If you want to use Keycloak as IdP for your SAML login you might wish to limit access to certain Service Providers (SPs) according to your LDAP group memberships. The way to do this is not very intuitive, so I’ll try to show an easy way to do this. What we’ll be doing: Step 1: […]
Author: Marcel
This short post is about how to run the open-webui docker container with an apache based reversed proxy (handling the SSL termination and authentication with mod-auth-mellon). In the following example the open-webui docker container is listening on localhost only, port 8009 (s. variable definition at the beginning of the apache2 config): In order to use […]
While playing around with Apache web server authentication I was wondering: Is it possible to authenticate Apache against LDAP without requiring a proxy account to do the queries? At first glance this seems to require an LDAP server that allows anonymous bind and read access, however there’s another way: If a regular user (of the […]
Today I changed some things regarding authentication in my local setup and (once again) was curious about enabling more services to user kerberos logins. And – as always – I ended up in an extensive debug session in order to make (some) things work. To spare some of you some of your precious time I’ll […]
I recently got a few NordVPN licenses, so I gave it a try. The GUI client on Linux seems extremely limited, so settings things up requires some good old shell commands. Basic installation/setup Documentation can be found here: At that point you’ll need to reboot in order to apply the new group membership (at least […]
Categories
3D-Printer: Bambu Lab A1
This is about the newest member of my geek collection: My new Bambu Lab A1 3D Printer. Cloud or LAN-only? First of all: The Bambu printer series seems to be quite cloud centric, there is however a LAN-only mode (with limited functionality and even less documentation). As I am planning to use the printer in […]
I’ve been running SAML based SSO using Simplesamlphp for some time now. While its PHP based approach is very flexible (and configuration is easy compared to Java-based Shibboleth) there are still quite some things you need to know to get started. Keycloak is an alternative that’s not as flexible to use (as far as I’ve […]
Categories
Filesystem speeds
The tests were done on a Quad-Core i5 system, using a 24 GB RAM disk (32 GB RAM total). System is Ubuntu 20.04 (x86_64). Basic test were done using fio with variations of this command: The different benchmark scenarios are these: Create filesystem on RAM disk, create big test file, run fio. And the same […]
Categories
sssd and Samba Active Directory
Ever wondered how to join an Linux PC to your Active Directory (or even better to your Samba relative)? That’s exactly what this article is about. But first of all some words about what components we need to involve: As a first step we need to install the required packages: First of all we need […]
Update 11.12.2021: Finally got a new test machine and started re-evaluating the current situation. The tests were done on a Quad-Core i5 system, using a 24 GB RAM disk (32 GB RAM total). System is Ubuntu 20.04 (x86_64). Basic test were done using fio with variations of this command: The different benchmark scenarios are these: […]