------------
inetOrgPerson (structural)  |                   
   sn                       |    sn: Clark
   cn                       |    cn: Sandy Clark
  ...                       |     ▲
                            |     ┃
posixAccount (auxiliary)    |     ┃
  cn                        |   see above ❶
  gidNumber                 |   gidNumber: 23113
  homeDirectory             |   homeDirectory: /home/clark
  uid                       |   uid: clark
  uidNumber                 |   uidNumber: 21101
  userPassword              |   userPassword: {SSHA}noneOfYourBusiness
                          .....

RFC 4520 defines three LDAP search scopes:

baseObject (base)
singleLevel (one)
wholeSubtree (sub)

RFC 4520 defines predicate based queries using RPN style:

(| (cn=k*) (uidNumber < 2000))

Anonymous bind: No user credentials.

Note: This typically provides limited privileges.

Simple bind: User's DN + password:

DN: uid=clark,ou=finance,dc=betrayer,dc=de
password: 123456789

Ldap Data Interchange Format.
Importing and exporting LDAP Data.
Modifying existing entries (CRUD operations).
Pure ASCII.

dn: uid=clark,ou=finance,dc=betrayer,dc=de
objectClass: posixAccount
objectClass: inetOrgPerson
cn: Sandy Clark
homeDirectory: /home/clark
sn: Clark
uid: clark 
uidNumber: 21101
givenName: Sandy
loginShell: /bin/bash
mail: clark@betrayer.com 
mail: finance@betrayer.com
postOfficeBox: 10G
userPassword: {SSHA}noneOfYourBusiness

Appendix
- ➟ LDAP
  - ➟ Exercises
    - ➟ Populating your DIT.

Appendix
- ➟ Apache web server
  - ➟ Preliminaries

Apache HTTP Server Version 2.4 Documentation

Tip

Whenever searching for Apache related documentation always include “2.4” in your query: Configuration file syntax changed considerably with respect to Apache version 2.2.

One physical host system
Serving multiple sites e.g.:
- https://www.foo.org
- https://www.second.org

Port based virtual hosting
IP based virtual hosting
Name based virtual hosting

Typically using Server Name Indication (SNI)

Host system: One IP per site to serve
Pro: TLS handshake without SNI.

Supporting older clients.
Downside:
- IP address waste
- Host system NIC configuration required

Host system: Common IP address
Pro
- No IP address waste
- No Host system NIC configuration required
Cons: Excluding older non SNI supporting clients.

(Internet Explorer on Windows XP, Android below V. 2.3)
SNI allows for eavesdropping requested site's name.

Appendix
- ➟ File cloud

Centralized remote file storage.
Proprietary protocols.
File Up- and Download.

Multi client synchronization.
Network file system support.
Ubiquitous access.

Integrated backup.
Versioning.
Sharing on user / group level.
Secure access, Encryption

Consistent availability.
Federation support.

Local hardware does not scale:
- Systems interoperability
Storage as a service
Economy of scale: Cheap hardware, distributed system

Google Drive
Dropbox
OneDrive
iCloud Drive

Box
Amazon Cloud Drive

Open source (PHP)
Sync clients
End-to-end encryption support
Full text search

Plugin extendability
- CardDav
- CalDav
LDAP support

Appendix
- ➟ Docker
  - ➟ Introduction

Repository hosting publicly available Docker images:

https://hub.docker.com/explore

Appendix
- ➟ Docker
  - ➟ Introduction
    - ➟ Managing images

> docker search nextcloud
NAME                       DESCRIPTION      STARS  OFFICIAL   AUTOMATED
nextcloud                  A safe home …    424    [OK]
linuxserver/nextcloud      A Nextcloud …    56
greyltc/nextcloud          Nextcloud: …     34                [OK]
wonderfall/nextcloud       All-in-one …     27                [OK]
rootlogin/nextcloud        Nextcloud …      17                [OK]
lsioarmhf/nextcloud        ARMHF based …    8
ownyourbits/nextcloudpi    NextCloud ARM …  7
...

