auth:ntlm
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
auth:ntlm [2014-06-17 14:18] – 85.143.16.4 | auth:ntlm [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== NTLM Authentication Backend ====== | ||
- | |||
- | |||
- | This page describes how to set up NTLM (i.e. Windows NT-based) authentication for DokuWiki running on Apache. As an added bonus, the second half of this page describes what you need to do to enable Firefox to " | ||
- | |||
- | //Note: For obvious reasons, this document assumes a DokuWiki install on Windows (perhaps using [[http:// | ||
- | |||
- | ===== Setup NTLM authentication for Apache ===== | ||
- | |||
- | * First, get the Apache NTLM module from [[http:// | ||
- | * The file '' | ||
- | |||
- | <code xml> | ||
- | # Add to your httpd.conf | ||
- | |||
- | LoadModule ntlm_module modules/ | ||
- | |||
- | # | ||
- | # Configuration for mod_ntlm | ||
- | < | ||
- | < | ||
- | AuthName "A Protected Place" | ||
- | AuthType NTLM | ||
- | NTLMAuth On | ||
- | NTLMAuthoritative On | ||
- | NTLMOfferBasic On | ||
- | NTLMBasicPreferred | ||
- | require valid-user | ||
- | </ | ||
- | </ | ||
- | # End of mod_ntlm. | ||
- | </ | ||
- | |||
- | * While you're at it, you might also want to make sure that your site is accessible from other machines on the intranet. Make sure that Apache is listening on an IP address other than '' | ||
- | |||
- | |||
- | |||
- | |||
- | ===== Configure DokuWiki to use NTLM authentication ===== | ||
- | |||
- | * Modify the .htaccess file in the DokuWiki root as follows (you can place this at the top of the file): | ||
- | <code xml> | ||
- | ## Enable this to restrict editing to logged in users only | ||
- | AuthType NTLM | ||
- | NTLMAuth On | ||
- | NTLMAuthoritative on | ||
- | |||
- | require valid-user | ||
- | </ | ||
- | * Make a copy of the '' | ||
- | |||
- | * Edit the '' | ||
- | <code php> | ||
- | $conf[' | ||
- | $conf[' | ||
- | $conf[' | ||
- | </ | ||
- | |||
- | * Modify the '' | ||
- | |||
- | <code php> | ||
- | // do the login either by cookie or provided credentials | ||
- | if($conf[' | ||
- | if($auth){ | ||
- | if (!isset($_REQUEST[' | ||
- | if (!isset($_REQUEST[' | ||
- | if (!isset($_REQUEST[' | ||
- | // add this snippet | ||
- | if ($conf[' | ||
- | { | ||
- | $_REQUEST[' | ||
- | $_REQUEST[' | ||
- | $_REQUEST[' | ||
- | } | ||
- | // end of snippet | ||
- | |||
- | // if no credentials were given try to use HTTP auth (for SSO) | ||
- | if(empty($_REQUEST[' | ||
- | $_REQUEST[' | ||
- | $_REQUEST[' | ||
- | } | ||
- | } | ||
- | } | ||
- | </ | ||
- | |||
- | * Add the following code to your '' | ||
- | |||
- | <code php> | ||
- | // this is a hack for ntlm_module (http:// | ||
- | // for some reason it only sets env variable REMOTE_USER but not // $_SERVER[' | ||
- | |||
- | function getRemoteUser() { | ||
- | if ($_SERVER[' | ||
- | return $_SERVER[' | ||
- | return getenv(' | ||
- | } | ||
- | |||
- | function niceNtlmUserName($userName) | ||
- | { | ||
- | return preg_replace("/ | ||
- | } | ||
- | |||
- | // NTLM user name is in the form " | ||
- | // function converts it to just " | ||
- | function getRemoteUserNice() | ||
- | { | ||
- | return | ||
- | } | ||
- | |||
- | //Setup VIM: ex: et ts=2 enc=utf-8 : | ||
- | </ | ||
- | |||
- | * In the '' | ||
- | |||
- | <code php> | ||
- | <?php | ||
- | /** | ||
- | * NTLM authentication backend | ||
- | * | ||
- | * To use it: | ||
- | * - install ntlm module (e.g. mod_ntlm-1.3.zip from | ||
- | | ||
- | * - add the following to the .htaccess of your dokuwiki directory: | ||
- | AuthType NTLMNTLMAuth on | ||
