Month: April 2020

Token encryption requires a random string in keyphrase setting · ltb-project/self-service-password 

Jovan Stosic April 12, 2020

# Encryption, decryption keyphrase, required if $crypt_tokens = true # Please change it to anything long, random and complicated, you do not have to remember it # Changing it will also invalidate all previous tokens and SMS codes $keyphrase = “abcdefgh”;

Source: Token encryption requires a random string in keyphrase setting · Issue #243 · ltb-project/self-service-password · GitHub

Token encryption requires a random string in keyphrase setting · ltb-project/self-service-password  was last modified: April 12th, 2020 by Jovan Stosic

LDAP connection [LDAP Tool Box (LTB)]

Jovan Stosic April 12, 2020

Server address

Use an LDAP URI to configure the location of your LDAP server in $ldap_url:

$ldap_url = "ldap://localhost:389";

You can set several URI, so that next server will be tried if the previous is down:

$ldap_url = "ldap://server1 ldap://server2";

To use SSL, set ldaps in the URI:

$ldap_url = "ldaps://localhost";

To use StartTLS, set true in $ldap_starttls:

$ldap_starttls = true;

Source: LDAP connection [LDAP Tool Box (LTB)]

LDAP connection [LDAP Tool Box (LTB)] was last modified: April 12th, 2020 by Jovan Stosic

How To Install and Configure OpenLDAP and phpLDAPadmin on an Ubuntu 14.04 Server

Jovan Stosic April 12, 2020

We also want to password protect our phpLDAPadmin location. Even though phpLDAPadmin has password authentication, this will provide an extra level of protection.

The utility that we need is contained in an Apache utility package. Get it by typing:

sudo apt-get install apache2-utils

Now that you have the utility available, you can create a password file that will contain a username that you choose and the associated hashed password.

We will keep this in the /etc/apache2 directory. Create the file and specify the username you want to use by typing:

sudo htpasswd -c /etc/apache2/htpasswd demo_user

Now, we are ready to modify Apache to take advantage of our security upgrades.

 

Modify the phpLDAPadmin Apache Configuration

The first thing we will do is modify the alias that is set up to serve our phpLDAPadmin files.

Open the file with root privileges in your text editor:

sudo nano /etc/phpldapadmin/apache.conf

This is the place where we need to decide on the URL location where we want to access our interface. The default is /phpldapadmin, but we want to change this to cut down on random login attempts by bots and malicious parties.

For this guide, we’re going to use the location /superldap, but you should choose your own value.

We need to modify the line that specifies the Alias. This should be in an IfModule mod_alias.c block. When you are finished, it should look like this:

<IfModule mod_alias.c>
    Alias /superldap /usr/share/phpldapadmin/htdocs
</IfModule>

When you are finished, safe and close the file.

Configure the HTTP Virtual Host

Next, we need to modify our current Virtual Hosts file. Open it with root privileges in your editor:

sudo nano /etc/apache2/sites-enabled/000-default.conf

Inside, you’ll see a rather bare configuration file that looks like this:

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

We want to add information about our domain name or IP address to define our server name and we want to set up our redirect to point all HTTP requests to the HTTPS interface. This will match the alias we configured in the last section.

The changes we discussed will end up looking like this. Modify the items in red with your own values:

<VirtualHost *:80>
    ServerAdmin webmaster@server_domain_or_IP
    DocumentRoot /var/www/html
    ServerName server_domain_or_IP
    Redirect permanent /superldap https://server_domain_or_IP/superldap
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Save and close the file when you are finished.

The last thing we need to do is set up the location block that will implement our password protection for the entire phpLDAPadmin installation.

We do this by referencing the location where we are serving the phpLDAPadmin and setting up authentication using the file we generated. We will require anyone attempting to access this content to authenticate as a valid user:

<Location /superldap>
    AuthType Basic
    AuthName "Restricted Files"
    AuthUserFile /etc/apache2/htpasswd
    Require valid-user
</Location>

Save and close the file when you are finished.

Restart Apache to implement all of the changes that we have made:

sudo service apache2 restart

Source: How To Install and Configure OpenLDAP and phpLDAPadmin on an Ubuntu 14.04 Server | DigitalOcean

How To Install and Configure OpenLDAP and phpLDAPadmin on an Ubuntu 14.04 Server was last modified: April 19th, 2020 by Jovan Stosic

Owncloud/Nextcloud – Migration of database to LDAP users

Jovan Stosic April 12, 2020

1) In owncloud database change the table : oc_accounts
For the existing owncloud user in the column backend put: OC\User_LDAP\User_Proxy instead of OC\User\Database. For example:

UPDATE oc_accounts SET backend=’OCA\\User_LDAP\\User_Proxy’ WHERE user_id=’my_user’;

2) In table oc_ldap_user_mapping add the LDAP user. For example:

insert into oc_ldap_user_mapping (owncloud_name, ldap_dn, directory_uuid) values(‘my_user’,’cn=User_Name User_Surname,ou=users,dc=ris,dc=mk’,’user_uuid_from_LDAP’);

3) Delete the existing user from oc_users

delete from oc_users where uid=”my_user”;

Owncloud/Nextcloud – Migration of database to LDAP users was last modified: April 12th, 2020 by Jovan Stosic