Author: Lisa

February 17, 2016

Kerberos Authentication and LDAP Authorization In Apache

I’ve been authenticating users of Apache web sites against Active Directory using Kerberos for some time now. Installed krb5-workstation and mod_auth_kerb, configured /etc/krb5.conf for my specific domain, and added some config to the Directory section of the Apache config. Great if you just require valid-user (or require valid-user and then turn around and do some authorization within your web code using something like php_auth_user). Not so great, though, for restricting access to the site outside of web code. And I really didn’t want to code in an authorization function when my web server should be able to do that for me.

I FINALLY got kerberos authentication working in Apache with an LDAP authorization component. Turns out the mod_auth_kerb version 5.1 that was available from the Yum repository is terribly buggy – like not usable in this instance buggy. KrbLocalUserMapping did not consistently remove the realm component. I’d hit a site and it would know who I am, click a link and come across as me@REALM.TLD and get access denied errors, click refresh and get in because it knew I was me again. Or not. More than 50% failure rate.I built the 5.4 version from http://modauthkerb.sourceforge.net/ and haven’t had a problem since.

I’m authenticating to Active Directory using the Kerberos module then authorizing against a group housed in an external LDAP directory. You can totally point your LDAP config toward Active Directory & use AD groups instead:

AuthType Kerberos
AuthName “Kerberos AD Test”
KrbAuthoritative off
KrbMethodNegotiate on
KrbMethodK5Passwd on
KrbServiceName HTTP/this.isyour.url.tld@EXAMPLE.COM
KrbAuthRealms EXAMPLE.COM
KrbLocalUserMapping On
Krb5Keytab /path/to/keytabs/keytab.file

AuthBasicAuthoritative On
AuthBasicProvider ldap
AuthLDAPURL “ldaps://ldap.example.com/o=BaseDN?uid?sub?(&(cn=*))”
AuthLDAPBindDN “YOUR SERVICE ACCOUNT HERE”
AuthLDAPBindPassword “YOUR BIND PWD HERE”

AuthLDAPGroupAttribute uniqueMember
AuthLDAPGroupAttributeIsDN on
require ldap-group cn=Website Test,ou=groups,o=BaseDN

WooHoo! I hit the site from my domain-member computer, it knows I am LisaR. It then turns around and finds an LDAP user matching uid=LisaR and grabs the user’s fully qualified DN (because AuthLDAPGroupAttributesIsDN is ‘on’ here … if you are using just uids in your member list, that would be off). It then verifies that the fully qualified DN is a member of the Website Test group.

Now I’m trying to figure out how to let the user log in without supplying a realm (not everyone’s in the domain … and they need to be able to log in too. Works fine right now, provided they input their username as uid@REALM.TLD).

February 16, 2016

Another Quilt

I have found another quilt that I absolutely love — the Blooming Butterflies quilt from Shabby Fabrics:

I love the swirly quilting that they’ve done too. I *really* need to learn to applique – I would love to make this quilt and the shooting stars quilt for Anya.

February 16, 2016

Primary Elections In Ohio

This is mostly a note for myself, but if anyone else in Ohio is currently an unaffiliated voter who wants to cast a primary ballot for a party, you can switch party affiliation at your polling location by asking for the party ballot. Since you did not cast a ballot for that party in the previous primary (I’ve used the non-party issues ballot for the past few years. In Arkansas, you did not have to be party-affiliated to use a party’s primary ballot), you may be challenged by the poll worker. If that is the case, tell them you wish to switch parties and would like to complete the appropriate form.

Per Ohio Revised Code 3513.20, this is the proper process *provided that you “support the principals of the political party whose ballot” you vote*. Political party principals are *really* generic (and don’t specify the specifics to reach those goals) – not a lot of people who want more crime, think primary education is a bunch of nonsense, wish there was more unemployment, and so on. Really, even long time party members disagree about how to reach a goal and how well an individual candidate reflects the principals of their party … so not liking a specific policy implementation does not negate my support for the PRINCIPALS of the party.

February 15, 2016

Buzzard Cam — Almost There!!

We got our BloomSky!!! There has been a lot of snow, and it is very cold. We shoveled our driveway on Sunday hoping there’d be some melting today & delivery vehicles would be able to get up our hill. Then we got another two or three inches of snow overnight. Scott and Anya did some shoveling and put a large plastic box at the bottom of the driveway … and they actually delivered packages to the large plastic box. WooHoo!

