I have LDAP authentication working with Apache. Now I need to know how I can get what user logged in with PHP. Is it even possible? Do I have to do the authentication in PHP to store the user name?
views:
104answers:
2
+4
A:
I am not sure if it's the same with mod_lsap, but when you authenticate using Apache, the username and password are stored in the $_SERVER's superglobals.
$_SERVER['PHP_AUTH_USER']
$_SERVER['PHP_AUTH_PW']
Mademoiselle Vagin Cul
2010-02-10 18:51:30
well then, that works for ldap also! :)
scottm
2010-02-10 19:12:41
+4
A:
If you activate the mod_authnz_ldap module and configure your section like this:
<Directory /var/www/yoursite/>
AuthName "LDAP Secured"
AuthType Basic
AuthLDAPUrl "ldap://your.ldap.server:389/dc=example,dc=com?sAMAccountName"
AuthLDAPBindDN "[email protected]"
AuthLDAPBindPassword "secret"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
Require valid-user
</Directory>
Then in your PHP code you can obtain the user ID that was used to log in like this:
<?php
$userId = $_SERVER['AUTHENTICATE_SAMACCOUNTNAME'];
echo "User ID: " . $userId;
<?
Any LDAP attribute that you specify in the AuthLDAPUrl directive can be obtained this way (prefix it with AUTHENTICATE_ and then append the attribute name in all uppercase). You can add more attributes by separating them with commas, but only the first one will be used for authentication. See http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#exposed and http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#authldapurl for further details.
Brian Showalter
2010-02-10 19:46:02