You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Ace Suares <ac...@suares.nl> on 2003/10/18 22:41:58 UTC
[users@httpd] mod_auth_ldap, DN and AUTHENTICATE_UID
Hi Folks,
Sorry to drop into your party unnannounced ;-)
I just installed apache2 with mod_auth_ldap and php4 on a Suse 8.2 machine.
So far so good. However, when I ask a list of all $_SERVER variables that are
avaliable to PHP, I get the usual list PLUS this one I've never seen before:
AUTHENTICATE_UID
It has no value, apparently. Maybe I need to move this question to PHP-lists,
but even when I google on 'AUTHENTICATE_UID', I get zero hits... so I wonder
if anyone ever seen that one before and know what it means.
The other thing is about mod_auth_ldap, and if this is the wrong list, please
point me to where to go!
I was wondering if the DN that is found by mod_auth_ldap is stored somewhere
in an accessible server variable.
For instance, if I log in (through .htaccess, which does the LDAP lookup) as
user: me@domain
password: absomethingcd
I am getting authenticated just fine. Internally, a lookup is done, which
results in a DN like: 'cn=ace,dc=example,dc=com'
It would be very handy to have this dn available (in PHP) as
'$_SERVER['mod_ault_ldap_athenticated_dn'] (or similar).
is this possible ?
Greetings
ace
--
Ace Suares' Internet Consultancy
NIEUW ADRES: Postbus 2599, 4800 CN Breda
telefoon: 06-244 33 608
fax en voicemail: 0848-707 705
website: http://www.suares.nl * http://www.qwikzite.nl
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_auth_ldap, DN and AUTHENTICATE_UID
Posted by Saqib Ali <sa...@seagate.com>.
> In apache 2.0, mod_auth_ldap is not a seperate (third party) module, but part
> of the main distribution. (See
> http://httpd.apache.org/docs-2.0/mod/mod_auth_ldap.html)
I think Apache 2.0's mod_auth_ldap is based on the auth_ldap written by
Dave Carrigan. http://www.rudedog.org
You can also find another LDAP authentication module for Apache 2.0 at
http://www.muquit.com which works very well with Apache 2.0
Saqib Ali
---------
http://validate.sourceforge.net <--- XHTML/HTML/DocBook Validator
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_auth_ldap, DN and AUTHENTICATE_UID
Posted by Ace Suares <ac...@suares.nl>.
Ok, I've got it now.
with an AuthLDAPURL like this:
ldap://localhost:389/dc=example,dc=com?cn?sub?(objectclass=*)
a variable called 'AUTHENTICATE_CN' is created, with no value.
using
ldap://localhost:389/dc=example,dc=com?uid?sub?(objectclass=*)
a variable called 'AUTHENTICATE_UID' is created, with no value.
Interesting, eh ?
_Ace
--
Ace Suares' Internet Consultancy
NIEUW ADRES: Postbus 2599, 4800 CN Breda
telefoon: 06-244 33 608
fax en voicemail: 0848-707 705
website: http://www.suares.nl * http://www.qwikzite.nl
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_auth_ldap, DN and AUTHENTICATE_UID
Posted by Mike Klein <mi...@sbcglobal.net>.
Ace Suares wrote:
>>This still doesn't explain the value (or lack thereof) of AUTHENTICATE_UID
>>
>>
>
>You are right!
>
>
>>When I searched apache2 and php sources (and my various
>>mod_auth_ldap/etc. implementations) I could NOT find a single reference
>>to the var.
>>
>>
>
>
>Me neither. I am not sure if it's coming from mod_auth_ldap or from somewhere
>else.
>
>
>>The docs you point to only mention that REMOTE_USER var will be updated
>>based upon obtained ldap info...
>>
>>
>
>That was teh solution to my *problem*. But the *mystery* (about
>AUTHENTICATE_UID) remains!
>Do you get this variable when you look at php_info() ?
>
>_Ace
>
>
>
>>So what gives?!?
>>
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>
>
It's not present on my server (which runs php4...but not auth_ldap of
any kind).
It would seem like an important var to know about...and it is wierd that
google returns nothing on it.
You should comment out a few modules in your apache and see which is
definining it...might be something important you can use.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_auth_ldap, DN and AUTHENTICATE_UID
Posted by Ace Suares <ac...@suares.nl>.
>
> This still doesn't explain the value (or lack thereof) of AUTHENTICATE_UID
You are right!
>
> When I searched apache2 and php sources (and my various
> mod_auth_ldap/etc. implementations) I could NOT find a single reference
> to the var.
Me neither. I am not sure if it's coming from mod_auth_ldap or from somewhere
else.
>
> The docs you point to only mention that REMOTE_USER var will be updated
> based upon obtained ldap info...
That was teh solution to my *problem*. But the *mystery* (about
AUTHENTICATE_UID) remains!
Do you get this variable when you look at php_info() ?
_Ace
>
> So what gives?!?
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
--
Ace Suares' Internet Consultancy
NIEUW ADRES: Postbus 2599, 4800 CN Breda
telefoon: 06-244 33 608
fax en voicemail: 0848-707 705
website: http://www.suares.nl * http://www.qwikzite.nl
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_auth_ldap, DN and AUTHENTICATE_UID
Posted by Mike Klein <mi...@sbcglobal.net>.
