How to install PWM on Centos 7 | Setup self password management

How to Setup self password management Solution in Active Directory for Free.

How to install PWM on Centos 7, How to Setup self password management in Active Directory for Free, how to change tomcat upload size, how to install php 7 on centos 7, how to install tomcat and configuration on centos, how to deploy large .war file on tomcat, 

The biggest problem for the Wintel Admin is to resetting password for the users. Here the pwm is the open source project from the github that helps for the admin to get things going. 

 PWM is the Self Password Management Solution for the Any type of LDAP Directory      

Follow every step carefully for setup.

Step 1 : Updating Centos 7. 

: sudo yum update -y 

Step 2 : Disable firewall. 

: sudo systemctl status firewalld

: If it returns Active then perform

: sudo systemctl stop firewalld

: sudo system disable firewalld

Step 3 : Disable SeLinux 

: setenforce 0

: nano /etc/selinux/config

Change the SELINUX=disabled and then reboot the system.

# This file controls the state of SELinux on the system.# SELINUX= can take one of these three values:# enforcing - SELinux security policy is enforced.# permissive - SELinux prints warnings instead of enforcing.# disabled - No SELinux policy is loaded.SELINUX=disabled# SELINUXTYPE= can take one of three values:# targeted - Targeted processes are protected,# minimum - Modification of targeted policy. Only selected processes are protected.# mls - Multi Level Security protection.SELINUXTYPE=targeted

and to confirmed use  getenforce the result should be Disabled

Step 4 : Getting Ready for PWM

First we need Apache Tomcat and php 

For the Apache : sudo yum install tomcat

just change the JAVA_OPTS value to the "-Djava.security.egd=file:/dev/./urandom -Djava.awt.headless=true
-Xmx512m -XX:MaxPermSize=256m -XX:+UseConcMarkSweepGC" in
: sudo nano /usr/share/tomcat/conf/tomcat.conf


Now we need to install Admin Packages for tomcat.
sudo yum install tomcat-webapps tomcat-admin-webapps

Now we need to create one manager for the tomcat. For that we need to do some changes in
sudo nano /usr/share/tomcat/conf/tomcat-users.xml

just add this lines into it. *change Username and Password.

<tomcat-users>
<role rolename="manager-gui"/><role rolename="admin-gui"/><role rolename="manager-script"/><user username="username" password="password" roles="manager-gui,admin-gui,manager-script"/></tomcat-users>

Now we need to install PHP in to the Centos.

To install PHP 7, you have to install and enable EPEL and Remi repository on your CentOS 7 system with the commands below.

yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm

Next, you need to install yum-utils, a collection of useful programs for managing yum repositories and packages. It has tools that basically extend yum’s default features.

yum install utils

One of the programs provided by yum-utils is yum-config-manager, which you can use to enable Remirepository as the default repository for installing different PHP versions as shown.

yum-config-manager --enable remi-php73

 Now install PHP 7 with all necessary modules with the command below.

yum install php php-mcrypt php-cli php-gd php-curl php-mysql php-ldap php-zip php-fileinfo


Now we need to change some parameter in order to deploy pwm from Manager portal. Change the tomcat threshold value from (/usr/share/tomcat/webapps/manager/WEB-INF/web.xml)

<multipart-config> <!-- 50MB max --> <max-file-size>1052428800</max-file-size> <max-request-size>1052428800</max-request-size> <file-size-threshold>0</file-size-threshold> </multipart-config>

Now Restart the Tomcat server.

Step 5 : Deploying PWM.war file.

Download the latest version of the pwm deployment from the official pwm github website.
Click me !  or (https://www.pwm-project.org/artifacts/pwm/)
just download latest build from it.

Now open the tomcat portal from the web browser, and login to the manager. then deploy the pwm.war file. use the following pictures as references.

Step 6 : In order to run pwm we need to create pwmdata directory,
:mkdir /pwmdata
 Now give pwmdata 777 permission.
chmod 777 pwmdata/
 Now tell pwm that this directory is the data directory, for that
nano /usr/share/tomcat/webapps/pwm/WEB-INF/web.xml
and change the <param-value> data.
<param-name>applicationPath</param-name> <param-value>/pwmdata</param-value>

Now Access the pwm from http://your_ip:8080/pwm .
It should give you the pwm configuration page.

*Now move to the next blog for the Configuration of PWM and Microsoft AD CS Services.