Tuesday, January 24, 2012

Allow from IP without password prompt, and also allow from any address with password prompt

You should write in .htaccess as follows:

Order deny,allow
Deny from all
AuthName "htaccess password prompt"
AuthUserFile /Path-to-Your-Password-File/.htpasswd
AuthType Basic
Require valid-user
#Your Allowed IP Here:
Allow from XXX.XXX.XXX.XXX
Satisfy Any

Friday, January 20, 2012

Apache and Active Directory Authentication on Debian

Make sure your apache supports mod_authnz_ldap, then enable it:

a2enmod ldap
a2enmod authnz_ldap

and restart your Apache:

/etc/init.d/apache2 restart

For the first Step (finding the user) we already need access to the Active Directory. As AD won't allow anonymous acces, you need a username and a password just to do the search. This is not

your administration account! Create a new account with minimal rights.


So what is the username? Depends on your AD Layout. This should give you a pretty good hint

CN=YOUR-NAME,OU=IT Department,OU=Germany,DC=example,DC=com

here is your sample .htaccess:


# Using this to bind
AuthLDAPBindDN "CN=
YOUR-USER,OU=IT Department,DC=example,DC=com"
AuthLDAPBindPassword "
XXX"

# search user
AuthLDAPURL "ldap://
IP-DOMAIN-CONTROLLER/ou=Germany,dc=example,dc=com?sAMAccountName?sub?(objectClass=*)"
AuthType Basic
AuthName "USE YOUR WINDOWS ACCOUNT"
AuthBasicProvider ldap

# Important, otherwise "(9)Bad file descriptor: Could not open password file: (null)"
AuthUserFile /dev/null
require valid-user

you always need to specify at least one organizational unit (ou).

PS.: If your users are split into multiple OU's, your are limiting the logons to OU's from one OU. This is the case im my environment where users are split into different regions. You should use another port (3268).

AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative Off
AuthName "whateveryouwant"
AuthLDAPURL "ldap://IP-DOMAIN-CONTROLLER:3268/dc=example,dc=com?sAMAccountName?sub?(objectClass=*)"

# Using this to bind
AuthLDAPBindDN "YOUR-USER@example.com"
AuthLDAPBindPassword "XXX"
require valid-user

Friday, January 13, 2012

Fixing double-encoded UTF-8 data in MySQL

When the data has been double-encoded, you will still have funny looking characters in the database.
Here is how to fix it, in two simple steps, using the mysqldump and mysql commands:

Source Database:

mysqldump -h DB_HOST -u DB_USER -p DB_PASSWORD --opt --quote-names \
--skip-set-charset --default-character-set=latin1 DB_NAME > DB_NAME-dump.sql

Target Database: mysql -h DB_HOST -u DB_USER -p DB_PASSWORD \
--default-character-set=utf8 DB_NAME < DB_NAME-dump.sql