From e26a114c44c2008351dd9c5198d5795c4674265d Mon Sep 17 00:00:00 2001 From: Info-IIG Date: Wed, 15 Jun 2022 17:08:16 +0200 Subject: [PATCH] Added ldap password encryption --- README.md | 14 ++++++++++++-- webvirtcloud/.dec_ldap_pwd.sh | 18 ++++++++++++++++++ webvirtcloud/settings.py.template | 4 +++- 3 files changed, 33 insertions(+), 3 deletions(-) create mode 100755 webvirtcloud/.dec_ldap_pwd.sh diff --git a/README.md b/README.md index a829d15..f917721 100644 --- a/README.md +++ b/README.md @@ -397,11 +397,21 @@ sudo sed -i "s/LDAP_URL = ''/LDAP_URL = 'myldap.server.com'/g"" /srv/webvirtclou sudo sed -i "s/LDAP_ROOT_DN = ''/LDAP_ROOT_DN = 'dc=server,dc=com'/g"" /srv/webvirtcloud/webvirtcloud/settings.py ``` -Set the user that has browse access to LDAP and its password +Set the passphrase to decrypt the password +```bash +sudo sed -i "s/pass:MYPASSPHRASE/pass:MYTRUEPASSPHRASE/g" /srv/webvirtcloud/webvirtcloud/.dec_ldap_pwd.sh +``` + +Encrypt the password +```bash +echo MYPASSWORD | openssl enc -pbkdf2 -salt -pass pass:MYTRUEPASSPHRASE | base64 +``` + +Set the user that has browse access to LDAP and its password encrypted ```bash sudo sed -i "s/LDAP_MASTER_DN = ''/LDAP_MASTER_DN = 'cn=admin,ou=users,dc=kendar,dc=org'/g"" /srv/webvirtcloud/webvirtcloud/settings.py -sudo sed -i "s/LDAP_MASTER_PW = ''/LDAP_MASTER_PW = 'password'/g"" /srv/webvirtcloud/webvirtcloud/settings.py +sudo sed -i "s/LDAP_MASTER_PW_ENC = ''/LDAP_MASTER_PW_ENC = 'MYPASSWORDENCRYPTED'/g"" /srv/webvirtcloud/webvirtcloud/settings.py ``` Set the attribute that will be used to find the username, i usually use the cn diff --git a/webvirtcloud/.dec_ldap_pwd.sh b/webvirtcloud/.dec_ldap_pwd.sh new file mode 100755 index 0000000..2cda920 --- /dev/null +++ b/webvirtcloud/.dec_ldap_pwd.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +##### + +# + +# LDAP PASSWORD DECRYPTION SCRIPT + +# + +# + +##### + +ENC_PASSWD=$1 + +echo $(echo $ENC_PASSWD | base64 -d | openssl enc -pbkdf2 -salt -d -pass pass:MYPASSPHRASE ) + diff --git a/webvirtcloud/settings.py.template b/webvirtcloud/settings.py.template index b16bd5e..984f2a1 100644 --- a/webvirtcloud/settings.py.template +++ b/webvirtcloud/settings.py.template @@ -3,6 +3,7 @@ Django settings for webvirtcloud project. """ +import subprocess from pathlib import Path # Build paths inside the project like this: BASE_DIR / 'subdir'. @@ -263,7 +264,8 @@ LDAP_PORT = 389 USE_SSL = False ## The user with search rights on ldap. (e.g cn=admin,dc=kendar,dc=org) LDAP_MASTER_DN = '' -LDAP_MASTER_PW = '' +LDAP_MASTER_PW_ENC = '' +LDAP_MASTER_PW = subprocess.Popen(["bash", str(BASE_DIR) + "/webvirtcloud/.dec_ldap_pwd.sh", LDAP_MASTER_PW_ENC],stdout=subprocess.PIPE, text=True).stdout.read().strip('\n') ## The root dn (e.g. dc=kendar,dc=org) LDAP_ROOT_DN = '' ## Queries to identify the users, i use groupOfUniqueNames on openldap