Posts Tagged apache

LDAP-Active Directory authentication, Part 3

Posted by evan in Uncategorized on January 8th, 2010

So I got everything working with .htaccess and AD/LDAP authentication. Just add LDAPVerifyServerCert Off to the httpd config to let Apache authenticate against an AD server with a self-signed certificate (without dealing with the annoyance of putting the cert on each Apache server).

With that piece of the puzzle largely solved, I moved on to another: how will users change their passwords (which are all stored in Active Directory)? For users running Windows this is pretty trivial — they can do it right in Windows when they’re logged into the domain. But what about Linux users? I figured the easiest thing to do would be to make a web form to do this. The user would login (with the http/LDAP auth I previously setup) and the form would ask for their password (twice) and update it in Active Directory. Sounds pretty simple to me. I think if this were OpenLDAP it probably would be, but being AD, it’s not.

Read the rest of this entry »

, , , , , , ,

1 Comment

Monitoring SSL certificate expiration with ssl-cert-check

Posted by evan in Uncategorized on August 31st, 2009

I was about to write a script using OpenSSL to monitor the SSL certificate expiration dates for a few servers when it dawned on me that someone had probably done this already.

The ssl-cert-check shell script takes a list of hosts/ports and prints out the expiration date (and how many days away that date is). It can also be configured to email a message for any certificates expiring in less than N days for easy cronibility (?). Seems lovely!

, ,

No Comments