Re: [PHP] What server am I authenticating to?
Hansen, Mike wrote:
-Original Message-
From: daniel.egeb...@gmail.com
[mailto:daniel.egeb...@gmail.com] On Behalf Of Daniel Egeberg
Sent: Wednesday, January 13, 2010 11:39 AM
To: Hansen, Mike
Cc: php-general@lists.php.net
Subject: Re: [PHP] What server am I authenticating to?
On Wed, Jan 13, 2010 at 19:04, Hansen, Mike
mike.han...@atmel.com wrote:
I took over maint of an app, and the former maintainer is
no longer available.
I was under the assumption that authentication was done
through an LDAP. How do I find out which LDAP server is
PHP/Apache using? It might be right in front of my face in
the apache config or php.ini, but I can't seem to find it.
I'm not sure what it'd be called in those config files. There
is no htaccess or htpasswd files that I could find on the
server. Below is the code that I believe does the authentication.
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm=***');
header('HTTP/1.0 401 Unauthorized');
echo 'Access denied';
exit;
}
else
If anyone can point me right direction, that'd be great.
Mike
Basic HTTP authentication is not using LDAP. You can use PHP_AUTH_USER
and PHP_AUTH_PW to verify that the credentials are correct (they'll be
populated with whatever the user entered). Exactly how you do that is
up to you (hard code it, look in a database, LDAP, etc.). You then
send the 401 response code along with WWW-Authenticate if the
credentials aren't satisfactory.
--
Daniel Egeberg
I'll do some more digging. Would the LDAP authentication be happening from
apache or from within PHP? The user only sees a username and password dialog.
If they hit cancel, they get the Access denied which I was assuming was
from this bit of code.
Mike
if it's ldap then most likely you should check the sites apache config
file (apache-dir/sites-available) or .htaccess for something like..
Location /
AuthType Basic
AuthName ***
AuthBasicProvider ldap
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] What server am I authenticating to?
Yep. I found the issue in the apache config.
Thanks,
Mike
-Original Message-
From: Nathan Rixham [mailto:nrix...@gmail.com]
Sent: Wednesday, January 13, 2010 1:12 PM
To: Hansen, Mike
Cc: php-general@lists.php.net
Subject: Re: [PHP] What server am I authenticating to?
Hansen, Mike wrote:
-Original Message-
From: daniel.egeb...@gmail.com
[mailto:daniel.egeb...@gmail.com] On Behalf Of Daniel Egeberg
Sent: Wednesday, January 13, 2010 11:39 AM
To: Hansen, Mike
Cc: php-general@lists.php.net
Subject: Re: [PHP] What server am I authenticating to?
On Wed, Jan 13, 2010 at 19:04, Hansen, Mike
mike.han...@atmel.com wrote:
I took over maint of an app, and the former maintainer is
no longer available.
I was under the assumption that authentication was done
through an LDAP. How do I find out which LDAP server is
PHP/Apache using? It might be right in front of my face in
the apache config or php.ini, but I can't seem to find it.
I'm not sure what it'd be called in those config files. There
is no htaccess or htpasswd files that I could find on the
server. Below is the code that I believe does the authentication.
if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm=***');
header('HTTP/1.0 401 Unauthorized');
echo 'Access denied';
exit;
}
else
If anyone can point me right direction, that'd be great.
Mike
Basic HTTP authentication is not using LDAP. You can use
PHP_AUTH_USER
and PHP_AUTH_PW to verify that the credentials are correct
(they'll be
populated with whatever the user entered). Exactly how you
do that is
up to you (hard code it, look in a database, LDAP, etc.). You then
send the 401 response code along with WWW-Authenticate if the
credentials aren't satisfactory.
--
Daniel Egeberg
I'll do some more digging. Would the LDAP authentication be
happening from apache or from within PHP? The user only sees
a username and password dialog. If they hit cancel, they get
the Access denied which I was assuming was from this bit of code.
Mike
if it's ldap then most likely you should check the sites apache config
file (apache-dir/sites-available) or .htaccess for something like..
Location /
AuthType Basic
AuthName ***
AuthBasicProvider ldap
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
