I have Apache 2.4 (httpd) on Red Hat 9.0. I have basic authentication working with ldap. It gives popup box that asks for username and password. So now I want to change that so that I can present a custom form.
This what I currently have.
<Directory /var/www/html/private>
AuthType Basic
AuthName "Login"
AuthBasicAuthoritative off
AuthBasicProvider ldap
AuthLDAPURL "ldap://DC:389/OU=Users,dc=x,dc=com?sAMAccountName?sub?(objectClass=*)"
Require valid-user
AuthLDAPBindDN username
AuthLDAPBindPassword pAsSwOrD
</Directory>
Trying to follow
https://blog.sensecodons.com/2023/01/use-custom-login-page-when-using-apache.html
This is what I tried to add
<Directory "/do-login.html">
SetHandler form-login-handler
AuthFormLoginRequiredLocation "login.html"
AuthFormLoginSuccessLocation "/admin/index.html"
AuthFormProvider ldap
AuthUserFile /dev/null
AuthType form
AuthName "Admin"
Session On
SessionCookieName session path=/
</Directory>
and I changed AuthType in my first directive to 'Form'
I have a form:
<form method="POST" action="/do-login.html">
Username: <input type="text" name="httpd_username" value="" />
Password: <input type="password" name="httpd_password" value="" />
<input type="submit" name="login" value="Login" />
</form>
This is not working for me, it keeps sending me back to the login.html .
What is do-login.html supposed to look like?
I got it working. I have 2 directives and I had to add all the ldap stuff to the second, including URL, name and password
<Directory /var/www/html/private>
AuthType Form
AuthName "Login"
AuthFormProvider ldap
AuthFormLoginRequiredLocation "/login.shtml"
AuthLDAPURL "ldap://DC:389/OU=Users,dc=x,dc=com?sAMAccountName?sub?(objectClass=*)"
Require valid-user
AuthLDAPBindDN username
AuthLDAPBindPassword pAsSwOrD
Session On
SessionCookieName session path=/
</Directory>
and then using location
<location "/do-login.html">
SetHandler form-login-handler
AuthFormLoginRequiredLocation "badlogin.shtml"
AuthFormLoginSuccessLocation "/private/index.html"
AuthFormProvider ldap
AuthLDAPURL "ldap://DC:389/OU=Users,dc=x,dc=com?sAMAccountName?sub?(objectClass=*)"
Require valid-user
AuthLDAPBindDN username
AuthLDAPBindPassword pAsSwOrD
AuthType form
AuthName "Login"
Session On
SessionCookieName session path=/
</location>
this works well for me now. I have the login form wrapped in HTML and CSS. I created a nice login form using some of the code found here:
https://w3codepen.com/html-css-login-form-page/
And with bad credentials, it loads badlogin.shtml, which is the same form, with "Bad username or password" added in red font.
By the way, the do-login.html is just a blank page. You don't even have to have the page at all. I just leave it as a blank html file.
With the non-form based ldap login, users just got that popup box and they were putting in their creds in the wrong format. With the form, I was able to customize the look, make it look more user friendly and give instructions for the credential format required.
Hope this helps someone.
UPDATE - Oct 30 2023 I found this :
https://stackoverflow.com/questions/43287063/redirect-to-previous-page-after-login-from-authformloginlocation-apache2-config/44718693#44718693
I was getting ready to post this Question,
My website has a public and private section. There are links to the private section in a dropdown menu. When a private link is selected, you get directed to the login page. The login page directs you to AuthFormLoginSuccessLocation and not to the private page selected from the dropdown. Is this possible? Something like : AuthFormLoginSuccessLocation = "page selected"
That like above does this for me. So I am pretty much feeling my form-based login to Apache is complete now.