Untitled


install slapd, php, php-fpm, php-ldap and php-xml
==========================================
sudo apt-get install slapd
sudo dpkg-reconfigure slapd
sudo apt-get install php
sudo apt-get install php-fpm
sudo apt-get install php-ldap
sudo apt-get install php-xml

a2enconf php7.0-fpm
a2enmod proxy_fcgi
a2enmod ssl
a2enmod python
a2enmod authnz_ldap

generate SSL/TLS key
====================

mkdir /etc/apache2/ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
Enter 127.0.0.1 as FQDN name.

install and configure phpldapadmin
==================================

cd /var/local
wget https://github.com/leenooks/phpLDAPadmin/archive/master.zip
unzip master.zip
mv phpLDAPadmin-master phpldapadmin
mv phpldapadmin/config/config.php.example phpldapadmin/config/config.php


Open the file phpldapadmin/config/config.php,
look for the line and uncomment

$servers->setValue('server','host','127.0.0.1');


============================================
Modify trac wiki configuration
============================================


nano /etc/apache2/sites-enabled/trac.conf

<VirtualHost *:443>
	ServerName 127.0.0.1
	SSLEngine on

	SSLProtocol             all -SSLv2 -SSLv3
	SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA2$
	SSLHonorCipherOrder     on
	SSLCompression          off

	SSLOptions +StrictRequire
	LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_$
	LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common

	SSLCertificateFile /etc/apache2/ssl/apache.crt
	SSLCertificateKeyFile /etc/apache2/ssl/apache.key

	Alias "/phpldapadmin" "/var/local/phpldapadmin"


	<Location /trac>
	  SetHandler mod_python
	  PythonInterpreter main_interpreter
	  PythonHandler trac.web.modpython_frontend
	  PythonOption TracEnv /var/local/trac
	  PythonOption TracEnvParentDir /var/local/trac
	  PythonOption TracUriRoot /trac
	  PythonOption TracEnv /var/local/trac
	  PythonOption TracLocale en_US.UTF8
	  PythonOption PYTHON_EGG_CACHE /tmp
	   SSLOptions +StdEnvVars
	  Require  all granted
	  #Require valid-user
          Require ssl-verify-client
	</Location>

	<Location /trac/login>
	  AuthType Basic
	  AuthName "BlackDeepDive"
 	  AuthBasicProvider "ldap"
	  AuthLDAPURL "ldap://:389/dc=company,dc=com?uid"
	  AuthLDAPBindDN "cn=admin,dc=company,dc=com"
	  AuthLDAPBindPassword abdul
	  Require valid-user
	  Require ssl-verify-client
	</Location>

	<Directory "/var/local/phpldapadmin">
	  SSLOptions +StdEnvVars

	  Require all granted
          Require ssl-verify-client
          Options Indexes
     </Directory>


</VirtualHost>


disable all HTTP (non-encrypted websites
=========================
open /etc/apache2/ports.conf
comment out the line
#Listen 80

service php7.0-fpm restart
service apache2 restart
service slapd restart

Enter the following commands so that apache2, php-fpm and slapd services are started automatically every boot:
update-rc.d  php7.0-fpm defaults
update-rc.d  apache2 defaults
update-rc.d  slapd defaults


Open browser and enter the URL https://127.0.0.1/phpldapadmin
You may need to add a browser exception to this domain (trac.local). This is because
the SSL certificate was signed by an unverified authority (self-signed).

login with
user: cn=admin,DC=company,DC=com
password: abdul (as set previously)

If the server has been setup correctly, login should be successful.

Now create a Generic:POSIX group named Trac Users

Then create a Generic:User Account with the following details:

First Name: Abdullah
Last Name: Albeladi
userid: albe0032
password: abdul
gid/group: Trac Users (500)


Open browser and enter the URL https://127.0.0.1/trac
Click login in trac to login. The browser will ask for login details. Enter
user: albe0032
password: abdul

This detail from the Generic:User Account.
The login should be successful.