E gov security_tut_session_6_lab


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

E gov security_tut_session_6_lab

  1. 1. ‫أكاديمية الحكومة اإللكترونية الفلسطينية‬The Palestinian eGovernment Academy www.egovacademy.psSecurity Tutorial Session 6 LAB PalGov © 2011 1
  2. 2. AboutThis tutorial is part of the PalGov project, funded by the TEMPUS IV program of theCommission of the European Communities, grant agreement 511159-TEMPUS-1-2010-1-PS-TEMPUS-JPHES. The project website: www.egovacademy.psProject Consortium: Birzeit University, Palestine University of Trento, Italy (Coordinator ) Palestine Polytechnic University, Palestine Vrije Universiteit Brussel, Belgium Palestine Technical University, Palestine Université de Savoie, France Ministry of Telecom and IT, Palestine University of Namur, Belgium Ministry of Interior, Palestine TrueTrust, UK Ministry of Local Government, PalestineCoordinator:Dr. Mustafa JarrarBirzeit University, P.O.Box 14- Birzeit, PalestineTelfax:+972 2 2982935 mjarrar@birzeit.eduPalGov © 2011 2
  3. 3. © Copyright NotesEveryone is encouraged to use this material, or part of it, but should properlycite the project (logo and website), and the author of that part.No part of this tutorial may be reproduced or modified in any form or by anymeans, without prior written permission from the project, who have the fullcopyrights on the material. Attribution-NonCommercial-ShareAlike CC-BY-NC-SAThis license lets others remix, tweak, and build upon your work non-commercially, as long as they credit you and license their new creationsunder the identical terms. PalGov © 2011 3
  4. 4. Tutorial 5: Information SecuritySession 6: Authentication LabSession 6 Outline: •Install apache and use LDAP authentication and hashed password files. (windows with administrative rights) •Install openLDAP •Apache with LDAP authentications
  5. 5. Tutorial 5: Session 6: Authentication LABThis session will contribute to the followingILOs:• C: Professional and Practical Skills: • c4: Configure user authentication and authorization services using LDAP certificates.• D: General and Transferable Skills • d1: Communication and team work. • d2: Systems configurations. • d3: Analysis and identification skills.
  6. 6. OpenLDAP Server• In this lab, we will explain how to setup OpenLDAP and use it for authentication.• We will use Ubuntu 11.10 in setting up OpenLDAP server, currently at version 2.4.• With OpenLDAP, all information is stored in a tree structure, Directory Information Tree (DIT).• The tree is often determined by a Fully Qualified Domain Name (FQDN). If the domain name is example.com, the root node will be dc=example,dc=com.• An entry in LDAP directory consists of a set of attributes.• An attribute has a type (a name/description) and one or more values.
  7. 7. OpenLDAP Server• Every attribute must be defined in at least one objectClass.• Attributes and objectclasses are defined in schemas.• Each entry has a unique identifier: its Distinguished Name (DN or dn). For example:• dn: uid=galjabari,dc=example,dc=com• uid: galjabari• cn: Ghannam Aljabari• givenName: Ghannam• sn: Aljabari• mail: galjabari@example.com• objectClass: inetOrgPerson• The above entry is in LDIF format (LDAP Data Interchange Format)
  8. 8. Installing OpenLDAP• To install OpenLDAP server and LDAP management utilities from the command-line run the following command:• sudo apt-get install slapd ldap-utils• By default slapd is configured with minimal configuration option needed to run slapd daemon and will need additional configuration options in order to populate the directory.• OpenLDAP uses a separate directory which contains the cn=config Directory Information Tree (DIT). The cn=config DIT is used to dynamically configure the slapd daemon.• During the install you will be prompted for LDAP admin password. e-Government Lifelong 8
  9. 9. Installing OpenLDAP• To view slapd-config DIT:• sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn• To setup initial configuration for (dc=example,dc=com) database/DIT:• sudo dpkg-reconfigure slapd• You will be prompted to enter the domain name, organization name, and password for the rootDN. By default, this users DN is cn=admin,dc=example,dc=com.• To view dc=example,dc=com DIT:• ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com dn
  10. 10. Populating LDAP• Create a frontend.ldif with the following contents:• dn: ou=users, dc=example,dc=com• ou: users• objectclass: organizationalunit• dn: uid=galjabari,ou=Users,dc=example,dc=com• objectClass: inetOrgPerson• uid: galjabari• sn: Aljabari• givenName: Ghannam• cn: Ghannam Aljabari• mail: galjabari@example.com• userPassword: test
  11. 11. Populating LDAP• Add the entries to the LDAP directory:• sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.ldif• To check that the content has been correctly added, execute a search of the LDAP directory:• ldapsearch -xLLL -b "dc=example,dc=com" uid=galjabari sn givenName cn
  12. 12. LDAP Authentication in Apache• LDAP directory can be used to authenticate users for a website.• Edit /etc/hosts and add LDAP hostname:• ldap.example.com• To configure Apache for LDAP authentication, edit default configuration file in /etc/apache2/sites-available as follows:• <Directory /var/www/example.com/secret>• AuthType Basic• AuthName "Restricted Files• AuthLDAPURL "ldap://ldap.example.com/ou=users,dc=example,dc=com ?uid?• AuthBasicProvider ldap• Require valid-user• </Directory>
  13. 13. • Next, enable ldap module in Apache:• sudo a2enmod authnz_ldap• With Apache now configured for LDAP authentication, restart the service to enable the new settings:• sudo /etc/init.d/apache2 restart• The last step is to check access to the directory by runing the web browser and enter http://example.com/secret in the address bar. The browser should ask for username and password to load the page. e-Government Lifelong 13
  14. 14. Summary• In this session we discussed the following: – introduced user authentication – LDAP LAB
  15. 15. Thanks Eng. Ghannam Aljabary