I have been using Horde for quite some time as my Webmail solution. Unfortunately the Update from Horde 4 to Horde 5 always produced some issues on my system, so I decided to do a fresh install. My old Horde was a very simple Setup: It used the IMAP authentication of IMP to authenticate users against my Active Directory. While this certainly works, this time around I want to configure Horde to authenticate against my Active Directory directly. Additionally I wanted my to use my Active Directory as Global Address Book for Horde.
Now that OpenVPN was all set up, the only thing left to do was the Automation. The script that I created, takes care of the certificate/key creation of the users, the configuration customization, the configuration delivery, the Certificate Revoke List creation and configuration updates. Since this article is almost exclusively about one script, I will first loose few words about each of the main functions and post the entire script afterwards.
After I outlined the goals for my Project in the last Article, it is time to get to work. This Article will cover the installation and configuration of OpenVPN. I will also explain how chained certificates can be used with OpenVPN. If you follow the my steps, you will have functioning OpenVPN server at the end. My first step was to create a new KVM machine and install Debian Wheezy. I am going to skip the description and assume, that you already have a functioning Linux to install OpenVPN on.
With my new PKI and my Active Directory up and running it was finally time to integrate my OpenVPN into the infrastructure I build over the last couple of months. While I had an OpenVPN running for years now, it was not integrated into any central user database and relied entirely on password protected certificates to authenticate users.
For my new OpenVPN server I considered and tested the OpenVPN Access Server. That is the Commercial Project of OpenVPN, it has a very nice and easy web interface and it is very easy to integrate into Active Directory. I had a test VM set up and all tests went without a glitch. This is probably a very nice solution for most companies and the licensing fees are very reasonable. I was seriously considering to simply buy a couple of licenses and be done with it. In the end however there was some functionality that i missed in the web interface (or maybe have not found). Ultimately i decided to build my own solution since the paid version would not have saved me a whole lot of time.
When I set up my Active Directory, I wanted to migrate all services at home to authenticate against it. Now that I had the AD running and a few not so critical services used it, it was time finally migrate this one. I don’t have an Exchange-Server at home(nor do I want one) and my colleague who tested Openchange said it is not quite ready yet. So I will have to do without Exchange-extensions for the AD. I will still be able to do the basic management for my mail users in the AD, but I won’t be able to use any of the exchange extensions or tools for it. Continue reading Migrating Postfix and Dovecot from a MySQL User-Database to Active Directory