GroupWise Monitor without Tomcat

0 Likes
over 11 years ago
Did you use the GroupWise Monitor on a Windows Workstation; do you miss the nice old features (like showing all logged on users)?

The old monitor is still there (http://localhost:8200 but pretty useless without any access control) so what you want to add is SSL and an authentication against your eDirectory. I am using SLES11 in this example.

1. Install the GroupWise Monitor Agent (the Monitor Application is NOT needed)
2. Make sure you have Apache installed.
3. Activate the Apache module “proxy_http“.

As the root user type: "a2enmod proxy_http“

Uncomment the "proxy-http” line in "etc/apache/sysconfig.d/loadmodule.conf"

I recommend creating a new vhost in "/etc/apache2/vhosts.d/” lets name it "gwm” listening on port 4433. So create a file "/etc/apache2/vhosts.d/gwm.conf” with the following lines:
 
<IfDefine SSL>
<IfDefine !NOSSL>

Listen *:4433

<VirtualHost *:4433>
ServerName ThisNameShouldMatchTheNameInTheCertificate
DocumentRoot "/srv/www/htdocs"
ErrorLog /var/log/apache2/error_log
TransferLog /var/log/apache2/access_log

SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4 RSA: HIGH: MEDIUM: LOW: SSLv2: EXP: eNULL
SSLCertificateFile /etc/apache2/ssl.crt/mycert.pem
SSLCertificateKeyFile /etc/apache2/ssl.key/mykey.key
SSLCertificateChainFile /etc/apache2/ssl.crt/mychain.pem

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions StdEnvVars
</Files>
<Directory "/srv/www/cgi-bin">
SSLOptions StdEnvVars
</Directory>

CustomLog /var/log/apache2/ssl_request_log ssl_combined

ProxyRequests Off

<Location />
SSLRequireSSL
AuthName "Enter Username and password"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative On
AuthLDAPURL ldaps://YourLDAPServer/YourSearchBase?cn?sub?(objectClass=person)
AuthLDAPBindDN cn=MyLDAPReader,o=novell
AuthLDAPBindPassword "LDapReaderPassword"
Require ldap-attribute groupmembership=cn=groupwisemonitor,o=novell
ProxyPass http://127.0.0.1:8200/
ProxyPassReverse http://127.0.0.1:8200/
</Location>


</VirtualHost>

</IfDefine>
</IfDefine>

Some explanations:

ThisNameShouldMatchTheNameInTheCertificate: Replace with the name of your CN found in the certificate
mycert.pem, mykey.pem, mychain.pem: Your certificate, private key and your certificate chain. (this is optional and you could just delete the line)
YourLDAPServer: Hostname of your LDAP Server.
YourSearchBase: Your Searchbase (for example: "o=novell“)
MyLDAPReader, LdapReaderPassword: Username and password of a user object which is allowed to read group membership in your tree.
cn=groupwisemonitor,o=novell: The group which any user accessing the GWMonitor must be in.

4. Open port 4433 in the SuSE Firewall
5. Restart Apache "rcapache2 restart“

The URL of your GroupWise Monitor is now: https://yourhost:4433.
Have fun.

Labels:

How To-Best Practice
Comment List
Anonymous
Related Discussions
Recommended