SlideShare uma empresa Scribd logo
1 de 15
Baixar para ler offline
‫أكاديمية الحكومة اإللكترونية الفلسطينية‬
The Palestinian eGovernment Academy
          www.egovacademy.ps




Security Tutorial
  Session 6
     LAB


             PalGov © 2011                        1
About

This tutorial is part of the PalGov project, funded by the TEMPUS IV program of the
Commission of the European Communities, grant agreement 511159-TEMPUS-1-
2010-1-PS-TEMPUS-JPHES. The project website: www.egovacademy.ps
Project Consortium:

             Birzeit University, Palestine
                                                           University of Trento, Italy
             (Coordinator )


             Palestine Polytechnic University, Palestine   Vrije Universiteit Brussel, Belgium


             Palestine Technical University, Palestine
                                                           Université de Savoie, France

             Ministry of Telecom and IT, Palestine
                                                           University of Namur, Belgium
             Ministry of Interior, Palestine
                                                           TrueTrust, UK
             Ministry of Local Government, Palestine


Coordinator:
Dr. Mustafa Jarrar
Birzeit University, P.O.Box 14- Birzeit, Palestine
Telfax:+972 2 2982935 mjarrar@birzeit.eduPalGov © 2011
                                                                                                 2
© Copyright Notes
Everyone is encouraged to use this material, or part of it, but should properly
cite the project (logo and website), and the author of that part.


No part of this tutorial may be reproduced or modified in any form or by any
means, without prior written permission from the project, who have the full
copyrights on the material.




                   Attribution-NonCommercial-ShareAlike
                                CC-BY-NC-SA

This license lets others remix, tweak, and build upon your work non-
commercially, as long as they credit you and license their new creations
under the identical terms.

                                    PalGov © 2011                                 3
Tutorial 5:
        Information Security

Session 6: Authentication Lab

Session 6 Outline:
  •Install apache and use LDAP authentication and hashed
  password files. (windows with administrative rights)
  •Install openLDAP
  •Apache with LDAP authentications
Tutorial 5:
         Session 6: Authentication LAB
This session will contribute to the following
ILOs:

•   C: Professional and Practical Skills:
    •   c4: Configure user authentication and authorization services using
        LDAP certificates.
•   D: General and Transferable Skills
    •   d1: Communication and team work.
    •   d2: Systems configurations.
    •   d3: Analysis and identification skills.
OpenLDAP Server

• In this lab, we will explain how to setup OpenLDAP and
  use it for authentication.
• We will use Ubuntu 11.10 in setting up OpenLDAP server,
  currently at version 2.4.
• With OpenLDAP, all information is stored in a tree
  structure, Directory Information Tree (DIT).
• The tree is often determined by a Fully Qualified Domain
  Name (FQDN). If the domain name is example.com, the
  root node will be dc=example,dc=com.
• An entry in LDAP directory consists of a set of attributes.
• An attribute has a type (a name/description) and one or
  more values.
OpenLDAP Server

• Every attribute must be defined in at least one objectClass.
• Attributes and objectclasses are defined in schemas.
• Each entry has a unique identifier: it's Distinguished Name (DN
  or dn). For example:
•   dn: uid=galjabari,dc=example,dc=com
•   uid: galjabari
•   cn: Ghannam Aljabari
•   givenName: Ghannam
•   sn: Aljabari
•   mail: galjabari@example.com
•   objectClass: inetOrgPerson
• The above entry is in LDIF format (LDAP Data Interchange
  Format)
Installing OpenLDAP

• To install OpenLDAP server and LDAP management utilities
  from the command-line run the following command:
• sudo apt-get install slapd ldap-utils
• By default slapd is configured with minimal configuration
  option needed to run slapd daemon and will need additional
  configuration options in order to populate the directory.
• OpenLDAP uses a separate directory which contains the
  cn=config Directory Information Tree (DIT). The cn=config
  DIT is used to dynamically configure the slapd daemon.
• During the install you will be prompted for LDAP admin
  password.

