Archive for December, 2009

Intranet Solution for Mac OS X Server?

For several months I've been searching for a complete solution that can offer access control, authentication, integrated search indexing of all content and content management itself for a company intranet that can dispense the following to our internal users:

  • Training videos, shared contacts, job aid resources and content management
  • A PHP based web front end to access our databases of clients, cases, task management, etc.

We're running Leopard Server, Kerberos, LDAP and all that other fun stuff. But we also are a mixed platform environment with remote branch offices running isolated windows domain workgroups, accessing our intranet from across a VPN. (not my doing)

The problem that I'm having is that I cannot find any one great solution, application or API that can integrate our intranet with our LDAP on Leopard Server for authentication on a remote intranet proxy. I don't just want to rely on creating a secured realm, I want something smarter. I also want this solution to be as simple as possible from the end user's perspective and do things like allow local unauthenticated (or kerberos) access from workstations on our LAN or workstations on our site to site VPN, that traffic is trusted and should be able to totally bypass authentication or at least allow authentication to happen in the background.

 Maybe I'm asking for too much in search of a solution but I don't want to make our users re-signon when they want to switch from our database front end to view training materials, or to access webmail, or view the collaboration wiki content. I also don't want users to have to rely on 5 different methods of searching our intranet to find what they're looking for as well.

I figure that for what I want to do, I will have to:

  1. Come up with a custom spotlight search API for Apache, that will not only singularly index web content, but integrate database content as well.
  2. Figure out how to modify apache to openly serve the site to trusted internal IP addresses or use WebDAV with kerberos single sign-on.
  3. Come up with a public web proxy where remote users can authenticate with their LDAP credentials and then access the intranet from remote locations.

So if anybody has a suggestion to accomplish any of this on Leopard Server, or knows of a great resource on how to do any of the following, like: modify the spotlight search plugin for apache, integrate LDAP authentication within a web page, modify apache to only allow certain IP addresses to access a site, use one authentication session ID to access other secured sites, view PDF, word, excel files on a shared volume through a web front end or how to create a remote sign-on proxy. If you have any thoughts on this or know something that would help, let me know.

 

Read more

Using MySQL with PHP on Server 10.6

If you are getting an error "Can't assign requested address" you may have a problem with the mysql port.  I had just moved my server to a MacMini running Mac OS X 10.6 and mysql_connect was giving this error.  Going into the /etc/php.ini file and setting the default port number to 3306 fixed the problem. 

mysql.default_port = 3306

The php.ini file suggests that PHP will select the port by using the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services, but in this case it is not so.  /etc/services on my machine has 3306 listed, but it didn't get picked up.

Read more