{"id":308,"date":"2016-08-19T06:00:00","date_gmt":"2016-08-19T14:00:00","guid":{"rendered":"https:\/\/andrewwippler.com\/?p=308"},"modified":"2016-09-03T15:13:08","modified_gmt":"2016-09-03T23:13:08","slug":"password-management-portal-for-end-users","status":"publish","type":"post","link":"https:\/\/andrewwippler.com\/2016\/08\/19\/password-management-portal-for-end-users\/","title":{"rendered":"Password management portal for end users"},"content":{"rendered":"
We in IT have heard it often, the #1 request coming into help desk ticket systems is password resets, account lockouts, and the like. PWM is a password reset web application written in Java for use with LDAP directories. You can configure it to work with Active Directory, OpenLDAP, FreeIPA, and others. There are already a handful of good tutorials on how to set up PWM (I think of this one in particular<\/a>); however, I want to demonstrate the This guide assumes you have an Active Directory server with TLS set up (to change passwords) which is beyond the scope of this post. It also assumes you have a CentOS 7 instance which can communicate to the Active Directory server. It also assumes this is in an environment without a puppet master\/server. The end manifest can be uploaded to a master and used that way.<\/p>\n <\/p>\n PWM is available in zip format on their website<\/a> or in source format on GitHub<\/a>. We are going to use the war file so grab the zip from off of their website, extract it, and place it on a webserver or locally on the server.<\/p>\n Our next step is to get puppet and relevant puppet modules<\/p>\n We are The contents of this file are as below:<\/p>\npuppet apply<\/code> command in this tutorial.<\/p>\n
Prerequisites<\/h3>\n
Obtaining PWM<\/h3>\n
yum install wget unzip -y\r\nwget http:\/\/www.pwm-project.org\/artifacts\/pwm\/pwm-1.8.0-SNAPSHOT-2016-05-23T22%3A36%3A58Z-pwm-bundle.zip\r\nunzip pwm*.zip<\/code><\/pre>\n
Installing puppet and puppet modules<\/h3>\n
rpm -ivh http:\/\/yum.puppetlabs.com\/puppetlabs-release-pc1-el-7.noarch.rpm\r\nyum install puppet -y\r\nsource \/etc\/profile\r\npuppet module install puppetlabs-mysql\r\npuppet module install puppetlabs-java\r\npuppet module install puppetlabs-git\r\npuppet module install puppetlabs-concat\r\npuppet module install puppetlabs-tomcat --ignore-dependencies\r\n<\/code><\/pre>\n
--ignore-dependencies<\/code> because there is a conflicting staging module that the
mysql<\/code> module already installed.<\/p>\n
vim manifest.pp<\/code><\/pre>\n
include git\r\ninclude java\r\n\r\ntomcat::install { '\/opt\/tomcat8':\r\n source_url => 'https:\/\/www.apache.org\/dist\/tomcat\/tomcat-8\/v8.5.3\/bin\/apache-tomcat-8.5.3.tar.gz'\r\n}\r\n\r\ntomcat::instance { 'tomcat8-pwm':\r\n catalina_home => '\/opt\/tomcat8',\r\n catalina_base => '\/opt\/tomcat8\/pwm',\r\n}\r\n\r\ntomcat::war { 'pwm.war':\r\n catalina_base => '\/opt\/tomcat8\/pwm',\r\n war_source => '\/path\/to\/pwm.war', # or http:\/\/domain.tld\/pwm.war\r\n}\r\n\r\naugeas {'web.xml':\r\n\tincl => '\/opt\/tomcat8\/pwm\/webapps\/pwm\/WEB-INF\/web.xml',\r\n\tcontext => '\/files\/opt\/tomcat8\/pwm\/webapps\/pwm\/WEB-INF\/web.xml\/web-app',\r\n\tlens => 'Xml.lns',\r\n\tchanges => 'set context-param[1]\/param-value\/#text \/opt\/tomcat8\/pwm\/webapps\/pwm\/WEB-INF',\r\n}\r\n<\/code><\/pre>\n