                   e-Government Lifelong    8
Installing OpenLDAP

• To view slapd-config DIT:
• sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:///
  -b cn=config dn
• To setup initial configuration for (dc=example,dc=com)
  database/DIT:
• sudo dpkg-reconfigure slapd
• You will be prompted to enter the domain name, organization
  name, and password for the rootDN. By default, this user's DN
  is cn=admin,dc=example,dc=com.
• To view dc=example,dc=com DIT:
• ldapsearch -x -LLL -H ldap:/// -b
  dc=example,dc=com dn
Populating LDAP


• Create a frontend.ldif with the following contents:
• dn: ou=users, dc=example,dc=com
• ou: users
• objectclass: organizationalunit

•   dn: uid=galjabari,ou=Users,dc=example,dc=com
•   objectClass: inetOrgPerson
•   uid: galjabari
•   sn: Aljabari
•   givenName: Ghannam
•   cn: Ghannam Aljabari
•   mail: galjabari@example.com
•   userPassword: test
Populating LDAP

• Add the entries to the LDAP directory:
• sudo ldapadd -x -D
  cn=admin,dc=example,dc=com -W -f
  frontend.ldif
• To check that the content has been correctly added,
  execute a search of the LDAP directory:
• ldapsearch -xLLL -b "dc=example,dc=com"
  uid=galjabari sn givenName cn
LDAP Authentication in Apache

• LDAP directory can be used to authenticate users for a
  website.
• Edit /etc/hosts and add LDAP hostname:
• 127.0.0.1 ldap.example.com
• To configure Apache for LDAP authentication, edit default
  configuration file in /etc/apache2/sites-available as follows:
• <Directory /var/www/example.com/secret>
•   AuthType Basic
•   AuthName "Restricted Files
•   AuthLDAPURL
  "ldap://ldap.example.com/ou=users,dc=example,dc=com
  ?uid?
•   AuthBasicProvider ldap
•   Require valid-user
• </Directory>
• Next, enable ldap module in Apache:
• sudo a2enmod authnz_ldap
• With Apache now configured for LDAP authentication,
  restart the service to enable the new settings:
• sudo /etc/init.d/apache2 restart
• The last step is to check access to the directory by runing
  the web browser and enter http://example.com/secret in
  the address bar. The browser should ask for username
  and password to load the page.




                    e-Government Lifelong     13
Summary


• In this session we discussed the
  following:
  – introduced user authentication
  – LDAP LAB
Thanks

     Eng. Ghannam Aljabary

Mais conteúdo relacionado

Semelhante a E gov security_tut_session_6_lab

DEEP: a user success story
DEEP: a user success storyDEEP: a user success story
DEEP: a user success storyEOSC-hub project
 
Pal gov.tutorial3.session14.lab6
Pal gov.tutorial3.session14.lab6Pal gov.tutorial3.session14.lab6
Pal gov.tutorial3.session14.lab6Mustafa Jarrar
 
Pal gov.tutorial3.session12.lab5
Pal gov.tutorial3.session12.lab5Pal gov.tutorial3.session12.lab5
Pal gov.tutorial3.session12.lab5Mustafa Jarrar
 
Apache Deep Learning 201 - Philly Open Source
Apache Deep Learning 201 - Philly Open SourceApache Deep Learning 201 - Philly Open Source
Apache Deep Learning 201 - Philly Open SourceTimothy Spann
 
Pal gov.tutorial3.session5.lab2
Pal gov.tutorial3.session5.lab2Pal gov.tutorial3.session5.lab2
Pal gov.tutorial3.session5.lab2Mustafa Jarrar
 
Pal gov.tutorial3.session3.xpath & xquery (lab1)
Pal gov.tutorial3.session3.xpath & xquery (lab1)Pal gov.tutorial3.session3.xpath & xquery (lab1)
Pal gov.tutorial3.session3.xpath & xquery (lab1)Mustafa Jarrar
 
Puppet getting started by Dirk Götz
Puppet getting started by Dirk GötzPuppet getting started by Dirk Götz
Puppet getting started by Dirk GötzNETWAYS
 
Pal gov.tutorial3.session10.lab4
Pal gov.tutorial3.session10.lab4Pal gov.tutorial3.session10.lab4
Pal gov.tutorial3.session10.lab4Mustafa Jarrar
 
