Tim’s Weblog Tim's Weblog
Tim Strehle’s links and thoughts on Web apps, managing software development and Digital Asset Management, since 2002.

HTTP basic authentication using OS X Lion Server accounts

Mac OS X Lion Server has a nice built-in directory (LDAP) server – when you need to password protect a web page hosted there, you don't want to set up user accounts in old-fashioned "htpasswd" text files. It's much nicer to set up HTTP basic authentication against the users and groups you manage in the Server App.

With some help from the Trac documentation, it was quite easy to make this work. (Please note that I'm not an OS X Server expert, so I might have broken something or missed a better way. Try at your own risk.)

First I enabled mod_auth_basic.so in the Apache web server configuration file /etc/apache2/httpd.conf (seems to be required in addition to mod_auth_apple.so) – for some reason, this line is missing in the <IfDefine MACOSXSERVER> block so I added it there:

LoadModule auth_basic_module libexec/apache2/mod_auth_basic.so

Then I inserted this into /etc/apache2/sites/0000_any_80_.conf:

<Directory "/Library/Server/Web/Data/Sites/Default/secret">
    Order allow,deny
    Allow from all
    AuthName "Secret stuff"
    AuthType Basic
    AuthUserFile /dev/null
    AuthBasicAuthoritative Off
    Require valid-user
    # Instead of "valid-user", you could also limit access by group name:
    # Require group "dcxadmin"

After an Apache restart (sudo /usr/sbin/apachectl restart), everything worked as expected: I was able to access the password protected directory with a test user account created in Server App.

[Update 2013-02-14: Alvaro Miranda points out an even easier way – OSX Server https with password page.]

Tue, 30 Aug 2011 20:36:00 +0000

The facts

Seth Godin – The facts:

"Your position on just about everything, including, yes, your salary, your stock options, your credit card debt and your mortgage are almost certainly based on the story you tell yourself, not some universal fact from the universal fact database."

Fri, 26 Aug 2011 13:47:15 +0000

The Death—and Reinvention—of Management: Part 1

Steve Denning on "Radical Management" – The Death—and Reinvention—of Management: Part 1:

"The firm makes money, but this is the result of delighting the customer, not the goal.

[…] Nayar saw that the people doing the work were the ones who created value for the customers. Taken together they created the value zone within the organization. Without them, the firm was nothing but a shell, layers and layers of management and aggregators who had nothing to offer to the customers.

[…] The sneer of cold command can slice through the warm, convivial world of social norms like a knife and kill it on the spot."

(Via Forbes.com.)

Fri, 26 Aug 2011 21:25:17 +0000

What I learned from Steve Jobs

Aaron Levie, CEO of box.com – What I learned from Steve Jobs:

"We all have the ability to create excellence. And frankly, it's a lot more fun when we do. Crap is less fun, less inspiring, less motivating, and less rewarding. And if at any point you stop doing pursuing excellence, just ask yourself, 'what would Steve do?'"

Thu, 25 Aug 2011 15:19:10 +0000

Icon Ambulance

Vic Gundotra – Icon Ambulance:

"But in the end, when I think about leadership, passion and attention to detail, I think back to the call I received from Steve Jobs on a Sunday morning in January. It was a lesson I'll never forget. CEOs should care about details. Even shades of yellow. On a Sunday."

Thu, 25 Aug 2011 07:12:17 +0000

Autonomy marketing, meet HP

Enterprise Search Blog – Autonomy marketing, meet HP:

"But now, in the second decade of the not-so-new century, customers expect to use a GUI to configure, manage, and customize enterprise search; and just about all of IDOL is still 'command line based'. […] Sure, they've added dozens of new capabilities... API calls, and the like... but the platform is still a solid 1990s kind of experience. "Powered by vi" was funny in 1998; not so much now."

Mon, 22 Aug 2011 11:18:15 +0000

Twice as much doesn't always mean twice as much

Seth Godin – Twice as much doesn't always mean twice as much:

"The challenge, of course, is that twice as much of your time or money is irrelevant. Who cares where you started? The correct comparison is to what the competition is investing, and how well."

Sat, 20 Aug 2011 20:50:01 +0000

Ten Year Agile Retrospective: How We Can Improve In The Next Ten Years

Jeff Sutherland on Scrum/Agile – Ten Year Agile Retrospective: How We Can Improve In The Next Ten Years:

"Industry data shows that fixing bugs on the same day as they are discovered will double the velocity of a team.

[…] Traditional project management assumes that users know what they want before software is built. As a result, over 65% of features built are either rarely or never used by the customers. This problem was formalized as "Humphrey's Law", yet it is systematically ignored in university and industry training of managers and project leaders.

[…] Getting product backlog ready requires professional product managers that understand user needs and team capabilities with a passion for delivering excellence. Getting product backlog done in a sprint requires prioritizing work, continuously integrating work in progress, and intolerance of defects. Demanding technical excellence is the top priority for the next ten years."

(Via entwickler.com.)

Wed, 17 Aug 2011 11:46:01 +0000

Features have a cost (from JavaScript: The Good Parts)

Douglas Crockford in his book JavaScript: The Good Parts:

"Features have a specification cost, a design cost, and a development cost. There is a testing cost and a reliability cost. The more features there are, the more likely one will develop problems or will interact badly with another. In software systems, there is a storage cost, which was becoming negligible, but in mobile applications is becoming significant again. There are ascending performance costs because Moore's Law doesnt' apply to batteries. Features have a documentation cost. Every feature adds pages to the manual, increasing training costs."

Tue, 16 Aug 2011 12:03:51 +0000

What are you solving?

Jack Vinson – What are you solving?:

"Instead of pushing the tool/widget/change, figure out how it will make their problems go away. Be as specific as possible here, because it is the specific problems that people want to solve. Of course, you aren't done when you link your change to their problems. You need to show how your idea will resolve the problem."

Fri, 12 Aug 2011 07:18:33 +0000

Making Search Direct Accessible

Caridy Patino at the Yahoo! User Interface Blog – Making Search Direct Accessible:

"Search Direct also features a content panel, a.k.a. the rich panel, where suggestion-related content is displayed. The intention of the rich panel is to provide a direct answer to the user when a suggestion from the autocomplete list is selected."

Tue, 09 Aug 2011 07:16:00 +0000

Aloha Editor

Aloha Editor: "The world's most advanced browser HTML5 based WYSIWYG editor lets you experience a whole new way of editing. It's faster than existing technologies and offers unprecedented WYSIWYG functionalities."

(Via Henri Bergius.)

Fri, 05 Aug 2011 22:10:16 +0000

Will Adobe Provide The Edge For DAM?

Naresh Sarwan at Digital Asset Management News – Will Adobe Provide The Edge For DAM?:

"Following the release of Adobe Flex 3 in 2007, many DAM vendors made some investment into Flex/Flash, but many also quickly retreated from releasing their full product strategies for Flex due to the spiralling costs and complexities encountered when any atypical use scenario was required."

Fri, 05 Aug 2011 21:07:35 +0000

When the truth is just around the corner

Seth Godin – When the truth is just around the corner:

"When your organization has a chance to see itself as its customers do, do your leaders crowd around, trying to glean every insight they can about the story and your future, or do they prefer the status quo?"

Tue, 02 Aug 2011 10:08:04 +0000