This is not a new topic, but the information I find is always covering only a bit or not exactly what I would need. Here's the "issue"
I'm building a web application, on a Debian / Apache / PHP host.
The web server is NOT in our Active Directory, nor will it be.
Now the web application would need to query Microsoft SQL servers to gather the information to display and so on.
Now, I've installed the Microsoft SQL drivers (version 17) and try to connect. This gives errors because we only allow windows authentication and not directly SQL authentication.
This is where the problem starts. I cannot find any proper documentation on how to get this working. It seems that if you connect without UID and PWD, it tries to logon with the UID owner of the process. This is in this case the APACHE user...which is an account on the Linux server, not known in the Active Directory /Domain. I can't have the Apache server run as a windows account, since that will impact other domains and applications running on that web server. Meaning I'm stuck....
So the questions are basically:
Is there really no proper solution to implement Windows Authentication to MSSQL with PHP (so without work arounds and so on?
Is there any site where this is explained in detail or any developed module for PHP, maybe with javascript or anything.
I can't believe this is not possible, but can't find any working solutions...
Thanks in advance everyone for taking the time to read and reply!
Related
I have a PHP application running with Nginx on a Linux server and it has a successful integration with my Active Directory using LDAP.
In the current scenario, the user is able to create a new login for the app or use his Windows credentials to log into the application.
Now, I'm trying to implement a complete Single-Sign On (SSO) and the user logged with his credentials in the Windows machine in the domain will be able to open the app logged without use the credentials again.
Doing some research on it, since my Linux server are not in the same domain, the best options is use NTLM (old and insecure), Kerberos protocol or Negotiate protocol (that will choose among NTLM and Kerberos for each request), depending on Windows version and what is implemented in the Domain Controller.
There is a lot of tutorials in the internet and also some good threads on the theme here in SO. This another link shows a good overview about the options using Apache as web server (for Kerberos option, I found a Nginx port, so this is not the main problem).
Well, I created some test application using these approaches (including all changes in the browser side, limited to Firefox), but all of then are dependents of Web Server (Apache, Nginx or even IIS). Since My app already has a complete integration with AD through LDAP, I'm interested in some Web Server independent solution. Are there any way to "bypass" the authentication in Web Server and get the information about the logged user direct on my PHP code (Client (Firefox) to Server (PHP))?
My best guesses for now are some type of "pure" PHP implementation of Kerberos, that needs of a PECL module or NTLM, that is insecure and still asks for the user credentials in the first request.
I know that maybe its impossible, but I'm asking it for the case that I missed something important information in this research. Is it possible to get the windows user info direct in PHP?
If you don't insist on nginx use Apache Web Server 2.4 with mod_auth_gssapi this is great, high quality code written by people who know what they do. I have been doing this for years for my PHP stuff.
I’m part of a very small company that uses a database hosted on a server (104.131.##.###). However, the server no longer responds and the person who set up and owns the server space has already left the company. This past employee seems disgruntled so they won’t help. It’s complicated, but we decided to open a new server. The only issue is, I don’t know what we were using.
What I do know is I would access and change the database at http://104.131.##.###/phpmyadmin/ (image of login below)
I also had php files stored on the server using Filezilla (in a “var” folder, if that helps) which were accessed via path: http://104.131.96.###/path/to/file.php
I’ve set up a version of the same server using xampp on my own computer, but I can’t keep my computer running constantly.
So my question is, what service were we using / should we use? Where would I start to set up a new server like this? (I still have the php files and can recreate the db)
I've looked into AWS and digitalOcean, but I'm in a bit over my head and can't tell if they're offering what we need.
Any help would be appreciated. Thank you
The server was using phpmyadmin and mysql and Digital Ocean.
So you need at least a LAMP stack. With the info given we can't help you more.
I am an intern in a company and have to make an intranet for the company. The difficulty for me is that i am very new to programming and don't really know how apache works.
The users don't want to log into the intranet (put the login and password) everytime they come on the site, they want them to be logged in without doing that.
All my users use Windows 7 (or higher), and i will write the intranet in php-sql, using apache server 2.4.
I want to know how i can connect the users by SSO using NTLM (because the authentification is done with Active Driectory, i would like the user to be connected automatically with their Windows login and password)? What is the apache module for that and how do i proceed ? What Library do i use in PHP ?
