Microsoft Active Directory; The ghetto rigged LDAP server.
Android App: ActiveDiroid on Android Market
Download: PHP Gateway Application Script. After extracting the files to the webserver you want to run the application on, you may rename the server.php file to anything you want plus the .php extension. You will be typing in the full URL to the script in the Android client anyway.
It is highly recommended that you get the free version and setup the script. The free version allows you to unlock accounts and view all information as the full version. Allowing you to test your SSL setup as well. Just set the SSL to enabled after doing the steps below and if you can connect then you should be good.
There is no longer a free limited version. Only full version is available and it is free as well as source code which will be available on this page.
You must completely uninstall the limited free version to use the full version.
My first Android application. Available on the market soon for 10″ tablet devices. This app is not developed to work on a phone or smaller tablet. There is just too much information to show cleanly.
I built this app to manage Active Directory users on my tablet while at work and away from the management console.
Current Features: Browse all users, browse users per group, unlock account, force password change, disable/enable account, change account display name, change full name, last name, account description, change password**, change office desc, company desc, telephone number, email (not exchange addresses), title, and department, change user group memberships (add and remove users from groups), create user accounts, exchange information.
It is an Active Directory via LDAP issue pulling the account locked status. If an account has not been logged into for a very long time, the locked account switch will be set to True. You can ‘unlock’ the account and it will do no harm.
The client connects to a PHP enabled webserver inside your network, the PHP script runs with all the information you provide inside the application. I choose this way because it’s easier to manage security and to lock down a single entry point into the Active Directory then many administrators with devices connecting to it from anywhere.
The application works on your internal wireless network, or over a VPN connection to your workplace. As long as you can hit the webserver with the tablet, this app will work. This also allows you to lock things down with a firewall, and all that good stuff.
In a multi-user setup, a single webserver is used (new or existing) that can run PHP applications. This server is allowed to connect to the Active Directory servers either by allowing through firewalls or security permissions in some setups. The Android application will ask for a few things that you can setup on the script.
Android Application Config
ScriptURL; The complete url to the hosted the php file. HTTP and HTTPS are supported. HTTPS is recommended, self-signed or other certificates are supported.
ScriptKey; The script key is a shared password that all of the admins use to connect to the script. It is necessary.
Username; A username in active directory to bind with, and do admin functions.
Password; The password of the active directory account username above.
PHP Script Config
The top of the PHP file contains the configuration variables you will need to set. They are pretty self explanatory. The Script Key and Domain Controller connection information.
The LDAP PHP module must be enabled for the script to work. It is required.
The SSL flag must be enabled (set to true) to change a users password. This is an active directory requirement and the php script will establish an LDAPS connection to Active Directory.
To enable LDAPS your PHP configuration must have SSL support (openssl in Linux) and a working ldap.conf file so that PHP knows how to connect.
HOST mercury.archaicbinary.home PORT 636 TLS_CACERT /etc/httpd/conf/archaicbinary.cer TLS_REQCERT allow
HOST is your domain controller.
TLS_CACERT is the .cer file you export from the certificate services server in your AD domain. It must be in Base64 format. You can get this by visiting your certificate services website (http://ca-server/certsrv) and exporting the CA certificate by clicking on ‘Download a CA certificate, certificate chain, or CRL’ -> Encoding method: Base64 -> Download CA Certificate.
Installing and setting up Certificate Services is beyond this article. You can read up on Microsoft or other sites for this information.
If you do not enable SSL, or cannot. You can use all the functions of ActiveDiroid, except changing passwords and creating users, as you need to set a password to create a user.