Posted by on | Featured
Components of Lider Ahenk.Database Server (MariaDB)
LDAP (slapd)
XMPP (Ejabberd)
File Server
APACHE KARAF (Lider)The packages required for the installation of Lider Ahenk are available in the “repo.liderahenk.org” repository. To define the repository on your system, in the terminal (console);
sudo wget http://repo.liderahenk.org/liderahenk-archive-keyring.asc 
sudo apt-key add liderahenk-archive-keyring.asc 
rm liderahenk-archive-keyring.asc
With these commands, the “liderahenk-archive-keyring.asc” key file should be downloaded and installed on the system. Then;
sudo add-apt-repository 'deb [arch=amd64] http://repo.liderahenk.org stable main'
This command adds the repository address to the “/etc/apt/sources.list” file. You can also add the following line manually using a terminal text editor (vi, nano, pico);
deb [arch=amd64] http://repo.liderahenk.org stable main
You can manually define this line in the “/etc/apt/sources.list” file. Then;
sudo apt update
This command fetches the updated package list and the installations should begin.

Database Server InstallationMariaDB is used as the database. Databases are storage areas for related information. Lider Server is the database. It is installed once.

sudo apt install mariadb-server -y

During the installation process, the root password for mariadb-server appears on the screen.In this example, the root password is set as SIFRE.

The same password is entered again and the installation proceeds by pressing enter. Once the installation is successfully completed, it means that the mariadb-server installation is finished.

mysql -uroot -pSIFRE -e "CREATE DATABASE liderdb DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_general_ci"
Note: If the MariaDB server is on a different machine than the Lider server, edit the configuration file `/etc/mysql/my.cnf` and comment out the `bind-address` line to allow external access:
bind-address = 127.0.0.1
Or you can replace it with the IP address of the Lider server. To allow the Lider server to access the database, you must grant privileges:
mysql -uroot -pSIFRE
use liderdb;
select password('SIFRE');
grant all privileges on * to root@'%' identified by 'hexadecimal_characters';
exit
sudo systemctl restart mysql.service
To verify that the database is working correctly:
mysql -uroot -pSIFRE
show databases;
If you see `liderdb` in the list, the database has been created successfully.

LDAP ServerIn this example, OpenLDAP will be used as the LDAP component. Lider Ahenk requires LDAP for user and machine management. User and machine information is stored in LDAP, and policy management is done by connecting to this LDAP from the Lider-Console (LiderAhenk interface application). It is installed once.

sudo apt install slapd ldap-utils
After running the command, the package manager will list any prerequisites and wait for confirmation.
Press Enter to continue.
If unverified packages appear, type `E` and press Enter to confirm installation.During installation, you will be prompted to set an admin password. In this example, the password is set as `SIFRE`.Re-enter `SIFRE` when asked and press Enter to continue.
Once the slapd service is started, the basic OpenLDAP setup is complete.
Now let’s configure OpenLDAP to create the LDAP directory and admin user:
sudo dpkg-reconfigure slapd

Select **No** to omit old configurations.Enter your domain name (e.g., `liderahenk.org`). It will generate a base DN like `dc=liderahenk,dc=org`.

Enter your organization name (e.g., `LiderAhenk`).

Re-enter the admin password `SIFRE`.

Select **HDB** as the database type.

Choose **Yes** to remove the database when slapd is purged.

Answer **No** when asked about moving the old database.

LDAP directory details for this example:
• LDAP domain: `liderahenk.org`
• LDAP base DN: `dc=liderahenk,dc=org`
• Admin DN: `cn=admin,dc=liderahenk,dc=org`
• Admin password: `SIFRE`
We’ll test the connection using Apache Directory Studio.
Download from: https://directory.apache.org/studio/download/download-linux.html
Open the program and create a new connection from the “Connections” panel.
Enter the following:
• Connection name (optional)
• Hostname (e.g., localhost)
• Port (default LDAP port)
Click “Check network parameters” to test the connection.

Enter the admin DN and password (e.g., `SIFRE`) to test authentication.Then set the Base DN (`dc=liderahenk,dc=org`) to finalize the connection.

