My Apple tablet prediction.

I know nobody cares, but I figured I’d hop on the hypewagon and write down my guess for the Apple tablet. I think a “big iPod Touch” would be pretty boring, and not worth making. My guess (based on nothing): the unit will be controlled by eye tracking, and it’ll be able to zoom in on whatever you’re looking at.

That is all.

Victory! Change Active Directory Password via LDAP through browser

I had to give up on PHP and go to Perl, but it turned out not to be so bad. Users can now change their Active Directory passwords via a self-service web page that doesn’t require admin credentials. The Perl code is below.  Authentication to the script is done via .htaccess LDAP authentication, so the REMOTE_USER env variable is assumed to contain the user’s username (sAMAccountName) by the time this script is called.  There is a simple check for $ENV{HTTPS} to ensure the script is called via SSL, and AD requires password changes to be done via ldaps, so the whole thing should be encrypted end to end.

(Edited 5/14/2010 to replace the inlined Perl script with a link to the script as a text file.)

LDAP-Active Directory authentication, Part 3

So I got everything working with .htaccess and AD/LDAP authentication. Just add LDAPVerifyServerCert Off to the httpd config to let Apache authenticate against an AD server with a self-signed certificate (without dealing with the annoyance of putting the cert on each Apache server).

With that piece of the puzzle largely solved, I moved on to another: how will users change their passwords (which are all stored in Active Directory)? For users running Windows this is pretty trivial — they can do it right in Windows when they’re logged into the domain. But what about Linux users? I figured the easiest thing to do would be to make a web form to do this. The user would login (with the http/LDAP auth I previously setup) and the form would ask for their password (twice) and update it in Active Directory. Sounds pretty simple to me. I think if this were OpenLDAP it probably would be, but being AD, it’s not.

Continue reading “LDAP-Active Directory authentication, Part 3”

FiOS Ping Test

Ran a ping test at today. Overall I can’t find fault with the FiOS service so far. Port 80 and 443 are open and I have them forwarded to my Linux box so I can actually run a webserver in my basement. I’m debating moving this domain over to my own linux box, since it’s super low traffic, but I probably won’t.

Continue reading “FiOS Ping Test”