I have a PHP web application on an intranet that can extract the IP and host name of the current user on that page, but I was wondering if there is a way to get/extract their Active Directory/Windows username as well. Is this possible?
+2
A:
No. But what you can do is have your Active Directory admin enable LDAP so that users can maintain one set of credentials
Peter Bailey
2008-10-03 19:56:55
You don't have to enable LDAP since it's a core component of Active Directory.
VVS
2008-10-03 20:00:57
+9
A:
Check the AUTH_USER request variable. This will be empty if your web app allows anonymous access, but if your server's using basic or Windows integrated authentication, it will contain the username of the authenticated user.
In an Active Directory domain, if your clients are running Internet Explorer and your web server/filesystem permissions are configured properly, IE will silently submit their domain credentials to your server and AUTH_USER will be MYDOMAIN\user.name without the users having to explicitly log in to your web app.
Dylan Beattie
2008-10-03 19:57:20
only IE passes your credentials through, other browsers just prompt, in which case you just need to supply your domain credentials (domain\username and password).
MasterMax1313
2009-08-25 15:15:50
Firefox supports (automatic) integrated authentication, too. see https://developer.mozilla.org/en/Integrated_Authentication
VolkerK
2010-03-20 23:21:50
+1
A:
Look at the PHP LDAP library functions: http://us.php.net/ldap.
Active Directory [mostly] conforms to the LDAP standard.
warren
2008-10-03 19:57:39
A:
There are some additional PEAR libraries that may make things easier:
http://pear.php.net/search.php?q=ldap&in=packages&x=0&y=0
Darryl Hein
2008-10-03 19:57:51
+1
A:
You could probably authenticate the user in Apache with mod_auth_kerb by requiring authenticated access to some files … I think that way, the username should also be available in PHP environment variables somewhere … probably best to check with <?php phpinfo(); ?> once you get it runnning.
hangy
2008-10-03 20:13:08
+1
A:
If you're using Apache on Windows, you can install the mod_auth_sspi from
http://www.gknw.at/development/apache/httpd-2.2/win32/modules/mod%5Fauth%5Fsspi-1.0.4-2.2.2.zip
Instructions are in the INSTALL file, and there is a whoami.php example. (It's just a case of copying the mod_auth_sspi.so file into a folder and adding a line into httpd.conf.)
Once it's installed and the necessary settings are made in httpd.conf to protect the directories you wish, PHP will populate the $_SERVER['REMOTE_USER'] with the user and domain ('USER\DOMAIN') of the authenticated user in IE -- or prompt and authenticate in Firefox before passing it in.
Info is session-based, so single(ish) signon is possible even in Firefox...
-Craig
CrayFishUK
2009-12-24 12:02:58