Set up a configuration password for LDAP using:
sudo su  
slappasswd

Enter and confirm your new password. Copy the generated SSHA line.Paste it into:

sudo pico /etc/ldap/slapd.d/cn=config/olcDatabase={0}config.ldif

Below the `olcRootDN:` line, add:

olcRootPW: {SSHA}your_generated_hash

Then restart the LDAP server:

systemctl stop slapd.service  
systemctl start slapd.service
Now let’s load the LiderAhenk LDAP schema:
sudo wget https://raw.githubusercontent.com/Pardus-LiderAhenk/lider-ahenk-installer/master/lider-installer/conf/liderahenk.ldif  
sudo cp liderahenk.ldif /tmp

Load the schema into LDAP:

ldapadd -x -f /tmp/liderahenk.ldif -D "cn=admin,cn=config" -w SIFRE

You can also import this file using an LDAP GUI.

Restart the LDAP server:

sudo systemctl restart slapd.service

**Note:** If LDAP is not restarted, the Lider object classes may not appear.

Using Apache Directory Studio, create the following entries in LDAP:
• liderAhenkConfig node
• lider_console user
• Ahenkler and Users groupsRight-click on the base DN (e.g., dc=liderahenk,dc=org) and choose “New → New Entry”.Click **Next** to continue.For the `liderAhenkConfig` node, select the object class `pardusLiderAhenkConfig` and click **Add**. It will appear in the “Selected object classes” section. Click **Next** to proceed.Set **RDN** to `cn` and enter `liderAhenkConfig`.
Then set the `liderServiceAddress` attribute to the Lider server IP in the format:
http://x.x.x.x:8181

**Note:** This IP must be accessible by Ahenk clients and should **not** be `localhost` or `127.0.0.1`.

To create the `lider_console` user:
Right-click the base DN → New Entry → choose object classes:
• `pardusAccount`
• `pardusLider`
• `inetOrgPerson`
Then click **Add** to move them into “Selected object classes”.Set **RDN** as `cn` and enter `lider_console`.Set a password for this user and click **OK**.
To assign privileges:
With `lider_console` selected in LDAP, right-click → New Attribute → choose `liderPrivilege`.Set value:
[TASK:dc=liderahenk,dc=org:ALL:true]

Add another attribute the same way with value:

[REPORT:ALL]

These values grant full access (ALL) to the entire LDAP tree (dc=liderahenk,dc=org). `true` indicates the permission is active.

To create the `Ahenkler` group:
Right-click the base DN → New Entry → select object class `organizationalUnit` → click **Next**.Set RDN as `ou` and enter `Ahenkler`.After creation, right-click `Ahenkler` → New Attribute → set attribute type as `description` → enter value:
pardusDeviceGroup

Repeat this step for any other Ahenk-related groups.

To create the `Users` group:
Follow the same steps as above, but **you do not need** to add a `description` attribute for user groups.
At this point, your LDAP directory tree should be correctly structured and ready to use.
## XMPP Server ##XMPP (Ejabberd) stands for “Extensible Messaging and Presence Protocol”.
Download the package via terminal:
wget https://www.process-one.net/downloads/ejabberd/16.06/ejabberd_16.06-0_amd64.deb

This is the component through which all Ahenk clients connect. Lider Server and Ahenks communicate via this server. It is installed once.

Then run:

sudo dpkg -i ejabberd_16.06-0_amd64.deb

to install the downloaded package.

Download the configuration file:

wget https://raw.githubusercontent.com/Pardus-LiderAhenk/lider-ahenk-installer/master/lider-installer/conf/ejabberd.yml

Copy it to the configuration directory:

sudo cp ejabberd.yml /opt/ejabberd-16.06/conf/ejabberd.yml

> ⚠️ Note: This configuration is for version `ejabberd 16.06`. Ensure that your installed version and the YAML file match, as structure may vary between versions.

Open the YAML file with:

sudo pico /opt/ejabberd-16.06/conf/ejabberd.yml

Make the following changes:**1. Hosts:**

hosts:  
# - "localhost"  
- "im.liderahenk.org"

**2. LDAP Settings:**

ldap_servers:  
- "localhost"

ldap_rootdn: "cn=admin,dc=liderahenk,dc=org"  
ldap_password: "SIFRE"  
ldap_base: "dc=liderahenk,dc=org"

**3. Host Config:**

host_config:  
"im.liderahenk.org":  
  auth_method:  
    - internal  
    - ldap  
    - anonymous

> ⚠️ Warning: `ejabberd.yml` is very sensitive. Indentation errors or extra spaces can cause failure. Modify existing lines instead of inserting new ones when possible.