- | NTLMAuthoritative on | ||
- | require valid-user | ||
- | | ||
- | | ||
- | | ||
- | * @author | ||
- | */ | ||
- | class auth_ntlm extends auth_basic { | ||
- | |||
- | function auth_ntlm() { | ||
- | |||
- | // we only accept page ids for auth_plain | ||
- | if(isset($_REQUEST[' | ||
- | $_REQUEST[' | ||
- | } | ||
- | /** | ||
- | * Check user+password [required auth function] | ||
- | * | ||
- | * @author | ||
- | * @return | ||
- | */ | ||
- | function checkPass($user, | ||
- | |||
- | if (!getenv(' | ||
- | return false; | ||
- | return true; | ||
- | } | ||
- | |||
- | /** | ||
- | * Return user info [required auth function] | ||
- | * | ||
- | * Returns info about the given user needs to contain | ||
- | * at least these fields: | ||
- | * | ||
- | * name string | ||
- | * mail string | ||
- | * grps array list of groups the user is in | ||
- | * | ||
- | * @author | ||
- | */ | ||
- | function getUserData($user) { | ||
- | global $conf; | ||
- | $userInfo[' | ||
- | $userInfo[' | ||
- | $userInfo[' | ||
- | return $userInfo; | ||
- | } | ||
- | |||
- | /** | ||
- | * Create a new User [required auth function] | ||
- | * | ||
- | * Returns false if the user already exists, null when an error | ||
- | * occured and the cleartext password of the new user if | ||
- | * everything went well. | ||
- | * | ||
- | * The new user HAS TO be added to the default group by this | ||
- | * function! | ||
- | * | ||
- | * @author | ||
- | */ | ||
- | function createUser($user, | ||
- | return false; | ||
- | } | ||
- | } | ||
- | //Setup VIM: ex: et ts=2 enc=utf-8 : | ||
- | ?> | ||
- | </ | ||
- | |||
- | ===== To access your site using Firefox: ===== | ||
- | |||
- | See the link in the references section below | ||
- | |||
- | If all goes well, after you have configured Apache, DokuWiki and Firefox, open up your DokuWiki home page in Firefox, and it should detect your Windows credentials and log you in automatically. You should see your NT ID at the bottom of the screen, where it says, " | ||
- | |||
- | ===== References ===== | ||
- | |||
- | * [[acl|DokuWiki ACL information]] | ||
- | * [[http:// | ||
- | * [[http:// | ||
- | |||
- | ===== Additions ===== | ||
- | |||
- | Using NTLM based auth and as user store the users.auth.php, | ||
- | |||
- | < | ||
- | /** | ||
- | * Return user info | ||
- | * | ||
- | * Returns info about the given user needs to contain | ||
- | * at least these fields: | ||
- | * | ||
- | * name string | ||
- | * mail string | ||
- | * grps array list of groups the user is in | ||
- | * | ||
- | * @author | ||
- | */ | ||
- | function getUserData($user){ | ||
- | |||
- | if($this-> | ||
- | return isset($this-> | ||
- | } | ||
- | |||
- | |||
- | function _loadUserData(){ | ||
- | global $config_cascade; | ||
- | |||
- | $this-> | ||
- | |||
- | if(!@file_exists($config_cascade[' | ||
- | |||
- | $lines = file($config_cascade[' | ||
- | foreach($lines as $line){ | ||
- | $line = preg_replace('/# | ||
- | $line = trim($line); | ||
- | if(empty($line)) continue; | ||
- | |||
- | $row = explode(":", | ||
- | $groups = array_values(array_filter(explode(",", | ||
- | |||
- | $this-> | ||
- | $this-> | ||
- | $this-> | ||
- | $this-> | ||
- | } | ||
- | } | ||
- | |||
- | </ | ||
- | |||
- | and comment the function getUserData from original ntlm.class.php | ||
- | |||
- | < | ||
- | //function getUserData($user) { | ||
- | // global $conf; | ||
- | // $userInfo[' | ||
- | // $userInfo[' | ||
- | // $userInfo[' | ||
- | // return $userInfo; | ||
- | //} | ||
- | </ | ||
- | |||
auth/ntlm.1403007480.txt.gz · Last modified: 2014-06-17 14:18 by 85.143.16.4