I really am stuck at this point and can't seem to find a solution, please help me. I found some links that could help me but i don't understand what is the author saying.
Here are some links about the subjects :
a forum question
a wiki article
Actually i saw that this kind of question was already asked here (How can I implement single sign-on (SSO) using Microsoft AD for an internal PHP app?) but I don't get the solution, I would like someone to explain a little bit in detail as i said before i am very new to programming.
First of all using Apache is not necessary and will complicate things somewhat to do what you are trying to do, if you can use IIS server on one of your Windows servers you will be laughing.
Install PHP on the IIS server
Create a new website in IIS
Set the new websites access to Windows Authentication and disable anonomouse access.
What this will do is configure IIS to authenticate the users against Active Directory, if they are on a Windows machine on the local network, already authenticated to the local domain, and the intranet is defined by GPO as a intranet site then the users Windows login details will be automatically passed and can be accessed in PHP using the $_SERVER superglobal.
Good day!
I've searched for many sites on how I could deploy my PHP projet in the internet but I don't know how to do it because I am confused with some of the technical terms.
You see, I am using xampp for my local web server. Now I want to put it in the internet. I found some free web hosting sites so i've decided to upload all my htdocs files inside it.. But how can I put the xampp (apache server) and my mysql database on it? I'm confused. Please help. A step-by-step procedure of what should i do could be really helpful. Thank you in advance.
Get a hosting account (try www.bluehost.com for instance).They will set you up with a Linux server and MySQL. You don't have to install Apache or MySQL, you will use whatever they've got. All you need to do is upload your PHP files to the right folder, setup your database on their server and you should be good to go.
If you buy a domain-name and space, connect them using the NS settings
If you are using a free, then the settings are already okay.
Export the database from your XAMP.
Login to the remote server. There you'll find PHPMyAdmin. Import the database.
Upload the file.
Make sure file listing is off. That is if a user goes to any directory he can not see the file list!
Done :)
Simplifying a bit, there are two ways you can get your site online.
First, you could purchase or rent a server that is yours and yours alone. This is commonly called "dedicated hosting" and costs somewhere around $100 / month. If you choose this option, you have your own server housed in a datacenter somewhere, and you must install Apache, MySQL, and any other server software you care to use.
I doubt, given what you've described, you have chosen this option.
Second, you could rent "shared hosting" from any one of the dozens of hosting providers out there. If you do this, with a typical cost of $2 to $10 per month, the hosting provider is administering the server. You have no direct access at all. Your only access is through the tools they provide.
Given that, how specifically you can upload files is up to them (is it FTP? SSH? a horrifying web-based upload tool of some kind?) Similarly, how you access your MySQL databases (assuming they offer MySQL databases) is entirely up to them as well.
Many providers now use a tool called cPanel for this administration, so you may try browsing to www.example.com/cPanel (using your domain) on the off chance that works. If not, though, follow the instructions your host provides. Only they can correctly describe how their setup works.
The hosting will be already having apache and mysql installed you only have to put your files thats it
I suggest you contact your webhosting site. The web hosting needs to host php, and mysql. Then you can upload your files to their web server, and copy your mysql database to their mysql server.
You do not need to transfer xampp to your host: apache and mysql are running on nearly every server
Upload all your files in your htdocs directory via ftp to your server
To transfer your database, use phpMyAdmin. It is installed with xampp and alos installed on nearly every server. In phpMyAdmin, use the export/import functionality
In your php file where you connect to the db change the login settings to the settings the hoster gave you
That should work...
Hosting Company already have setup for apache,php, mysql. All you need to uploads all your
files from xampp htdocs to a right folder like public_html using a ftp software like
filezilla. They also provide a control panel like using which you can manage your mysql
database and all others settings like directory permission.
In a Windows world with Windows clients and a LAMP web server, is it possible to take advantage of Windows Authentication to authenticate a user on the LAMP web site?
The motivations are:
Single sign on
Be able to access the user name of the Windows user
Edit: Twelve47 found this question and answer, but that only works on IIS unfortunately, so my question is NOT a duplicate of it, as opposed to what I stated 7 hours ago...
Active Directory can accessed using LDAP, you can then use LDAP in PHP or mod_auth_ldap in apache to query the AD.
You might like to check out adLDAP which a PHP project designed for PHP/AD integration.