The Buzzard Cam is almost ready! Right now it’s inside — so it looks like you could take a tropical holiday in Hinckley because it’s 65 degrees on our window 🙂 But we’ve got the network set up, the device registered, and can upload data. We’ll get the device mounted up outside on Friday or Saturday when it’s not so cold and snowy.

February 12, 2016

Pinwheel Dress – Part 1

I’ve started piecing together Anya’s Pinwheel Dress — all of the pieces are cut out, and the strips for the bias tape are sewn together. I’ve got one of the bias strips folded and pressed too — so I was able to affix it to the bottom of the dress layer. Right now, the flounce at the bottom and the bias tape are pinned on so I could visualize the dress. I wanted a really simple white dress with a dark colored bias binding. The binding is a marbled maroon fabric, although that detail is completely lost in the photos. I don’t know that the marbling comes across well in person either – we’ll see.

This is the hemline – both the dress and tunic have a similar hemline. When worn together, they create a two layer flounce.

Here’s a view of the trim with a little better lighting – it’s a maroon fabric with a marbled design on it.

February 11, 2016

Anya’s Cascading Dress – Fabric Planning

I think I’ve found the fabric combination I want to use for Anya’s Cascading Flounce dress. The bodice and outer circle will be black, and the underlying skirt will be a multi-color block pattern cut on the bias. The squares are about 1/2″, so there will be lots of color variations under a plain dress.

February 9, 2016

Buzzard Cam! (Coming soon to a web site near you!)

The buzzards that hang out in the Hinckley Reservation roost in the trees that line our driveway. Last year on Buzzard Day, right before the sunset, an enormous flock of buzzards took off from the trees and flew varying paths across the sky. I guess checking out the area before going to sleep for the night. It was incredible to watch.

There’s this weather station with a wide angle fish-eye lens camera — Bloomsky — that we will be installing next week … way before the buzzards should be arriving. Hopefully we’ll have the same area over-flight … but it’ll be available online for everyone to see!

February 8, 2016

New Dress Projects

I’ve got two more dress projects starting — one is in the “picking fabrics and such” stage, the other is almost ready to be sewn.

First the picking fabrics one — this is another pattern from the Simple Life Pattern Company (who published the pattern for the V-back dresses I just finished). There are two looks that I like for this dress – one is two contrasting solid color fabrics. The other uses two patterned fabrics. I’m leaning toward the two pattern look … thought it might be a little more “fun” that way.

The second is a pattern from Oliver & S that I purchased almost two years ago. And promptly discovered that my sewing skills needed quite a bit of improvement. I’ve now managed to do all of the skills in the dress … so hoping it’ll turn out nicely. I got a white linen fabric for the dress and a marbled maroon for the bias strips.

February 8, 2016

Aisha’s Dress – Finished!

I’ve finished Aisha’s dress — so we now have two completed summer dresses (just in time for the mid-February blizzards, evidently). Not much difference from before – it was pinned at the waist, and now it is stitched. I tried the top-stitching as written in the pattern (basically another line of stitching through both the skirt and the lining, maybe 1/4″ under the waist seam). I didn’t like it – it looked a little off, and it drastically impacted the drape of the fabric. I serged the hem on both dresses and like the finished look a lot better. Serging in a circle is *not* something I do well – but since the seam is sandwiched between the skirt and lining fabrics … not like anyone sees the occasional overhang on the wrapping threads.

I really like the rolled edge hem here – I found out that a nicer hem was produced on the lower end of the suggested thread tensions. Surprised me quite a bit – I thought the higher tension would make more of a roll.

And here’s the less V’d back detail – not a huge difference from Anya’s deep V, but a little bit of a different look. I really like all of the options this pattern provides. Mom purchased the add-on pattern to put sleeves on this dress too – not sure that I’d want to wear an open-backed dress in weather cold enough to warrant long sleeves … but the back is pretty easily modified to something with a zipper or buttons.

January 31, 2016

Aisha’s Dress – Part 2

I’ve got the rolled edge hem completed, and the sleeves are attached to the top:

I’ve also got the circle skirt hemmed (what a difference pressing the folds makes – my first circle skirt was OK … but the bottom hedge was certainly uneven. I now make the first fold, press, make the second fold, press, then stitch. The result is a nice even hemline).

To give my mom an idea of what her finished dress will look like, I pinned the top and bottom together. And we almost have two dresses!

Aisha’s back is not as deeply V’d as Anya’s – two different options from the dress pattern.