ACP Apache Authentication
- This is for installing ACP with Apache authentication. If you want to install ACP with the default firebase authentication , use the instructions on the main install page here.
PHP
Php is used to pass the user name to ACP via an environment variable.
- Install php 8.38 to c.\php
- Download the latest PHP 8.3.8 binaries from the official site. Eg https://windows.php.net/downloads/releases/php-8.3.8-Win32-vs16-x64.zip . Then extract the downloaded zip folder to
C:\php
.
- In c:\php Rename
php-ini-development.ini
tophp.ini
. - Add the php directory to the path
- In the search box type
environment
and select edit the system environment variables - In system properties select Environment variables
- Select
system variables>Path
and pressEdit
. - Select
New
and addC:\php
then pressOK
. Then exit the system properties dialog.
- In a command prompt enter
php
- if you get an error you will probably need to reboot. php should start and you will get a blinking cursor. Press Control + C to get out of the php loop.
Apache Authentication
Password file
- (Create a file
passwords
without extension. Save this inC:\Apache24\password
(This file should be placed somewhere not accessible from the web so that it cannot be downloaded}.
- To create the file, use the htpasswd utility that came with Apache. This will be located in Apache24 bin directory. In a command prompt:
(Substitute your desired username here>.
c:\Apache24\bin>htpasswd -c c:\Apache24\passwords <yourusername>
{The -c flag creates a new file}
- htpasswd will ask you for the password, and then ask you to type it again to confirm it:
New password: ************
Re-type new password: ************
Adding password for user yourusername
Add/Manage users
Add any other users and password pairs later. You can refer to this page
Apache windows sspi authentication
Add the Apache Windows sspi Authentication module
- Download the module and unzip it to a folder.
https://www.apachehaus.net/modules/mod_authnz_sspi/mod_authnz_sspi-0.1.1a1-2.4.x-x64-vc15.zip
- Note that this module is not from Apache. This most recent version is vc15 - this is an add on done by the community.
- From the downloaded folder:
Apache24\modules
copymod_authnz_sspi.so
and save to the Apache modules directory.
C:\Apache24\modules\mod_authnz_sspi.so
- Copy:
Apache24\bin\sspipkgs.exe
and save it in the Apache bin directory.
C:\Apache24\bin\sspipkgs.exe
Add/Manage users
- Ensure each user has a windows account. (If not, add them as a local user from computer management and create a password for them). This will be the user name to sign into ACP and the windows password will be the password for ACP. So if they are a new user you will need to give then the windows credentials. There is no way for a user to set their own password unless they have access to the server's computer management.
- An admin will need to add the users to the ACP projects they will be a member of.
- An admin will need to change passwords.
Connect to a Microsoft on premises active directory with LDAP
LDAP Documentation:
https://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html https://coderanger.net/~coderanger/tracdoc/install/apacheauth.html#windows-active-directory
- Uncomment these 2 lines in the httpd.conf file
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule ldap_module modules/mod_ldap.so
Binding information: To connect to the active directory, we need the values for these 3 Apache configuration variables:
AuthLDAPBindDN
AuthLDAPBindPassword
AuthLDAPURL )
- Add the authentication section to the httpd.conf file in the directory tags (Lumina will normally do this as part of the apache httpd.conf file setup).
#Auth section
AuthType Basic
AuthName "ldap authentication"
AuthBasicProvider ldap
AuthLDAPBindDN "<<Enclode the BindDN in quotes, with single quotes around filters with spaces.>>"
AuthLDAPBindPassword
AuthLDAPURL 'Single quotes around the entire LDAP URL and double quotes around any filters with spaces'
LDAPReferrals Off
Require valid-user
RequestHeader set X-Remote-User %{REMOTE_USER}s
#end auth_basic_module#
Enable comment auto-refresher
Tarik TAOUCHE