ACP Apache Authentication
- This is for installing ACP with Apache authentication. If you want to install ACP with the default firebase authentication , use the instructions on the main install page here.
PHP
Php is used to pass the user name to ACP via an environment variable.
- Install php 8.38 to c.\php
- Download the latest PHP 8.3.8 binaries from the official site. Eg https://windows.php.net/downloads/releases/php-8.3.8-Win32-vs16-x64.zip . Then extract the downloaded zip folder to
C:\php
.
- In c:\php Rename
php-ini-development.ini
tophp.ini
. - Add the php directory to the path
- In the search box type
environment
and select edit the system environment variables - In system properties select Environment variables
- Select
system variables>Path
and pressEdit
. - Select
New
and addC:\php
then pressOK
. Then exit the system properties dialog.
- In a command prompt enter
php
- if you get an error you will probably need to reboot. php should start and you will get a blinking cursor. Press Control + C to get out of the php loop.
Apache Authentication
Password file
- (Create a file
passwords
without extension. Save this inC:\Apache24\password
(This file should be placed somewhere not accessible from the web so that it cannot be downloaded}.
- To create the file, use the htpasswd utility that came with Apache. This will be located in Apache24 bin directory. In a command prompt:
(Substitute your desired username here>.
c:\Apache24\bin>htpasswd -c c:\Apache24\passwords <yourusername>
{The -c flag creates a new file}
- htpasswd will ask you for the password, and then ask you to type it again to confirm it:
New password: ************
Re-type new password: ************
Adding password for user yourusername
Add/Manage users
Add any other users and password pairs later. You can refer to this page
Apache windows sspi authentication
The mod_authnz_sspi module is no longer available from Apachehaus. It has been replaced by the NTLM module. We have not configured this module on our servers and cannot provide further instructions at this time, but the folllowing may still work if you replace the mod_authnz_sspi with the mod_authn_ntml module .
Add the Apache Windows sspi Authentication module
- Download the module and unzip it to a folder.
https://www.apachehaus.net/modules/mod_authnz_sspi/mod_authnz_sspi-0.1.1a1-2.4.x-x64-vc15.zip
- Note that this module is not from Apache. This most recent version is vc15 - this is an add on done by the community.
- From the downloaded folder:
Apache24\modules
copymod_authnz_sspi.so
and save to the Apache modules directory.
C:\Apache24\modules\mod_authnz_sspi.so
- Copy:
Apache24\bin\sspipkgs.exe
and save it in the Apache bin directory.
C:\Apache24\bin\sspipkgs.exe
Add/Manage users
- Ensure each user has a windows account. (If not, add them as a local user from computer management and create a password for them). This will be the user name to sign into ACP and the windows password will be the password for ACP. So if they are a new user you will need to give then the windows credentials. There is no way for a user to set their own password unless they have access to the server's computer management.
- An admin will need to add the users to the ACP projects they will be a member of.
- An admin will need to change passwords.
Connect to a Microsoft on premises active directory with LDAP
LDAP Documentation:
https://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html https://coderanger.net/~coderanger/tracdoc/install/apacheauth.html#windows-active-directory
- Uncomment these 2 lines in the httpd.conf file
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule ldap_module modules/mod_ldap.so
Binding information: To connect to the active directory, we need the values for these 3 Apache configuration variables:
AuthLDAPBindDN
AuthLDAPBindPassword
AuthLDAPURL )
- Add the authentication section to the httpd.conf file in the directory tags (Lumina will normally do this as part of the apache httpd.conf file setup).
#Auth section
AuthType Basic
AuthName "ldap authentication"
AuthBasicProvider ldap
AuthLDAPBindDN "<<Enclode the BindDN in quotes, with single quotes around filters with spaces.>>"
AuthLDAPBindPassword
AuthLDAPURL 'Single quotes around the entire LDAP URL and double quotes around any filters with spaces'
LDAPReferrals Off
Require valid-user
RequestHeader set X-Remote-User %{REMOTE_USER}s
#end auth_basic_module#
Enable comment auto-refresher
Tarik TAOUCHE
Dpaine