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...Vietnam Open Infrastructure User Group
 
Apache Deep Learning 101 - ApacheCon Montreal 2018 v0.31
Apache Deep Learning 101 - ApacheCon Montreal 2018 v0.31Apache Deep Learning 101 - ApacheCon Montreal 2018 v0.31
Apache Deep Learning 101 - ApacheCon Montreal 2018 v0.31Timothy Spann
 
Sword Or2008 Julieallinson
Sword Or2008 JulieallinsonSword Or2008 Julieallinson
Sword Or2008 JulieallinsonJulie Allinson
 
Pal gov.tutorial3.session8.lab3
Pal gov.tutorial3.session8.lab3Pal gov.tutorial3.session8.lab3
Pal gov.tutorial3.session8.lab3Mustafa Jarrar
 
Learning W3C Linked Data Platform with examples
Learning W3C Linked Data Platform with examplesLearning W3C Linked Data Platform with examples
Learning W3C Linked Data Platform with examplesNandana Mihindukulasooriya
 
Application integration with the W3C Linked Data standards
Application integration with the W3C Linked Data standardsApplication integration with the W3C Linked Data standards
Application integration with the W3C Linked Data standardsNandana Mihindukulasooriya
 
Puppet slides for intelligrape
Puppet slides for intelligrapePuppet slides for intelligrape
Puppet slides for intelligrapeSharad Aggarwal
 
Pal gov.tutorial2.session16.lab rd-fa
Pal gov.tutorial2.session16.lab rd-faPal gov.tutorial2.session16.lab rd-fa
Pal gov.tutorial2.session16.lab rd-faMustafa Jarrar
 
Introduction to-python
Introduction to-pythonIntroduction to-python
Introduction to-pythonAakashdata
 
Pal gov.tutorial2.session2.xml dtd's
Pal gov.tutorial2.session2.xml dtd'sPal gov.tutorial2.session2.xml dtd's
Pal gov.tutorial2.session2.xml dtd'sMustafa Jarrar
 
LDAP : Theory and OpenLDAP implementation
LDAP : Theory and OpenLDAP implementationLDAP : Theory and OpenLDAP implementation
LDAP : Theory and OpenLDAP implementationOpen Source School
 
CloudOps CloudStack Days, Austin April 2015
CloudOps CloudStack Days, Austin April 2015CloudOps CloudStack Days, Austin April 2015
CloudOps CloudStack Days, Austin April 2015CloudOps2005
 

Semelhante a E gov security_tut_session_6_lab (20)

DEEP: a user success story
DEEP: a user success storyDEEP: a user success story
DEEP: a user success story
 
Pal gov.tutorial3.session14.lab6
Pal gov.tutorial3.session14.lab6Pal gov.tutorial3.session14.lab6
Pal gov.tutorial3.session14.lab6
 
Pal gov.tutorial3.session12.lab5
Pal gov.tutorial3.session12.lab5Pal gov.tutorial3.session12.lab5
Pal gov.tutorial3.session12.lab5
 
Apache Deep Learning 201 - Philly Open Source
Apache Deep Learning 201 - Philly Open SourceApache Deep Learning 201 - Philly Open Source
Apache Deep Learning 201 - Philly Open Source
 
Pal gov.tutorial3.session5.lab2
Pal gov.tutorial3.session5.lab2Pal gov.tutorial3.session5.lab2
Pal gov.tutorial3.session5.lab2
 
Pal gov.tutorial3.session3.xpath & xquery (lab1)
Pal gov.tutorial3.session3.xpath & xquery (lab1)Pal gov.tutorial3.session3.xpath & xquery (lab1)
Pal gov.tutorial3.session3.xpath & xquery (lab1)
 
Puppet getting started by Dirk Götz
Puppet getting started by Dirk GötzPuppet getting started by Dirk Götz
Puppet getting started by Dirk Götz
 
Pal gov.tutorial3.session10.lab4
Pal gov.tutorial3.session10.lab4Pal gov.tutorial3.session10.lab4
Pal gov.tutorial3.session10.lab4
 
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
Room 2 - 3 - Nguyễn Hoài Nam & Nguyễn Việt Hùng - Terraform & Pulumi Comparin...
 
