This was a school assignment
This will be a continuation of the last report so this will look at LDAP (Lightweight Directory Access Protocol) software that will be compatible with DokuWiki. DokuWiki is not an enormously popular wiki but it does indeed have support for LDAP authentication. [1] It requires the LDAP Authentication plugin to be installed into the application. The webpage [1] has examples of many different types of LDAP servers that it can communicate with including OpenLDAP, Active Directory, TinyLDAP and Apache Directory amongst others.
As this is a Linux project Active Directory while arguably the most feature rich will not be chosen as being a Microsoft product will require more dependencies such as a Windows Server virtual machine and more complicated licensing issues. So, the focus will be on LDAP servers that can be installed for free on Ubuntu that support SSL/TLS security.
The reason OpenLDAP was chosen for this assignment was because it appeared that there was a lot more documentation available for it compared to the other options besides Active Directory which was not chosen for above reasons. OpenLDAP uses “The OpenLDAP public License” which can be found here [2].
Part 1: Installing OpenLDAP and filling with data.
This website was mostly followed. [3] On VM2 or whichever one has the Dokuwiki Webserver running.
sudo apt install slapd ldap-utils
sudo apt-get install php-ldap
sudo a2enmod authnz_ldap
sudo systemctl restart apache2
These commands firstly download the LDAP Server and secondly a PHP library that allows LDAP to interface with Dokuwiki/Php then restarts the apache2 application.
sudo apt dpkg-reconfigure slapd
- Choose No
- Create a domain name: example.com
- Organisation: example
- Enter a password: ‘yourpassword’
- Choose MDB
- Choose No
- Choose Yes
create a file add_entries.ldif
nano add_entried.ldif
Use the content of the one demonstrated on this website which is what this solution used [3].
In this file add the data from the Ubuntu website or edit your own from workshop 2.
Now access the Dokuwiki website if unchanged from last time will be on 127.0.0.1:8080.
Login at the top right use the account created from the last report Go to Admin Panel extension manager Enable LDAP Auth Plugin Click Admin again this time go to Configuration Manager
Under the Authentication Section change authtype to ‘authldap’ Go to the Authldap section

If you are using the LDAP example from the website the settings in the figure above will work otherwise configure them to do this the hostname and port should be the same on either configuration. After filling the form out click save. The main issues here to take away is that the third and fourth option need to be able to find the OU that contain the users and groups.
This will now lock you out of your admin account as it doesn’t now allow local accounts but only LDAP accounts. You will now be able to log on using one of your LDAP accounts.
There are still a few settings that need to be configured these can be done from. /var/www/dokuwiki/dokuwiki-2018-04-22b/conf There are still a few settings that need to be configured these can be done from.
/var/www/dokuwiki/dokuwiki-2018-04-22b/conf
This website here [4] shows different possible configurations for making LDAP work with DokuWiki. This is the working configuration in Figure 2. All the above configurations from Figure 1 can also be done here or changed if needed.
Figure
This website here [4] shows different possible configurations for making LDAP work with DokuWiki. This is the working configuration in Figure 2. All the above configurations from Figure 1 can also be done here or changed if needed.
Figure

To fix the admin account problem [5] in the $conf[‘superuser’] = ‘’; you can enter an LDAP user of your choice or a superuser group by using the @symbol separated by commas.
Part 2: Configuring SSL/TLS LDAP
sudo apt-get install tcpdump tcpdump -w file_name.pcap -i {interface-name}
By using this command it will record all traffic on the specified adapter interface and save it to a file I chose the loopback address as the traffic was moving on the same VM. I logged in and out a few times on the wiki and then turned it off. Searching for the password gave us 16 matches.

This is not to concerning because if the website was in actual use the loopback address would not be tcpdumped from the outside unless someone broke into the system at which point, they would have access anyway.

With the client accessing over the network we can see that it contains loads of unencrypted traffic including the password token which is not good as anyone on the network could snoop this connection.
This website [6] was used to understand how to add HTTPS to a website. This is necessary to encrypt the above information in figures 3 and 4 to make it more difficult for attackers to steal login credentials. All the default options were followed from [6] besides the Firewall section which was left out as it was not necessary.

Final Configuration settings shown below.




In Figure 9 It is shown that unlike the previous tcpdumps now that the website in running HTTPS there are 0 results for the user account or the password at the least protecting an attacker from readily reading the traffic.
References
[1] “LDAP Authentication Plugin,” [Online]. Available: https://www.dokuwiki.org/plugin:authldap. [Accessed 12 6 2019].
[2] “Public License for 2.4.47,” [Online]. Available: https://www.openldap.org/software/release/license.html. [Accessed 17 6 2019].
[3] “OpenLDAP Server,” Ubuntu, [Online]. Available: https://help.ubuntu.com/lts/serverguide/openldap-server.html.en. [Accessed 16 6 2019].
[4] “Open:Ldap,” [Online]. Available: https://www.dokuwiki.org/auth:ldap_openldap. [Accessed 15 6 2019].
[5] “SuperUser,” [Online]. Available: https://www.dokuwiki.org/config:superuser. [Accessed 15 6 2019].
[6] “How To Create a Self-Signed SSL Certificate for Apache in Ubuntu 16.04,” [Online]. Available: https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificatefor-apache-in-ubuntu-16-04. [Accessed 17 6 2019].
[7] “Setting up OpenLDAP Server in Ubuntu 18.04 LTS,” [Online]. Available: https://www.youtube.com/watch?v=2r1VVJzY2Rw. [Accessed 13 6 2019].