Posted: March 20th, 2011 | Author: jordan | Filed under: LDAP, Linux | Tags: apache, authentication, Directory, ldap, ldap-group, open ldap | 1 Comment »
OK peoples, this one frustrated me for a bit, but because I’m stubborn I figured it out.
I have a webservice that I want to protect by using LDAP authentication within Apache from our OpenLDAP server. However, you want to make sure that the user belongs to a specific LDAP group. If you’re like me your groups look something like this:
bart:~ jordan$ ldapsearch -h ldap.shop.lan -x -b "dc=shop,dc=lan" cn=fgstaff
# extended LDIF
# base with scope subtree
# filter: cn=fgstaff
# requesting: ALL
# fgstaff, Groups, shop.lan
# search result
result: 0 Success
# numResponses: 2
# numEntries: 1
So to make it work you need a few things inside of your Directory tag for the virtual host config file. First, here’s mine:
AuthName "FG Staff ONLY!"
require ldap-group cn=fgstaff,ou=Groups,dc=shop,dc=lan
The trick for me was putting in the require ldap-group plus the whole path including container, org unit, and the dc’s. Then AuthLDAPGroupAttributeIsDN. This is big because if it is on then apache will check if “memberUid=uid=jordan ou=People” is part of the fgstaff group and not just “jordan”
Once I set this, it all worked. I’m hoping this will help any others out there.
Posted: March 14th, 2011 | Author: jordan | Filed under: Mac OS X Server | Tags: leopard, mac os x server, Open Directory, snow leopard | No Comments »
Replicate boot drive to spare drive.
While this post title specifically says Mac Mini Server, this procedure will work with any Macintosh that has more than one hard drive.
- Open Disk Utility
One drive should be labelled “Server HD” and the other “Macintosh HD2” Remember which one is on top and which one is on bottom.
- Select the Hard Drive associated with Macintosh HD2, and then click Restore
- Drag Server HD in to the source and Macintosh HD2 into the destination
- Make it go
Build the spare drive into a RAID of one disk
- Open Disk Utility
- Select the Hard Drive associated with old “Macintosh HD2”, and then click RAID.
If you unsure as to which is which you can select the drive and note the mount point at the bottom of the window. Choose the one that DOES NOT have the mount point of “/”
- Set the following options
RAID Set Name: Server HD RAID
Format: Mac OS Extended (Case-Sensitive, Journaled)
RAID Type: Mirrored RAID Set
- Drag the spare Server HD from the list on the left into the box on the right.
- Select Options and enable “Automatically rebuild RAID mirror sets” Click OK then Enable
- Rename the newly built drive to Server RAID
- Go to System Preferences->Startup Disk and select the newly built RAID.
Integrate Other Drive into RAID
- Once the system is booted verify the RAID drive is the boot volume
To do this open Disk Utility again and select the Server RAID volume, make sure the mount point states “/”
- While in Disk Utility select the RAID device, which is located above “Server RAID” and click on the RAID tab
- Drag “Server HD” into the white box on the right to add it to the RAID
- Click Rebuild, it will take some time. Once done perform one more reboot and you’re finished!