Your SlideShare is downloading. ×
Enable ldap and ssl for apache and log stash
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Enable ldap and ssl for apache and log stash

320
views

Published on

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
320
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Enable LDAP and SSL for Apache for Logstash Author : Kanwar Batra Enable Apache SSL by compiling Apache with the required Apache and SSL module as mentioned below. These mods will be added to the final gold copy maintained by Patrick. Pre-Req to build apache.     Download Apache from an Apache mirror site Unzip the downloaded source Install the required pre-requisite libraries required to compile apache. Install the epel yum repo as below rpm -ivh http://fedora.mirror.nexicom.net/epel/6Server/x86_64/epel-release-68.noarch.rpm Build Apache for Logstash      By default apache binaries is built in /usr/local/apache2 ( you can change this location by specifying the destination directory in the configure command cd <Download Apache Location>/ ./configure --enable-layout=RedHat --with-apr=../apr-1.4.8 --with-apr-util=../aprutil-1.5.2 --with-ldap --enable-ldap --enable-authnz-ldap --enable-ssl --enable-so make make install Enable LDAP changes in conf/httpd.conf LoadModule authn_core_module lib64/httpd/modules/mod_authn_core.so LoadModule authz_host_module lib64/httpd/modules/mod_authz_host.so LoadModule authz_groupfile_module lib64/httpd/modules/mod_authz_groupfile.so LoadModule authz_user_module lib64/httpd/modules/mod_authz_user.so LoadModule authz_dbm_module lib64/httpd/modules/mod_authz_dbm.so LoadModule authz_owner_module lib64/httpd/modules/mod_authz_owner.so LoadModule authz_dbd_module lib64/httpd/modules/mod_authz_dbd.so LoadModule authz_core_module lib64/httpd/modules/mod_authz_core.so LoadModule authnz_ldap_module lib64/httpd/modules/mod_authnz_ldap.so
  • 2. LoadModule access_compat_module lib64/httpd/modules/mod_access_compat.so LoadModule auth_basic_module lib64/httpd/modules/mod_auth_basic.so LoadModule ldap_module lib64/httpd/modules/mod_ldap.so changes in conf.d/kibana3.conf Below the <Directory> Tags as shown in attached file for Kibana3.conf <Location /> AuthType Basic AuthName "USE YOUR LDAP AD ACCOUNT" AuthLDAPURL "ldap://<yourldaphost>:389/ou=NewUsers,dc=dev,dc=ksoftcloud,dc=com?sAM AccountName?sub?(objectClass=*)" NONE AuthBasicProvider ldap AuthLDAPBindDN "<create apache account in Ldap and usePrincipalName>" AuthLDAPBindPassword "<yourpwd>" require ldap-attribute objectClass=user </Location> Enable SSL in Apache Generate the Self Signed SSL Keys openssl genrsa -des3 -out server.key 1024 openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt changes in httpd.conf LoadModule socache_shmcb_module lib64/httpd/modules/mod_socache_shmcb.so LoadModule ssl_module lib64/httpd/modules/mod_ssl.so Listen 80 Listen 443
  • 3. IncludeOptional /usr/local/apache2/conf.d/*.conf TraceEnable off RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] changes in kibana3.con SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 <VirtualHost *:443> SSLEngine on SSLCertificateFile "/etc/httpd/conf/server.crt" SSLCertificateKeyFile "/etc/httpd/conf/server.key" Disclaimer This document is based on my experience in setting up ldap for a customer . The document is shared for anyone looking for answers to configuring their environment with Apache LDAP . Please use the document as is you may report any errors you find and I’ll update the document to reflect any corrections in the future updates. Thanks