Apache Deep Learning 101 - ApacheCon Montreal 2018 v0.31
Apache Deep Learning 101 - ApacheCon Montreal 2018 v0.31Apache Deep Learning 101 - ApacheCon Montreal 2018 v0.31
Apache Deep Learning 101 - ApacheCon Montreal 2018 v0.31
 
Sword Or2008 Julieallinson
Sword Or2008 JulieallinsonSword Or2008 Julieallinson
Sword Or2008 Julieallinson
 
Pal gov.tutorial3.session8.lab3
Pal gov.tutorial3.session8.lab3Pal gov.tutorial3.session8.lab3
Pal gov.tutorial3.session8.lab3
 
Learning W3C Linked Data Platform with examples
Learning W3C Linked Data Platform with examplesLearning W3C Linked Data Platform with examples
Learning W3C Linked Data Platform with examples
 
Application integration with the W3C Linked Data standards
Application integration with the W3C Linked Data standardsApplication integration with the W3C Linked Data standards
Application integration with the W3C Linked Data standards
 
Puppet slides for intelligrape
Puppet slides for intelligrapePuppet slides for intelligrape
Puppet slides for intelligrape
 
Pal gov.tutorial2.session16.lab rd-fa
Pal gov.tutorial2.session16.lab rd-faPal gov.tutorial2.session16.lab rd-fa
Pal gov.tutorial2.session16.lab rd-fa
 
Introduction to-python
Introduction to-pythonIntroduction to-python
Introduction to-python
 
Pal gov.tutorial2.session2.xml dtd's
Pal gov.tutorial2.session2.xml dtd'sPal gov.tutorial2.session2.xml dtd's
Pal gov.tutorial2.session2.xml dtd's
 
LDAP : Theory and OpenLDAP implementation
LDAP : Theory and OpenLDAP implementationLDAP : Theory and OpenLDAP implementation
LDAP : Theory and OpenLDAP implementation
 
CloudOps CloudStack Days, Austin April 2015
CloudOps CloudStack Days, Austin April 2015CloudOps CloudStack Days, Austin April 2015
CloudOps CloudStack Days, Austin April 2015
 

Mais de Mustafa Jarrar

Clustering Arabic Tweets for Sentiment Analysis
Clustering Arabic Tweets for Sentiment AnalysisClustering Arabic Tweets for Sentiment Analysis
Clustering Arabic Tweets for Sentiment AnalysisMustafa Jarrar
 
Classifying Processes and Basic Formal Ontology
Classifying Processes  and Basic Formal OntologyClassifying Processes  and Basic Formal Ontology
Classifying Processes and Basic Formal OntologyMustafa Jarrar
 
Discrete Mathematics Course Outline
Discrete Mathematics Course OutlineDiscrete Mathematics Course Outline
Discrete Mathematics Course OutlineMustafa Jarrar
 
Business Process Implementation
Business Process ImplementationBusiness Process Implementation
Business Process ImplementationMustafa Jarrar
 
Business Process Design and Re-engineering
Business Process Design and Re-engineeringBusiness Process Design and Re-engineering
Business Process Design and Re-engineeringMustafa Jarrar
 
BPMN 2.0 Analytical Constructs
BPMN 2.0 Analytical ConstructsBPMN 2.0 Analytical Constructs
BPMN 2.0 Analytical ConstructsMustafa Jarrar
 
BPMN 2.0 Descriptive Constructs
BPMN 2.0 Descriptive Constructs  BPMN 2.0 Descriptive Constructs
BPMN 2.0 Descriptive Constructs Mustafa Jarrar
 
Introduction to Business Process Management
Introduction to Business Process ManagementIntroduction to Business Process Management
Introduction to Business Process ManagementMustafa Jarrar
 
Customer Complaint Ontology
Customer Complaint Ontology Customer Complaint Ontology
Customer Complaint Ontology Mustafa Jarrar
 
