Exploring the Future Potential of AI-Enabled Smartphone Processors
Enable ldap and ssl for apache and log stash
1. Enable LDAP and SSL for Apache for
Logstash
Author : Kanwar Batra
Enable Apache SSL by compiling Apache with the required Apache and SSL module as
mentioned below. These mods will be added to the final gold copy maintained by
Patrick.
Pre-Req to build apache.
Download Apache from an Apache mirror site
Unzip the downloaded source
Install the required pre-requisite libraries required to compile apache.
Install the epel yum repo as below
rpm -ivh http://fedora.mirror.nexicom.net/epel/6Server/x86_64/epel-release-68.noarch.rpm
Build Apache for Logstash
By default apache binaries is built in /usr/local/apache2 ( you can change this
location by specifying the destination directory in the configure command
cd <Download Apache Location>/
./configure --enable-layout=RedHat --with-apr=../apr-1.4.8 --with-apr-util=../aprutil-1.5.2 --with-ldap --enable-ldap --enable-authnz-ldap --enable-ssl --enable-so
make
make install
Enable LDAP
changes in conf/httpd.conf
LoadModule authn_core_module lib64/httpd/modules/mod_authn_core.so
LoadModule authz_host_module lib64/httpd/modules/mod_authz_host.so
LoadModule authz_groupfile_module
lib64/httpd/modules/mod_authz_groupfile.so
LoadModule authz_user_module lib64/httpd/modules/mod_authz_user.so
LoadModule authz_dbm_module lib64/httpd/modules/mod_authz_dbm.so
LoadModule authz_owner_module lib64/httpd/modules/mod_authz_owner.so
LoadModule authz_dbd_module lib64/httpd/modules/mod_authz_dbd.so
LoadModule authz_core_module lib64/httpd/modules/mod_authz_core.so
LoadModule authnz_ldap_module lib64/httpd/modules/mod_authnz_ldap.so
2. LoadModule access_compat_module
lib64/httpd/modules/mod_access_compat.so
LoadModule auth_basic_module lib64/httpd/modules/mod_auth_basic.so
LoadModule ldap_module lib64/httpd/modules/mod_ldap.so
changes in conf.d/kibana3.conf
Below the <Directory> Tags as shown in attached file for Kibana3.conf
<Location />
AuthType Basic
AuthName "USE YOUR LDAP AD ACCOUNT"
AuthLDAPURL
"ldap://<yourldaphost>:389/ou=NewUsers,dc=dev,dc=ksoftcloud,dc=com?sAM
AccountName?sub?(objectClass=*)" NONE
AuthBasicProvider ldap
AuthLDAPBindDN "<create apache account in Ldap and usePrincipalName>"
AuthLDAPBindPassword "<yourpwd>"
require ldap-attribute objectClass=user
</Location>
Enable SSL in Apache
Generate the Self Signed SSL Keys
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
changes in httpd.conf
LoadModule socache_shmcb_module
lib64/httpd/modules/mod_socache_shmcb.so
LoadModule ssl_module lib64/httpd/modules/mod_ssl.so
Listen 80
Listen 443
3. IncludeOptional /usr/local/apache2/conf.d/*.conf
TraceEnable off
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
changes in kibana3.con
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLPassPhraseDialog builtin
SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile "/etc/httpd/conf/server.crt"
SSLCertificateKeyFile "/etc/httpd/conf/server.key"
Disclaimer
This document is based on my experience in setting up ldap for a customer . The document is shared for anyone looking for
answers to configuring their environment with Apache LDAP . Please use the document as is you may report any errors you find
and I’ll update the document to reflect any corrections in the future updates. Thanks
