Cool Solutions

GroupWise Monitor without Tomcat



By:

July 30, 2010 3:01 pm

Reads:4,423

Comments:0

Score:4

Print Friendly Version of this pagePrint Get a PDF version of this webpagePDF

Did you use the GroupWise Monitor on a Windows Workstation; do you miss the nice old features (like showing all logged on users)?

The old monitor is still there (http://localhost:8200 but pretty useless without any access control) so what you want to add is SSL and an authentication against your eDirectory. I am using SLES11 in this example.

1. Install the GroupWise Monitor Agent (the Monitor Application is NOT needed)
2. Make sure you have Apache installed.
3. Activate the Apache module “proxy_http“.

As the root user type: “a2enmod proxy_http“

Uncomment the “proxy-http” line in “etc/apache/sysconfig.d/loadmodule.conf”

I recommend creating a new vhost in “/etc/apache2/vhosts.d/” lets name it “gwm” listening on port 4433. So create a file “/etc/apache2/vhosts.d/gwm.conf” with the following lines:

 
<IfDefine SSL>
<IfDefine !NOSSL>
 
Listen *:4433
 
<VirtualHost *:4433>
        ServerName ThisNameShouldMatchTheNameInTheCertificate 
        DocumentRoot "/srv/www/htdocs"
        ErrorLog /var/log/apache2/error_log
        TransferLog /var/log/apache2/access_log
 
        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile /etc/apache2/ssl.crt/mycert.pem
        SSLCertificateKeyFile /etc/apache2/ssl.key/mykey.key
        SSLCertificateChainFile /etc/apache2/ssl.crt/mychain.pem
 
        <Files ~ "\.(cgi|shtml|phtml|php3?)$">
            SSLOptions +StdEnvVars
        </Files>
        <Directory "/srv/www/cgi-bin">
            SSLOptions +StdEnvVars
        </Directory>
 
        CustomLog /var/log/apache2/ssl_request_log   ssl_combined
 
        ProxyRequests Off
 
        <Location />
                SSLRequireSSL
                AuthName "Enter Username and password" 
                AuthType Basic
                AuthBasicProvider ldap
                AuthzLDAPAuthoritative On
                AuthLDAPURL ldaps://YourLDAPServer/YourSearchBase?cn?sub?(objectClass=person)
                AuthLDAPBindDN cn=MyLDAPReader,o=novell
                AuthLDAPBindPassword "LDapReaderPassword"
                Require ldap-attribute groupmembership=cn=groupwisemonitor,o=novell
                ProxyPass http://127.0.0.1:8200/
                ProxyPassReverse http://127.0.0.1:8200/
        </Location>
 
 
</VirtualHost>
 
</IfDefine>
</IfDefine>


Some explanations:

ThisNameShouldMatchTheNameInTheCertificate: Replace with the name of your CN found in the certificate
mycert.pem, mykey.pem, mychain.pem: Your certificate, private key and your certificate chain. (this is optional and you could just delete the line)
YourLDAPServer: Hostname of your LDAP Server.
YourSearchBase: Your Searchbase (for example: “o=novell“)
MyLDAPReader, LdapReaderPassword: Username and password of a user object which is allowed to read group membership in your tree.
cn=groupwisemonitor,o=novell: The group which any user accessing the GWMonitor must be in.

4. Open port 4433 in the SuSE Firewall
5. Restart Apache “rcapache2 restart“

The URL of your GroupWise Monitor is now: https://yourhost:4433.
Have fun.

1 vote, average: 4.00 out of 51 vote, average: 4.00 out of 51 vote, average: 4.00 out of 51 vote, average: 4.00 out of 51 vote, average: 4.00 out of 5 (1 votes, average: 4.00 out of 5)
You need to be a registered member to rate this post.
Loading ... Loading ...

Categories: Uncategorized

Disclaimer: This content is not supported by Novell. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.

Comment

RSS

Back to Top