ACP Apache Authentication

This is for installing ACP with Apache authentication. If you want to install ACP with the default firebase authentication , use the instructions on the main install page here.

PHP

Php is used to pass the user name to ACP via an environment variable.

Install php 8.38 to c.\php
Download the latest PHP 8.3.8 binaries from the official site. Eg https://windows.php.net/downloads/releases/php-8.3.8-Win32-vs16-x64.zip . Then extract the downloaded zip folder to C:\php.

In c:\php Rename php-ini-development.ini to php.ini.
Add the php directory to the path

In the search box type environment and select edit the system environment variables
In system properties select Environment variables
Select system variables>Path and press Edit.
Select New and add C:\php then press OK. Then exit the system properties dialog.

In a command prompt enter php - if you get an error you will probably need to reboot. php should start and you will get a blinking cursor. Press Control + C to get out of the php loop.

Apache Authentication

Password file

(Create a file passwords without extension. Save this in C:\Apache24\password

(This file should be placed somewhere not accessible from the web so that it cannot be downloaded}.

To create the file, use the htpasswd utility that came with Apache. This will be located in Apache24 bin directory. In a command prompt:

(Substitute your desired username here>. c:\Apache24\bin>htpasswd -c c:\Apache24\passwords <yourusername>
{The -c flag creates a new file}

htpasswd will ask you for the password, and then ask you to type it again to confirm it:

New password: ************
Re-type new password: ************
Adding password for user yourusername

Add/Manage users

Add any other users and password pairs later. You can refer to this page

Apache windows sspi authentication

Add the Apache Windows sspi Authentication module

Download the module and unzip it to a folder.

https://www.apachehaus.net/modules/mod_authnz_sspi/mod_authnz_sspi-0.1.1a1-2.4.x-x64-vc15.zip

Note that this module is not from Apache. This most recent version is vc15 - this is an add on done by the community.

From the downloaded folder: Apache24\modules copy mod_authnz_sspi.so and save to the Apache modules directory.

C:\Apache24\modules\mod_authnz_sspi.so

Copy: Apache24\bin\sspipkgs.exe and save it in the Apache bin directory.

C:\Apache24\bin\sspipkgs.exe

Add/Manage users

Ensure each user has a windows account. (If not, add them as a local user from computer management and create a password for them). This will be the user name to sign into ACP and the windows password will be the password for ACP. So if they are a new user you will need to give then the windows credentials. There is no way for a user to set their own password unless they have access to the server's computer management.
An admin will need to add the users to the ACP projects they will be a member of.
An admin will need to change passwords.

Connect to a Microsoft on premises active directory with LDAP

LDAP Documentation:

https://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html https://coderanger.net/~coderanger/tracdoc/install/apacheauth.html#windows-active-directory

Uncomment these 2 lines in the httpd.conf file

LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule ldap_module modules/mod_ldap.so

Binding information: To connect to the active directory, we need the values for these 3 Apache configuration variables:
AuthLDAPBindDN
AuthLDAPBindPassword
AuthLDAPURL )

Add the authentication section to the httpd.conf file in the directory tags (Lumina will normally do this as part of the apache httpd.conf file setup).

#Auth section AuthType Basic AuthName "ldap authentication" AuthBasicProvider ldap AuthLDAPBindDN "<<Enclode the BindDN in quotes, with single quotes around filters with spaces.>>" AuthLDAPBindPassword AuthLDAPURL 'Single quotes around the entire LDAP URL and double quotes around any filters with spaces' LDAPReferrals Off Require valid-user RequestHeader set X-Remote-User %{REMOTE_USER}s #end auth_basic_module#