Subset, Equality, and Exclusion Rules
Subset, Equality, and Exclusion RulesSubset, Equality, and Exclusion Rules
Subset, Equality, and Exclusion RulesMustafa Jarrar
 
Schema Modularization in ORM
Schema Modularization in ORMSchema Modularization in ORM
Schema Modularization in ORMMustafa Jarrar
 
On Computer Science Trends and Priorities in Palestine
On Computer Science Trends and Priorities in PalestineOn Computer Science Trends and Priorities in Palestine
On Computer Science Trends and Priorities in PalestineMustafa Jarrar
 
Lessons from Class Recording & Publishing of Eight Online Courses
Lessons from Class Recording & Publishing of Eight Online CoursesLessons from Class Recording & Publishing of Eight Online Courses
Lessons from Class Recording & Publishing of Eight Online CoursesMustafa Jarrar
 
Presentation curras paper-emnlp2014-final
Presentation curras paper-emnlp2014-finalPresentation curras paper-emnlp2014-final
Presentation curras paper-emnlp2014-finalMustafa Jarrar
 
Jarrar: Future Internet in Horizon 2020 Calls
Jarrar: Future Internet in Horizon 2020 CallsJarrar: Future Internet in Horizon 2020 Calls
Jarrar: Future Internet in Horizon 2020 CallsMustafa Jarrar
 
Habash: Arabic Natural Language Processing
Habash: Arabic Natural Language ProcessingHabash: Arabic Natural Language Processing
Habash: Arabic Natural Language ProcessingMustafa Jarrar
 
Adnan: Introduction to Natural Language Processing
Adnan: Introduction to Natural Language Processing Adnan: Introduction to Natural Language Processing
Adnan: Introduction to Natural Language Processing Mustafa Jarrar
 
Riestra: How to Design and engineer Competitive Horizon 2020 Proposals
Riestra: How to Design and engineer Competitive Horizon 2020 ProposalsRiestra: How to Design and engineer Competitive Horizon 2020 Proposals
Riestra: How to Design and engineer Competitive Horizon 2020 ProposalsMustafa Jarrar
 
Bouquet: SIERA Workshop on The Pillars of Horizon2020
Bouquet: SIERA Workshop on The Pillars of Horizon2020Bouquet: SIERA Workshop on The Pillars of Horizon2020
Bouquet: SIERA Workshop on The Pillars of Horizon2020Mustafa Jarrar
 
Jarrar: Sparql Project
Jarrar: Sparql ProjectJarrar: Sparql Project
Jarrar: Sparql ProjectMustafa Jarrar
 

Mais de Mustafa Jarrar (20)

Clustering Arabic Tweets for Sentiment Analysis
Clustering Arabic Tweets for Sentiment AnalysisClustering Arabic Tweets for Sentiment Analysis
Clustering Arabic Tweets for Sentiment Analysis
 
Classifying Processes and Basic Formal Ontology
Classifying Processes  and Basic Formal OntologyClassifying Processes  and Basic Formal Ontology
Classifying Processes and Basic Formal Ontology
 
Discrete Mathematics Course Outline
Discrete Mathematics Course OutlineDiscrete Mathematics Course Outline
Discrete Mathematics Course Outline
 
Business Process Implementation
Business Process ImplementationBusiness Process Implementation
Business Process Implementation
 
Business Process Design and Re-engineering
Business Process Design and Re-engineeringBusiness Process Design and Re-engineering
Business Process Design and Re-engineering
 
BPMN 2.0 Analytical Constructs
BPMN 2.0 Analytical ConstructsBPMN 2.0 Analytical Constructs
BPMN 2.0 Analytical Constructs
 
BPMN 2.0 Descriptive Constructs
BPMN 2.0 Descriptive Constructs  BPMN 2.0 Descriptive Constructs
BPMN 2.0 Descriptive Constructs
 
Introduction to Business Process Management
Introduction to Business Process ManagementIntroduction to Business Process Management
Introduction to Business Process Management
 
Customer Complaint Ontology
Customer Complaint Ontology Customer Complaint Ontology
Customer Complaint Ontology
 
