ACP Apache Authentication

Revision as of 05:25, 13 June 2024 by Dpaine (talk | contribs) (→‎PHP)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

PHP

Php is used to pass the user name to ACP via an environment variable.

  • In c:\php Rename php-ini-development.ini to php.ini.
  • Add the php directory to the path
  • In the search box type environment and select edit the system environment variables
  • In system properties select Environment variables
  • Select system variables>Path and press Edit.
  • Select New and add C:\php then press OK. Then exit the system properties dialog.
  • In a command prompt enter php - if you get an error you will probably need to reboot. php should start and you will get a blinking cursor. Press Control + C to get out of the php loop.

Apache Authentication

Password file

  • (Create a file passwords without extension. Save this in C:\Apache24\password

(This file should be placed somewhere not accessible from the web so that it cannot be downloaded}.

  • To create the file, use the htpasswd utility that came with Apache. This will be located in Apache24 bin directory. In a command prompt:

(Substitute your desired username here>. c:\Apache24\bin>htpasswd -c c:\Apache24\passwords <yourusername>
{The -c flag creates a new file}

  • htpasswd will ask you for the password, and then ask you to type it again to confirm it:

New password: ************
Re-type new password: ************
Adding password for user yourusername

Add/Manage users

Add any other users and password pairs later. You can refer to this page

Apache windows sspi authentication

Add the Apache Windows sspi Authentication module

  • Download the module and unzip it to a folder.

https://www.apachehaus.net/modules/mod_authnz_sspi/mod_authnz_sspi-0.1.1a1-2.4.x-x64-vc15.zip

  • Note that this module is not from Apache. This most recent version is vc15 - this is an add on done by the community.
  • From the downloaded folder: Apache24\modules copy mod_authnz_sspi.so and save to the Apache modules directory.

C:\Apache24\modules\mod_authnz_sspi.so

  • Copy: Apache24\bin\sspipkgs.exe and save it in the Apache bin directory.

C:\Apache24\bin\sspipkgs.exe

Add/Manage users

  • Ensure each user has a windows account. (If not, add them as a local user from computer management and create a password for them). This will be the user name to sign into ACP and the windows password will be the password for ACP. So if they are a new user you will need to give then the windows credentials. There is no way for a user to set their own password unless they have access to the server's computer management.
  • An admin will need to add the users to the ACP projects they will be a member of.
  • An admin will need to change passwords.

Connect to a Microsoft on premises active directory with LDAP

LDAP Documentation:

https://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html https://coderanger.net/~coderanger/tracdoc/install/apacheauth.html#windows-active-directory

  • Uncomment these 2 lines in the httpd.conf file

LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule ldap_module modules/mod_ldap.so


Binding information: To connect to the active directory, we need the values for these 3 Apache configuration variables:
AuthLDAPBindDN
AuthLDAPBindPassword
AuthLDAPURL )

  • Add the authentication section to the httpd.conf file in the directory tags (Lumina will normally do this as part of the apache httpd.conf file setup).

#Auth section
AuthType Basic
AuthName "ldap authentication"
AuthBasicProvider ldap
AuthLDAPBindDN "<<Enclode the BindDN in quotes, with single quotes around filters with spaces.>>"
AuthLDAPBindPassword
AuthLDAPURL 'Single quotes around the entire LDAP URL and double quotes around any filters with spaces'
LDAPReferrals Off
Require valid-user
RequestHeader set X-Remote-User %{REMOTE_USER}s
#end auth_basic_module#

A

B

Comments


Tarik TAOUCHE

11 months ago
Score 0

Hi there,

the link below seems to be broken or not functionnal. https://www....x64-vc15.zip

is there another link to it since we haven't find it anywhere ?

Thanks

You are not allowed to post comments.