• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
E gov security_tut_session_6_lab
 

E gov security_tut_session_6_lab

on

  • 634 views

 

Statistics

Views

Total Views
634
Views on SlideShare
605
Embed Views
29

Actions

Likes
0
Downloads
14
Comments
0

1 Embed 29

http://www.egovacademy.ps 29

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution-NonCommercial LicenseCC Attribution-NonCommercial License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    E gov security_tut_session_6_lab E gov security_tut_session_6_lab Presentation Transcript

    • ‫أكاديمية الحكومة اإللكترونية الفلسطينية‬The Palestinian eGovernment Academy www.egovacademy.psSecurity Tutorial Session 6 LAB PalGov © 2011 1
    • AboutThis tutorial is part of the PalGov project, funded by the TEMPUS IV program of theCommission of the European Communities, grant agreement 511159-TEMPUS-1-2010-1-PS-TEMPUS-JPHES. The project website: www.egovacademy.psProject Consortium: Birzeit University, Palestine University of Trento, Italy (Coordinator ) Palestine Polytechnic University, Palestine Vrije Universiteit Brussel, Belgium Palestine Technical University, Palestine Université de Savoie, France Ministry of Telecom and IT, Palestine University of Namur, Belgium Ministry of Interior, Palestine TrueTrust, UK Ministry of Local Government, PalestineCoordinator:Dr. Mustafa JarrarBirzeit University, P.O.Box 14- Birzeit, PalestineTelfax:+972 2 2982935 mjarrar@birzeit.eduPalGov © 2011 2
    • © Copyright NotesEveryone is encouraged to use this material, or part of it, but should properlycite the project (logo and website), and the author of that part.No part of this tutorial may be reproduced or modified in any form or by anymeans, without prior written permission from the project, who have the fullcopyrights on the material. Attribution-NonCommercial-ShareAlike CC-BY-NC-SAThis license lets others remix, tweak, and build upon your work non-commercially, as long as they credit you and license their new creationsunder the identical terms. PalGov © 2011 3
    • Tutorial 5: Information SecuritySession 6: Authentication LabSession 6 Outline: •Install apache and use LDAP authentication and hashed password files. (windows with administrative rights) •Install openLDAP •Apache with LDAP authentications
    • Tutorial 5: Session 6: Authentication LABThis session will contribute to the followingILOs:• C: Professional and Practical Skills: • c4: Configure user authentication and authorization services using LDAP certificates.• D: General and Transferable Skills • d1: Communication and team work. • d2: Systems configurations. • d3: Analysis and identification skills.
    • OpenLDAP Server• In this lab, we will explain how to setup OpenLDAP and use it for authentication.• We will use Ubuntu 11.10 in setting up OpenLDAP server, currently at version 2.4.• With OpenLDAP, all information is stored in a tree structure, Directory Information Tree (DIT).• The tree is often determined by a Fully Qualified Domain Name (FQDN). If the domain name is example.com, the root node will be dc=example,dc=com.• An entry in LDAP directory consists of a set of attributes.• An attribute has a type (a name/description) and one or more values.
    • OpenLDAP Server• Every attribute must be defined in at least one objectClass.• Attributes and objectclasses are defined in schemas.• Each entry has a unique identifier: its Distinguished Name (DN or dn). For example:• dn: uid=galjabari,dc=example,dc=com• uid: galjabari• cn: Ghannam Aljabari• givenName: Ghannam• sn: Aljabari• mail: galjabari@example.com• objectClass: inetOrgPerson• The above entry is in LDIF format (LDAP Data Interchange Format)
    • Installing OpenLDAP• To install OpenLDAP server and LDAP management utilities from the command-line run the following command:• sudo apt-get install slapd ldap-utils• By default slapd is configured with minimal configuration option needed to run slapd daemon and will need additional configuration options in order to populate the directory.• OpenLDAP uses a separate directory which contains the cn=config Directory Information Tree (DIT). The cn=config DIT is used to dynamically configure the slapd daemon.• During the install you will be prompted for LDAP admin password. e-Government Lifelong 8
    • Installing OpenLDAP• To view slapd-config DIT:• sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn• To setup initial configuration for (dc=example,dc=com) database/DIT:• sudo dpkg-reconfigure slapd• You will be prompted to enter the domain name, organization name, and password for the rootDN. By default, this users DN is cn=admin,dc=example,dc=com.• To view dc=example,dc=com DIT:• ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com dn
    • Populating LDAP• Create a frontend.ldif with the following contents:• dn: ou=users, dc=example,dc=com• ou: users• objectclass: organizationalunit• dn: uid=galjabari,ou=Users,dc=example,dc=com• objectClass: inetOrgPerson• uid: galjabari• sn: Aljabari• givenName: Ghannam• cn: Ghannam Aljabari• mail: galjabari@example.com• userPassword: test
    • Populating LDAP• Add the entries to the LDAP directory:• sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.ldif• To check that the content has been correctly added, execute a search of the LDAP directory:• ldapsearch -xLLL -b "dc=example,dc=com" uid=galjabari sn givenName cn
    • LDAP Authentication in Apache• LDAP directory can be used to authenticate users for a website.• Edit /etc/hosts and add LDAP hostname:• 127.0.0.1 ldap.example.com• To configure Apache for LDAP authentication, edit default configuration file in /etc/apache2/sites-available as follows:• <Directory /var/www/example.com/secret>• AuthType Basic• AuthName "Restricted Files• AuthLDAPURL "ldap://ldap.example.com/ou=users,dc=example,dc=com ?uid?• AuthBasicProvider ldap• Require valid-user• </Directory>
    • • Next, enable ldap module in Apache:• sudo a2enmod authnz_ldap• With Apache now configured for LDAP authentication, restart the service to enable the new settings:• sudo /etc/init.d/apache2 restart• The last step is to check access to the directory by runing the web browser and enter http://example.com/secret in the address bar. The browser should ask for username and password to load the page. e-Government Lifelong 13
    • Summary• In this session we discussed the following: – introduced user authentication – LDAP LAB
    • Thanks Eng. Ghannam Aljabary