Subset, Equality, and Exclusion Rules
Subset, Equality, and Exclusion RulesSubset, Equality, and Exclusion Rules
Subset, Equality, and Exclusion Rules
 
Schema Modularization in ORM
Schema Modularization in ORMSchema Modularization in ORM
Schema Modularization in ORM
 
On Computer Science Trends and Priorities in Palestine
On Computer Science Trends and Priorities in PalestineOn Computer Science Trends and Priorities in Palestine
On Computer Science Trends and Priorities in Palestine
 
Lessons from Class Recording & Publishing of Eight Online Courses
Lessons from Class Recording & Publishing of Eight Online CoursesLessons from Class Recording & Publishing of Eight Online Courses
Lessons from Class Recording & Publishing of Eight Online Courses
 
Presentation curras paper-emnlp2014-final
Presentation curras paper-emnlp2014-finalPresentation curras paper-emnlp2014-final
Presentation curras paper-emnlp2014-final
 
Jarrar: Future Internet in Horizon 2020 Calls
Jarrar: Future Internet in Horizon 2020 CallsJarrar: Future Internet in Horizon 2020 Calls
Jarrar: Future Internet in Horizon 2020 Calls
 
Habash: Arabic Natural Language Processing
Habash: Arabic Natural Language ProcessingHabash: Arabic Natural Language Processing
Habash: Arabic Natural Language Processing
 
Adnan: Introduction to Natural Language Processing
Adnan: Introduction to Natural Language Processing Adnan: Introduction to Natural Language Processing
Adnan: Introduction to Natural Language Processing
 
Riestra: How to Design and engineer Competitive Horizon 2020 Proposals
Riestra: How to Design and engineer Competitive Horizon 2020 ProposalsRiestra: How to Design and engineer Competitive Horizon 2020 Proposals
Riestra: How to Design and engineer Competitive Horizon 2020 Proposals
 
Bouquet: SIERA Workshop on The Pillars of Horizon2020
Bouquet: SIERA Workshop on The Pillars of Horizon2020Bouquet: SIERA Workshop on The Pillars of Horizon2020
Bouquet: SIERA Workshop on The Pillars of Horizon2020
 
Jarrar: Sparql Project
Jarrar: Sparql ProjectJarrar: Sparql Project
Jarrar: Sparql Project
 

Último

IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 

Último (20)

IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 

E gov security_tut_session_6_lab

  • 1. ‫أكاديمية الحكومة اإللكترونية الفلسطينية‬ The Palestinian eGovernment Academy www.egovacademy.ps Security Tutorial Session 6 LAB PalGov © 2011 1
  • 2. About This tutorial is part of the PalGov project, funded by the TEMPUS IV program of the Commission of the European Communities, grant agreement 511159-TEMPUS-1- 2010-1-PS-TEMPUS-JPHES. The project website: www.egovacademy.ps Project Consortium: Birzeit University, Palestine University of Trento, Italy (Coordinator ) Palestine Polytechnic University, Palestine Vrije Universiteit Brussel, Belgium Palestine Technical University, Palestine Université de Savoie, France Ministry of Telecom and IT, Palestine University of Namur, Belgium Ministry of Interior, Palestine TrueTrust, UK Ministry of Local Government, Palestine Coordinator: Dr. Mustafa Jarrar Birzeit University, P.O.Box 14- Birzeit, Palestine Telfax:+972 2 2982935 mjarrar@birzeit.eduPalGov © 2011 2
  • 3. © Copyright Notes Everyone is encouraged to use this material, or part of it, but should properly cite the project (logo and website), and the author of that part. No part of this tutorial may be reproduced or modified in any form or by any means, without prior written permission from the project, who have the full copyrights on the material. Attribution-NonCommercial-ShareAlike CC-BY-NC-SA This license lets others remix, tweak, and build upon your work non- commercially, as long as they credit you and license their new creations under the identical terms. PalGov © 2011 3
  • 4. Tutorial 5: Information Security Session 6: Authentication Lab Session 6 Outline: •Install apache and use LDAP authentication and hashed password files. (windows with administrative rights) •Install openLDAP •Apache with LDAP authentications
  • 5. Tutorial 5: Session 6: Authentication LAB This session will contribute to the following ILOs: • C: Professional and Practical Skills: • c4: Configure user authentication and authorization services using LDAP certificates. • D: General and Transferable Skills • d1: Communication and team work. • d2: Systems configurations. • d3: Analysis and identification skills.
  • 6. OpenLDAP Server • In this lab, we will explain how to setup OpenLDAP and use it for authentication. • We will use Ubuntu 11.10 in setting up OpenLDAP server, currently at version 2.4. • With OpenLDAP, all information is stored in a tree structure, Directory Information Tree (DIT). • The tree is often determined by a Fully Qualified Domain Name (FQDN). If the domain name is example.com, the root node will be dc=example,dc=com. • An entry in LDAP directory consists of a set of attributes. • An attribute has a type (a name/description) and one or more values.
  • 7. OpenLDAP Server • Every attribute must be defined in at least one objectClass. • Attributes and objectclasses are defined in schemas. • Each entry has a unique identifier: it's Distinguished Name (DN or dn). For example: • dn: uid=galjabari,dc=example,dc=com • uid: galjabari • cn: Ghannam Aljabari • givenName: Ghannam • sn: Aljabari • mail: galjabari@example.com • objectClass: inetOrgPerson • The above entry is in LDIF format (LDAP Data Interchange Format)
  • 8. Installing OpenLDAP • To install OpenLDAP server and LDAP management utilities from the command-line run the following command: • sudo apt-get install slapd ldap-utils • By default slapd is configured with minimal configuration option needed to run slapd daemon and will need additional configuration options in order to populate the directory. • OpenLDAP uses a separate directory which contains the cn=config Directory Information Tree (DIT). The cn=config DIT is used to dynamically configure the slapd daemon. • During the install you will be prompted for LDAP admin password. e-Government Lifelong 8
  • 9. Installing OpenLDAP • To view slapd-config DIT: • sudo ldapsearch -LLL -Y EXTERNAL -H ldapi:/// -b cn=config dn • To setup initial configuration for (dc=example,dc=com) database/DIT: • sudo dpkg-reconfigure slapd • You will be prompted to enter the domain name, organization name, and password for the rootDN. By default, this user's DN is cn=admin,dc=example,dc=com. • To view dc=example,dc=com DIT: • ldapsearch -x -LLL -H ldap:/// -b dc=example,dc=com dn
  • 10. Populating LDAP • Create a frontend.ldif with the following contents: • dn: ou=users, dc=example,dc=com • ou: users • objectclass: organizationalunit • dn: uid=galjabari,ou=Users,dc=example,dc=com • objectClass: inetOrgPerson • uid: galjabari • sn: Aljabari • givenName: Ghannam • cn: Ghannam Aljabari • mail: galjabari@example.com • userPassword: test
  • 11. Populating LDAP • Add the entries to the LDAP directory: • sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.ldif • To check that the content has been correctly added, execute a search of the LDAP directory: • ldapsearch -xLLL -b "dc=example,dc=com" uid=galjabari sn givenName cn
  • 12. LDAP Authentication in Apache • LDAP directory can be used to authenticate users for a website. • Edit /etc/hosts and add LDAP hostname: • 127.0.0.1 ldap.example.com • To configure Apache for LDAP authentication, edit default configuration file in /etc/apache2/sites-available as follows: • <Directory /var/www/example.com/secret> • AuthType Basic • AuthName "Restricted Files • AuthLDAPURL "ldap://ldap.example.com/ou=users,dc=example,dc=com ?uid? • AuthBasicProvider ldap • Require valid-user • </Directory>
  • 13. • Next, enable ldap module in Apache: • sudo a2enmod authnz_ldap • With Apache now configured for LDAP authentication, restart the service to enable the new settings: • sudo /etc/init.d/apache2 restart • The last step is to check access to the directory by runing the web browser and enter http://example.com/secret in the address bar. The browser should ask for username and password to load the page. e-Government Lifelong 13
  • 14. Summary • In this session we discussed the following: – introduced user authentication – LDAP LAB
  • 15. Thanks Eng. Ghannam Aljabary