Ace Suares wrote:
>The problem of retrieving the authenticated DN is solved bij RTFM :-)
>
>Sorry 'bout that. The relevant information is in
>http://httpd.apache.org/docs-2.0/mod/mod_auth_ldap.html#authldapremoteuserisdn
>
>Cheers,
>ace
>
>
This still doesn't explain the value (or lack thereof) of AUTHENTICATE_UID
When I searched apache2 and php sources (and my various
mod_auth_ldap/etc. implementations) I could NOT find a single reference
to the var.
The docs you point to only mention that REMOTE_USER var will be updated
based upon obtained ldap info...
So what gives?!?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_auth_ldap, DN and AUTHENTICATE_UID
Posted by Ace Suares <ac...@suares.nl>.
The problem of retrieving the authenticated DN is solved bij RTFM :-)
Sorry 'bout that. The relevant information is in
http://httpd.apache.org/docs-2.0/mod/mod_auth_ldap.html#authldapremoteuserisdn
Cheers,
ace
--
Ace Suares' Internet Consultancy
NIEUW ADRES: Postbus 2599, 4800 CN Breda
telefoon: 06-244 33 608
fax en voicemail: 0848-707 705
website: http://www.suares.nl * http://www.qwikzite.nl
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_auth_ldap, DN and AUTHENTICATE_UID
Posted by Ace Suares <ac...@suares.nl>.
>
> #1. Question is probably best/quickest answered by posting question to
> owners of mod_auth_ldap. Go to the module home page and you'll find
> support emails, discussion forums, mailing lists, etc.
In apache 2.0, mod_auth_ldap is not a seperate (third party) module, but part
of the main distribution. (See
http://httpd.apache.org/docs-2.0/mod/mod_auth_ldap.html)
Is this list a 1.3.x list or do people generally ask questions about 2.0 too??
>
> #2. Environment value should <probably> be set to a variable in apache
> httpd.conf indicating which ldap attr to use as uid...or it s/be set to
> actual authenticated uid (or rdn of authenticated user)...I haven't read
> docs. When I authenticate via realm authentication (simple
> user/password) or ssl certificate authentication (user rdn,
> emailAddress)...I do get apache server vars for these values.
Me too - PHP_AUTH_USER and PHP_AUTH_PW. They give the username and the
password of the authenticated user.
However, AUTHENTICATE_UID is something I never heard of and if I google, no
results. Strange.
And I am looking for something like PHP_AUTH_DN, that would give me the DN of
the authenticaterd user. (It's not there now!)
> #3. If mod_auth_ldap is storing things in environment variables...you
> should be able to see it via your phpinfo() page/status or via apache
> info handler.
I'll try that...
With phpinfo() I do get the same
_SERVER["AUTHENTICATE_UID"] no value
as expected.
I am not getting any other values from mod_auth_ldap anywhere from php_info().
Thanks for your help !
_Ace
--
Ace Suares' Internet Consultancy
NIEUW ADRES: Postbus 2599, 4800 CN Breda
telefoon: 06-244 33 608
fax en voicemail: 0848-707 705
website: http://www.suares.nl * http://www.qwikzite.nl
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] mod_auth_ldap, DN and AUTHENTICATE_UID
Posted by Mike Klein <mi...@sbcglobal.net>.
Ace Suares wrote:
>Hi Folks,
>
>Sorry to drop into your party unnannounced ;-)
>
>I just installed apache2 with mod_auth_ldap and php4 on a Suse 8.2 machine.
>
>So far so good. However, when I ask a list of all $_SERVER variables that are
>avaliable to PHP, I get the usual list PLUS this one I've never seen before:
>
>AUTHENTICATE_UID
>
>It has no value, apparently. Maybe I need to move this question to PHP-lists,
>but even when I google on 'AUTHENTICATE_UID', I get zero hits... so I wonder
>if anyone ever seen that one before and know what it means.
>
>The other thing is about mod_auth_ldap, and if this is the wrong list, please
>point me to where to go!
>
>
>I was wondering if the DN that is found by mod_auth_ldap is stored somewhere
>in an accessible server variable.
>
>For instance, if I log in (through .htaccess, which does the LDAP lookup) as
>user: me@domain
>password: absomethingcd
>
>I am getting authenticated just fine. Internally, a lookup is done, which
>results in a DN like: 'cn=ace,dc=example,dc=com'
>
>It would be very handy to have this dn available (in PHP) as
>'$_SERVER['mod_ault_ldap_athenticated_dn'] (or similar).
>
>is this possible ?
>
>Greetings
>
>ace
>
>
>
>
>
>
#1. Question is probably best/quickest answered by posting question to
owners of mod_auth_ldap. Go to the module home page and you'll find
support emails, discussion forums, mailing lists, etc.
#2. Environment value should <probably> be set to a variable in apache
httpd.conf indicating which ldap attr to use as uid...or it s/be set to
actual authenticated uid (or rdn of authenticated user)...I haven't read
docs. When I authenticate via realm authentication (simple
user/password) or ssl certificate authentication (user rdn,
emailAddress)...I do get apache server vars for these values.
I am currently using mod_auth_pam for authentication, as this gives
options for things like ldap, mysql, kerberos, and other auth methods.
#3. If mod_auth_ldap is storing things in environment variables...you
should be able to see it via your phpinfo() page/status or via apache
info handler.
Sorry I can't help more...
mike
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org