Re: LDAP Apache authorization - presupplying user & password ?

[Michael Cunningham <archive@securityinsight.com>]

Norbert,

I tried setting apache with auth_ldap and got it working well.
but using your code snipett it fails when getting the remote_user
info. I printed out all the variable you listed below and everything
is picked up.. userpassword, etc. excepet REMOTE_USER which is totally
empty. I can authenticate with apache using the ldap server but
the php3 scripts just cant pick up the remote user info for some reason.

I do have AuthLDAPRemoteUserIsDN turned on.. Any ideas whats wrong?
I am a total php3 newbie so go easy:) Do you have any fully working
scripts I can check out? I am trying to modify ldap_admin to bind as
a specific user but it isnt working out so well:( A working example
would help a lot. 

Thanks.. Mike

>Hi Tim 
> I could just use the pop-up window that the browser
> supplys but AFAIK you can't then obtain the password string the user
> supplied. 

>I use auth_ldap with AuthLDAPRemoteUserIsDN set and get the password
>from the http headers. See the following PHP3 code:

>$ds=ldap_connect("localhost");  
>if ($ds) {
>  //get password from http auth
>  $headers = getallheaders();
>  // (type authstring)
>  $authheader = explode(" ", $headers["Authorization"]);
>  // (username:password)
>  $auth = explode(":", base64_decode($authheader[1]));
>  if ( !ldap_bind($ds, $REMOTE_USER, $auth[1]) ) {
>    echo "<H1>insufficient access</h1>\n";
>    ldap_close($ds);
>    exit;
>  }      
>  [...]