> docker image pull alpine
Using default tag: latest
latest: Pulling from library/alpine
ff3a5c916c92: Pull complete
Digest: sha256:7df6db5aa61ae9480f52f0b3a06a140ab98d427f86d8d5de0bedab9b8df6b1c0
Status: Downloaded newer image for alpine:latest

> docker image pull wonderfall/nextcloud ❶
Using default tag: latest ❷
latest: Pulling from wonderfall/nextcloud
ff3a5c916c92: Already exists ❸
a542d4c3cffb: Pull complete ❹
83001cc0bea0: Pull complete
41a33c66b2c1: Pull complete
a70bf67726f3: Pull complete
fea90b3d29ac: Pull complete
Digest: sha256:472c5c7...2ca20cca45 ❺
Status: Downloaded newer image for wonderfall/nextcloud:latest

> docker image inspect dac77467ddcc
[
    {
        "Id": "sha256:dac77467ddccc2287d99558245bd34707...",
        "RepoTags": [
            "nextcloud:13.0.4"
        ],
        "RepoDigests": [
            "nextcloud@sha256:fb3e77f19b21364925e8f02..."
        ],
 ...

> curl 'https://registry.hub.docker.com/v2/repositories/library/nextcloud/tags/'|\
      jq '."results"[]["name"]'  # requires «aptitude install curl jq»
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 11856    0 11856    0     0  11856      0 --:--:-- --:--:-- --:--:-- 20371
"fpm"
"production"
"stable"
"latest"
"13"
"13.0"
"13.0.2"
"production-apache"
"stable-apache"
"apache"

> docker image pull nextcloud:13.0.4
13.0.4: Pulling from library/nextcloud
3d77ce4481b1: Pull complete
32bfdb6043a8: Pull complete
028453741593: Pull complete
f93d7bd342a3: Pull complete
4a2fac611953: Pull complete
87fdfc7d0f94: Pull complete
Digest: sha256:fb3e77f19b21364925e8f02d6e5ad3a1 ...
Status: Downloaded newer image for nextcloud:13.0.4

> docker image ls
REPOSITORY            TAG      IMAGE ID       CREATED        SIZE
nextcloud             13.0.4   dac77467ddcc   3 days ago     544MB
wonderfall/nextcloud  latest   57e1fb51b334   2 months ago   328MB
alpine                latest   3fd9065eaf02   4 months ago   4.15MB

> docker image pull nextcloud
Using default tag: latest
latest: Pulling from library/nextcloud ❶
Digest: sha256:fb3e77f19b21364925e8f02d6e5ad3a1 ... ❷
Status: Downloaded newer image for nextcloud:latest

> docker image ls 
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nextcloud           13.0.4              dac77467ddcc        4 days ago          544MB
nextcloud           latest              dac77467ddcc        4 days ago          544MB
...

<dependency>
  <groupId>junit</groupId>           <!-- wonderfall -->
  <artifactId>junit</artifactId>     <!-- nextcloud -->
  <version>4.12</version>            <!-- 13.0.4 -->
</dependency>

> docker image rm nextcloud:latest
Untagged: nextcloud:latest

> docker image ls
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
nextcloud           13.0.4              dac77467ddcc        4 days ago          544MB
...

> docker image rm nextcloud:13.0.2
Untagged: nextcloud:latest
Untagged: nextcloud@sha256:c693921e69cb89cd0bee7c014280159df647e5ba87f54c895650156d973df035
Deleted: sha256:10ae267ddcf25bfe5cc059685d3d005bcfe7229b44c3a6f93e0a07795d33b5b2
Deleted: sha256:1c271f4f2f19a222cd116c771b02294c5dd596fa8a0366559061f83a0de8de3f
...
Deleted: sha256:2c833f307fd8f18a378b71d3c43c575fabdb88955a2198662938ac2a08a99928

Appendix
- ➟ Docker
  - ➟ Introduction
    - ➟ Running container

> docker run -d -p 8080:80 --name nc13 nextcloud
517e3dba488763eb615f2c68d417e1b7fb3a9ce5bb4a5ffc346dcb86c00d13d2

