Enable ldap and ssl for apache and log stash

•

1 recomendación•991 vistas

Enable LDAP and SSL for Apache for
Logstash
Author : Kanwar Batra
Enable Apache SSL by compiling Apache with the required Apache and SSL module as
mentioned below. These mods will be added to the final gold copy maintained by
Patrick.

Pre-Req to build apache.





Download Apache from an Apache mirror site
Unzip the downloaded source
Install the required pre-requisite libraries required to compile apache.
Install the epel yum repo as below
rpm -ivh http://fedora.mirror.nexicom.net/epel/6Server/x86_64/epel-release-68.noarch.rpm

Build Apache for Logstash






By default apache binaries is built in /usr/local/apache2 ( you can change this
location by specifying the destination directory in the configure command
cd <Download Apache Location>/
./configure --enable-layout=RedHat --with-apr=../apr-1.4.8 --with-apr-util=../aprutil-1.5.2 --with-ldap --enable-ldap --enable-authnz-ldap --enable-ssl --enable-so
make
make install

Enable LDAP
changes in conf/httpd.conf

LoadModule authn_core_module lib64/httpd/modules/mod_authn_core.so
LoadModule authz_host_module lib64/httpd/modules/mod_authz_host.so
LoadModule authz_groupfile_module
lib64/httpd/modules/mod_authz_groupfile.so
LoadModule authz_user_module lib64/httpd/modules/mod_authz_user.so
LoadModule authz_dbm_module lib64/httpd/modules/mod_authz_dbm.so
LoadModule authz_owner_module lib64/httpd/modules/mod_authz_owner.so
LoadModule authz_dbd_module lib64/httpd/modules/mod_authz_dbd.so
LoadModule authz_core_module lib64/httpd/modules/mod_authz_core.so
LoadModule authnz_ldap_module lib64/httpd/modules/mod_authnz_ldap.so

LoadModule access_compat_module
lib64/httpd/modules/mod_access_compat.so
LoadModule auth_basic_module lib64/httpd/modules/mod_auth_basic.so
LoadModule ldap_module lib64/httpd/modules/mod_ldap.so

changes in conf.d/kibana3.conf

Below the <Directory> Tags as shown in attached file for Kibana3.conf
<Location />
AuthType Basic
AuthName "USE YOUR LDAP AD ACCOUNT"
AuthLDAPURL
"ldap://<yourldaphost>:389/ou=NewUsers,dc=dev,dc=ksoftcloud,dc=com?sAM
AccountName?sub?(objectClass=*)" NONE
AuthBasicProvider ldap
AuthLDAPBindDN "<create apache account in Ldap and usePrincipalName>"
AuthLDAPBindPassword "<yourpwd>"
require ldap-attribute objectClass=user
</Location>

Enable SSL in Apache
Generate the Self Signed SSL Keys
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
changes in httpd.conf

LoadModule socache_shmcb_module
lib64/httpd/modules/mod_socache_shmcb.so
LoadModule ssl_module lib64/httpd/modules/mod_ssl.so
Listen 80
Listen 443

$IncludeOptional /usr/local/apache2/conf.d/*.conf TraceEnable off RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] changes in kibana3.con SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 <VirtualHost *:443> SSLEngine on SSLCertificateFile "/etc/httpd/conf/server.crt" SSLCertificateKeyFile "/etc/httpd/conf/server.key" Disclaimer This document is based on my experience in setting up ldap for a customer . The document is shared for anyone looking for answers to configuring their environment with Apache LDAP . Please use the document as is you may report any errors you find and I’ll update the document to reflect any corrections in the future updates. Thanks$

Más contenido relacionado

Destacado

Improving Cross Desktop Standard by Cedric BAIL (GNOME Asia Summit 2013)

