Monday, April 13, 2015

adventures in h5ai with php

     
 i am running an ubuntu 8.04 server and i want it to have pretty directory entries and restrict access. i do.  
 h5ai is the new hotness when it comes to this.  
   
 first off, you need php5.3. i am running an ubuntu 8.04 lts server. don't ask why, but it has to do something with userlan nfs.  
 php 5.3 and hardy are not friends. they will never be friends and don't do dotdeb because aptitude and apt-get will break things. don't do it?  
   
 so, you'll get all some crap errors. but don't give up just because you're lame and you're running php5.2!  
   
 first:  
 Parse error: syntax error, unexpected T_FUNCTION, expecting ')' in /your/dir/_h5ai/server/php/inc/util.php on line 147  
   
 hash out line 147  
 register_shutdown_function(function () { time_log('ex'); });  
   
   
 second:  
 Warning: file_put_contents(/your/dir/_h5ai/cache/cmds.json) [function.file-put-contents]: failed to open stream: Permission denied in /your/dir/_h5ai/server/php/inc/util.php on line 80  
   
 hash out line 80  
 return file_put_contents($path, $json) !== false;  
   
 do that and all will be well. really.  
   
 third:  
 in your site file, plop this in for your multi-domain security groups:  
   
     Options Indexes FollowSymLinks MultiViews  
         IndexOptions +FancyIndexing +HTMLTable +NameWidth=*  
         AllowOverride None  
         Order deny,allow  
         deny from all  
   
     AuthBasicProvider ldap  
     AuthzLDAPAuthoritative on  
   
      # binding information  
     AuthLDAPBindDN "CN=bindaccount,OU=here,DC=not,DC=there,DC=com"  
     AuthLDAPBindPassword "notcreatedhere"  
     AuthType Basic  
     AuthName "the party is over"  
     AuthLDAPUrl "ldap://global.ad.controller.address:3268/DC=there,DC=com?sAMAccountName?sub?(objectCategory=*)"  
     AuthLDAPGroupAttribute memberOf  
     AuthLDAPGroupAttributeIsDN off  
   
     # authorized groups  
     Require ldap-attribute memberOf="cn=a-special-group,OU=here,DC=not,DC=there,DC=com"  
     Require ldap-attribute memberOf="cn=another-special-group,OU=nothere,DC=not,DC=there,DC=com"  
     Satisfy any  
   
Post a Comment