> docker ps -a  # show stopped containers as well
CONTAINER ID  IMAGE      COMMAND                ... PORTS                 NAMES
517e3dba4887  nextcloud  "/entrypoint.sh apac…" ... 0.0.0.0:8080->80/tcp  nc13

> docker exec -it nextcloud_db_1 /bin/bash
# ls -al
total 84
drwxr-xr-x   1 root root 4096 Jun 20 09:28 .
drwxr-xr-x   1 root root 4096 Jun 20 09:28 ..
-rwxr-xr-x   1 root root    0 Jun 20 09:28 .dockerenv
drwxr-xr-x   1 root root 4096 May 25 20:20 bin
drwxr-xr-x   2 root root 4096 Nov 19  2017 boot
drwxr-xr-x   5 root root  340 Jun 20 09:28 dev
drwxr-xr-x   2 root root 4096 Apr 30 15:37 docker-entrypoint-initdb.d
lrwxrwxrwx   1 root root   34 May 25 20:20 docker-entrypoint.sh -> usr/local/bin/docker-entrypoint.sh
...

> docker rm nc13
nc13

> docker ps -a
CONTAINER ID   IMAGE       COMMAND             CREATED      STATUS                   ... NAMES

Appendix
- ➟ Docker
  - ➟ Introduction
    - ➟ Volumes

> docker volume ls
DRIVER              VOLUME NAME
local               nextcloud_db
local               nextcloud_nextcloud

# ls -al /var/lib/docker/volumes
total 40
drwx------  4 root root  4096 Jun 20 11:13 .
drwx--x--x 14 root root  4096 Jun 20 09:40 ..
-rw-------  1 root root 32768 Jun 20 11:13 metadata.db
drwxr-xr-x  3 root root  4096 Jun 20 11:13 nextcloud_db
drwxr-xr-x  3 root root  4096 Jun 20 11:13 nextcloud_nextcloud

> docker volume ls -f dangling=true
DRIVER              VOLUME NAME
local               nextcloud_db
local               nextcloud_nextcloud

> docker volume rm nextcloud_db nextcloud_nextcloud
nextcloud_db
nextcloud_nextcloud

Overview

Documentation links

DNS query commands

DNS forward lookup

Display A-record result only

Important record types

Name Servers: Query type NS

Overview

Recommended readings

Openldap server documentation

What is LDAP anyway?

LDAP Server cli bind

Document Information Tree (DIT)

Document Information Tree (DIT)

Document Information Tree (DIT)

Document Information Tree (DIT)

Document Information Tree (DIT)

Document Information Tree (DIT)

Document Information Tree (DIT)

Document Information Tree (DIT)

Document Information Tree (DIT)

Relative and absolute DNs

Relative and absolute DNs

Relative and absolute DNs

Relative and absolute DNs

Relative and absolute DNs

Relative and absolute DNs

User example

objectClass

objectClass clarifications

Augmenting inetOrgPerson by posixAccount

Structural objectClass definitions

Structural objectClass definitions

Structural objectClass definitions

Structural objectClass definitions

Structural objectClass definitions

Structural objectClass definitions

Search scopes

Predicate based queries

LDAP bind types

LDIF exchange format

LDIF sample

OpenLdap server architecture

OpenLdap server architecture

OpenLdap server architecture

OpenLdap server architecture

Overview

An example LDAP Tree

Overview

External documentation

URI to filesystem mapping

URI to filesystem mapping

URI to filesystem mapping

URI to filesystem mapping

URI to filesystem mapping

Virtual hosting

Implementing virtual hosting

IP based virtual hosting

IP based virtual hosting

IP based virtual hosting

IP based virtual hosting

IP based virtual hosting

IP based virtual hosting

IP based virtual hosting

IP based virtual hosting

IP based, pros / cons

Name based virtual hosting

Name based virtual hosting

Name based virtual hosting

Name based virtual hosting

Name based virtual hosting

Name based virtual hosting

Name based virtual hosting

Name based virtual hosting

Name based, pros / cons

LDAP backed authentication

LDAP backed authentication

LDAP backed authentication

LDAP backed authentication

LDAP backed authentication

Name Servers: Query type `NS`

Augmenting `inetOrgPerson` by `posixAccount`