Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Enable ldap and ssl for apache and log stash


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Enable ldap and ssl for apache and log stash

  1. 1. Enable LDAP and SSL for Apache for Logstash Author : Kanwar Batra Enable Apache SSL by compiling Apache with the required Apache and SSL module as mentioned below. These mods will be added to the final gold copy maintained by Patrick. Pre-Req to build apache.     Download Apache from an Apache mirror site Unzip the downloaded source Install the required pre-requisite libraries required to compile apache. Install the epel yum repo as below rpm -ivh Build Apache for Logstash      By default apache binaries is built in /usr/local/apache2 ( you can change this location by specifying the destination directory in the configure command cd <Download Apache Location>/ ./configure --enable-layout=RedHat --with-apr=../apr-1.4.8 --with-apr-util=../aprutil-1.5.2 --with-ldap --enable-ldap --enable-authnz-ldap --enable-ssl --enable-so make make install Enable LDAP changes in conf/httpd.conf LoadModule authn_core_module lib64/httpd/modules/ LoadModule authz_host_module lib64/httpd/modules/ LoadModule authz_groupfile_module lib64/httpd/modules/ LoadModule authz_user_module lib64/httpd/modules/ LoadModule authz_dbm_module lib64/httpd/modules/ LoadModule authz_owner_module lib64/httpd/modules/ LoadModule authz_dbd_module lib64/httpd/modules/ LoadModule authz_core_module lib64/httpd/modules/ LoadModule authnz_ldap_module lib64/httpd/modules/
  2. 2. LoadModule access_compat_module lib64/httpd/modules/ LoadModule auth_basic_module lib64/httpd/modules/ LoadModule ldap_module lib64/httpd/modules/ changes in conf.d/kibana3.conf Below the <Directory> Tags as shown in attached file for Kibana3.conf <Location /> AuthType Basic AuthName "USE YOUR LDAP AD ACCOUNT" AuthLDAPURL "ldap://<yourldaphost>:389/ou=NewUsers,dc=dev,dc=ksoftcloud,dc=com?sAM AccountName?sub?(objectClass=*)" NONE AuthBasicProvider ldap AuthLDAPBindDN "<create apache account in Ldap and usePrincipalName>" AuthLDAPBindPassword "<yourpwd>" require ldap-attribute objectClass=user </Location> Enable SSL in Apache Generate the Self Signed SSL Keys openssl genrsa -des3 -out server.key 1024 openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt changes in httpd.conf LoadModule socache_shmcb_module lib64/httpd/modules/ LoadModule ssl_module lib64/httpd/modules/ Listen 80 Listen 443
  3. 3. IncludeOptional /usr/local/apache2/conf.d/*.conf TraceEnable off RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] changes in kibana3.con SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 <VirtualHost *:443> SSLEngine on SSLCertificateFile "/etc/httpd/conf/server.crt" SSLCertificateKeyFile "/etc/httpd/conf/server.key" Disclaimer This document is based on my experience in setting up ldap for a customer . The document is shared for anyone looking for answers to configuring their environment with Apache LDAP . Please use the document as is you may report any errors you find and I’ll update the document to reflect any corrections in the future updates. Thanks