How to configure Apache Security on Ldap

This is a simply configuration of apahce to use Ldap authentication, You need to enable ldap and ldap_auth modules.

 

<Location /ldaplocation >
 
AuthType Basic
AuthName "ldap auth"
AuthBasicProvider ldap
AuthLDAPBindDN "CN=ldapbind,O=test,C=it"
AuthLDAPBindPassword mypasswordhere
AuthLDAPURL "ldap://ldaphost:389/?uid?sub?(objectClass=inetOrgPerson)"
 
Options Indexes
SetOutputFilter DEFLATE
  <Limit OPTIONS PROPFIND GET REPORT MKACTIVITY PROPPATCH PUT CHECKOUT MKCOL MOVE COPY DELETE LOCK UNLOCK MERGE>
     Require valid-user
 </Limit>
</Location>

3 simple step to use .htaccess & .htpasswd

1) Create htpasswd

htpasswd -c /srv/www/htpasswd username —-> <insert password>

2) Put file named .htaccess
containing this lines:

#######################################
AuthUserFile  /srv/www/.htpasswd
AuthType Basic
AuthName "backend"
Require valid-user
#######################################

3) allow override in http.con as follow:

<Directory "/srv/www/htdocs">;
...

# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   Options FileInfo AuthConfig Limit
AllowOverride AuthConfig
# Controls who can get stuff from this server.
Order allow,deny
Allow from all

...
</Directory>

How to export Tivoli Directory Server to .ldif file

This script is simply and usefull to backup all users in a tivoli directory server to an ldif file.
When schedule by crontab it’s possible to add in command line destination folder by $1 param,
so you can have different versions of backup.

1
2
3
4
5
6
7
8
9
10
11
12
13
#!/bin/sh
 
NOW=$(date +"%u")
LPATH=/tmp/juve_full_backup$NOW.ldif
RPATH=/backup/ldap/$1
LOG=/var/log/bckLdap$1"-"$NOW".log"
 
echo "------------------"Backup LDAP on DOW $NOW"----------------------------------">LOG
echo `date`>>$LOG
 
mkdir $RPATH
/opt/IBM/ldap/V6.3/sbin/idsdb2ldif -I juvetds1 -o $LPATH  >$LOG
mv $LPATH $RPATH

Mysql Usefull Commands

Here some usefull command to administer Mysql Database Server:
#Access command line:
mysql -uroot -upassword

#Viev all user:
select user,password,host from mysql.user;

#Enable root remote login :
GRANT ALL PRIVILEGES ON *.* TO ‘root’@’%’ IDENTIFIED BY ‘password’;
FLUSH PRIVILEGES;
exit;

#Execute Mysql command from bash:

mysql -uroot -e “create database prod”
mysql -uroot -e “CREATE USER ‘prod’@’%’ IDENTIFIED BY ‘MyProd016′”
mysql -uroot -e “GRANT ALL PRIVILEGES ON prod.* TO ‘prod’@’%’ WITH GRANT OPTION”
mysql -uroot -e “FLUSH PRIVILEGES”
exit;