Restart the server:

cd /opt/ejabberd-16.06/bin  
sudo ./ejabberdctl start

Check its status:

sudo ./ejabberdctl status

Expected output:
“The node ejabberd@dataera.com.tr is started with status: started ejabberd 16.06 is running in that node”

Now, create required users.Navigate to bin directory:

cd /opt/ejabberd-16.06/bin

Create an admin user:

./ejabberdctl register admin im.liderahenk.org SIFRE

Output:
“User admin@im.liderahenk.org successfully registered”

Create a user for Karaf:

./ejabberdctl register lider_sunucu im.liderahenk.org SIFRE  
./ejabberdctl restart

⚠️ Save these credentials; they’ll be used in Karaf config later.

To test Ejabberd in live mode:

./ejabberdctl stop  
./ejabberdctl live

If Ejabberd stays running without errors, the setup is successful.

Press `CTRL+C` to exit and restart it normally:

./ejabberdctl start
## File Server ##This server is used to store plugin files and transfer large files (e.g., over SSH) that cannot be sent via messaging.
It can be any machine accessible via SSH — ideally, the Lider Server itself.Install required packages:
sudo apt install sshpass rsync -y
## Lider Server ##The Lider Server is the core component of the LiderAhenk system.
All Ahenk agents are managed from here via XMPP.
It also communicates with the Lider-Console (GUI) via REST APIs. Installed only once.First, define the `JAVA_HOME` environment variable:Check existing Java:
update-alternatives --config java

If Java is not installed:

sudo apt install openjdk-8-jre

Then add the following lines to the bottom of your `~/.bashrc` file:

export JAVA_HOME="/usr/lib/jvm/{your_sdk_home}"
PATH="$PATH:/usr/lib/jvm/{your_sdk_home}/bin"

Apply the new environment variables:

source ~/.bashrc

Test:

echo $JAVA_HOME

Download and extract the Lider distribution:

sudo wget https://github.com/Pardus-LiderAhenk/lider/releases/download/v1.1/lider-distro-all_1.1.tar.gz  
sudo cp lider-distro-all_1.1.tar.gz /opt && cd /opt  
sudo tar -xvf lider-distro-all_1.1.tar.gz

Navigate to the `bin` directory and start Karaf:

cd /opt/lider-distro-1.1/bin  
sudo ./karaf

Once inside the Karaf console, wait for modules to load. Type:

list

to check module status. If any module is in “failure” state, verify your setup.

To set Karaf as a system service, run the following in the Karaf console:

feature:install wrapper  
wrapper:install -s AUTO_START -n KARAF -d Karaf -D "Karaf Service"

Exit Karaf:

logout

Register the service with the system:

sudo ln -s /opt/lider-distro-1.1/bin/KARAF-service /etc/init.d/  
sudo update-rc.d KARAF-service defaults

Edit the main Lider config file:

sudo pico /opt/lider-distro-1.1/etc/tr.org.liderahenk.cfg

Set LDAP settings:

ldap.server = localhost  
ldap.port = 389  
ldap.username = cn=admin,dc=liderahenk,dc=org  
ldap.password = SIFRE  
ldap.root.dn = dc=liderahenk,dc=org

Set XMPP settings:

xmpp.host = localhost  
xmpp.port = 5222  
xmpp.username = lider_sunucu  
xmpp.password = SIFRE  
xmpp.resource = Smack  
xmpp.service.name = im.liderahenk.org

Set LDAP Ahenk base DN:

agent.ldap.base.dn = ou=Ahenkler,dc=liderahenk,dc=org

Set file server paths:

file.server.protocol = ssh  
file.server.host = localhost  
file.server.port = 22  
file.server.username = lider  
file.server.password = PP123456  
file.server.plugin.path = /home/username/plugins/ahenk-{0}_{1}_amd64.deb  
file.server.agreement.path = /home/username/sample-agreement.txt  
file.server.agent.file.path = /home/username/agent-files/{0}/

Create necessary directories:

mkdir /home/username/plugins  
touch /home/username/sample-agreement.txt  
mkdir -p /home/username/agent-files/{0}

Edit the database configuration file:

sudo pico /opt/lider-distro-1.1/etc/tr.org.liderahenk.datasource.cfg

Set DB info:

db.server = localhost:3306  
db.database = liderdb  
db.username = root  
db.password = SIFRE

Start the Lider server by running:

systemctl start KARAF-service.service

This completes the Lider server installation.

To verify that the Karaf service is running, you can use:

systemctl status KARAF-service.service

Or alternatively:

ps -ef | grep karaf

If the service is not active, start it manually:

/etc/init.d/KARAF-service start

To connect to the Karaf console as a service:

ssh -p 8101 karaf@dataera.com.tr

When prompted, enter the password:

karaf

Inside the console, you can monitor logs with:

log:tail

To check which services/modules are running:

list
Comments are closed.