Daniel Juyung Seo

Fiscalización Ejercito

Eduardo Woo

Vesícula biliar

ana laura taveras

Exploración física Precordial y pericardiocentesis

Erick Warner

Developer paradigm shift

Kenu, GwangNam Heo

TMC Hugues Sweeney Experience Design Interview ENG Version

TMC Resource Kit

TMC David Dufresne Fort McMoney Co-Production Interview Fr Version

TMC Resource Kit

Sap hana studio_overview

Arun Singhania

Growing object oriented software guided by test

라한사 아

20151022 elasticsearch 적용및활용_송준이_sds발표용

Junyi Song

2016 화장품 미세 플라스틱 간담회 기록 및 후기

여성환경연대

HEMORRAGIAS INTRACEREBRALES ESPONTANEAS

Nilia Yoly Abad Quispe

RCP

eddynoy velasquez

Que es patologia Estudio de los cambios estructurales, bioquímicos y funcionales que subyacen a la enfermedad en las células, tejidos y órganos Utiliza herramientas moleculares, microbiológicas, inmunológicas y técnicas morfológicas Se divide en patología general y sistémica Etiologia Grupos de factores etiológicos: - genéticos - adquiridos Patogenia Secuencia de acontecimientos que constituyen la respuesta de las células o tejidos ante un agente etiológico Cambios morfológicos y moleculares Manifestaciones clinicas

QUE ES PATOLOGIA

Burdach Friedrich

Destacado (14)

Improving Cross Desktop Standard by Cedric BAIL (GNOME Asia Summit 2013)

Fiscalización Ejercito

Vesícula biliar

Exploración física Precordial y pericardiocentesis

Developer paradigm shift

TMC Hugues Sweeney Experience Design Interview ENG Version

TMC David Dufresne Fort McMoney Co-Production Interview Fr Version

Sap hana studio_overview

Growing object oriented software guided by test

20151022 elasticsearch 적용및활용_송준이_sds발표용

2016 화장품 미세 플라스틱 간담회 기록 및 후기

HEMORRAGIAS INTRACEREBRALES ESPONTANEAS

RCP

QUE ES PATOLOGIA

Último

Top 10 Most Downloaded Games on Play Store in 2024

SynarionITSolutions

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

Manulife - Insurer Innovation Award 2024

The Digital Insurer

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Created by Mozilla Research in 2012 and now part of Linux Foundation Europe, the Servo project is an experimental rendering engine written in Rust. It combines memory safety and concurrency to create an independent, modular, and embeddable rendering engine that adheres to web standards. Stewardship of Servo moved from Mozilla Research to the Linux Foundation in 2020, where its mission remains unchanged. After some slow years, in 2023 there has been renewed activity on the project, with a roadmap now focused on improving the engine’s CSS 2 conformance, exploring Android support, and making Servo a practical embeddable rendering engine. In this presentation, Rakhi Sharma reviews the status of the project, our recent developments in 2023, our collaboration with Tauri to make Servo an easy-to-use embeddable rendering engine, and our plans for the future to make Servo an alternative web rendering engine for the embedded devices industry. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://ossna2024.sched.com/event/1aBNF/a-year-of-servo-reboot-where-are-we-now-rakhi-sharma-igalia

A Year of the Servo Reboot: Where Are We Now?

Igalia

Scaling API-first – The story of a global engineering organization

Radu Cotescu

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

Three things you will take away from the session: • How to run an effective tenant-to-tenant migration • Best practices for before, during, and after migration • Tips for using migration as a springboard to prepare for Copilot in Microsoft 365 Main ideas: Migration Overview: The presentation covers the current reality of cross-tenant migrations, the triggers, phases, best practices, and benefits of a successful tenant migration Considerations: When considering a migration, it is important to consider the migration scope, performance, customization, flexibility, user-friendly interface, automation, monitoring, support, training, scalability, data integrity, data security, cost, and licensing structure Next Wave: The next wave of change includes the launch of Copilot, which requires businesses to be prepared for upcoming changes related to Copilot and the cloud, and to consolidate data and tighten governance ShareGate: ShareGate can help with pre-migration analysis, configurable migration tool, and automated, end-user driven collaborative governance

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff

sammart93

Enable ldap and ssl for apache and log stash

1. Enable LDAP and SSL for Apache for Logstash Author : Kanwar Batra Enable Apache SSL by compiling Apache with the required Apache and SSL module as mentioned below. These mods will be added to the final gold copy maintained by Patrick. Pre-Req to build apache.     Download Apache from an Apache mirror site Unzip the downloaded source Install the required pre-requisite libraries required to compile apache. Install the epel yum repo as below rpm -ivh http://fedora.mirror.nexicom.net/epel/6Server/x86_64/epel-release-68.noarch.rpm Build Apache for Logstash      By default apache binaries is built in /usr/local/apache2 ( you can change this location by specifying the destination directory in the configure command cd <Download Apache Location>/ ./configure --enable-layout=RedHat --with-apr=../apr-1.4.8 --with-apr-util=../aprutil-1.5.2 --with-ldap --enable-ldap --enable-authnz-ldap --enable-ssl --enable-so make make install Enable LDAP changes in conf/httpd.conf LoadModule authn_core_module lib64/httpd/modules/mod_authn_core.so LoadModule authz_host_module lib64/httpd/modules/mod_authz_host.so LoadModule authz_groupfile_module lib64/httpd/modules/mod_authz_groupfile.so LoadModule authz_user_module lib64/httpd/modules/mod_authz_user.so LoadModule authz_dbm_module lib64/httpd/modules/mod_authz_dbm.so LoadModule authz_owner_module lib64/httpd/modules/mod_authz_owner.so LoadModule authz_dbd_module lib64/httpd/modules/mod_authz_dbd.so LoadModule authz_core_module lib64/httpd/modules/mod_authz_core.so LoadModule authnz_ldap_module lib64/httpd/modules/mod_authnz_ldap.so

2. LoadModule access_compat_module lib64/httpd/modules/mod_access_compat.so LoadModule auth_basic_module lib64/httpd/modules/mod_auth_basic.so LoadModule ldap_module lib64/httpd/modules/mod_ldap.so changes in conf.d/kibana3.conf Below the <Directory> Tags as shown in attached file for Kibana3.conf <Location /> AuthType Basic AuthName "USE YOUR LDAP AD ACCOUNT" AuthLDAPURL "ldap://<yourldaphost>:389/ou=NewUsers,dc=dev,dc=ksoftcloud,dc=com?sAM AccountName?sub?(objectClass=*)" NONE AuthBasicProvider ldap AuthLDAPBindDN "<create apache account in Ldap and usePrincipalName>" AuthLDAPBindPassword "<yourpwd>" require ldap-attribute objectClass=user </Location> Enable SSL in Apache Generate the Self Signed SSL Keys openssl genrsa -des3 -out server.key 1024 openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt changes in httpd.conf LoadModule socache_shmcb_module lib64/httpd/modules/mod_socache_shmcb.so LoadModule ssl_module lib64/httpd/modules/mod_ssl.so Listen 80 Listen 443

3. IncludeOptional /usr/local/apache2/conf.d/*.conf TraceEnable off RewriteEngine on RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] changes in kibana3.con SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 <VirtualHost *:443> SSLEngine on SSLCertificateFile "/etc/httpd/conf/server.crt" SSLCertificateKeyFile "/etc/httpd/conf/server.key" Disclaimer This document is based on my experience in setting up ldap for a customer . The document is shared for anyone looking for answers to configuring their environment with Apache LDAP . Please use the document as is you may report any errors you find and I’ll update the document to reflect any corrections in the future updates. Thanks

Enable ldap and ssl for apache and log stash

Recomendados

Recomendados

Más contenido relacionado

Destacado

Destacado (14)

Último

Último (20)

Enable ldap and ssl for apache and log stash