How do I retrieve the user information of a user authenticated with Apache's mod_ldap?

Question

I have LDAP authentication working with Apache. Now I need to know how I can get what user logged in with PHP. Is it even possible? Do I have to do the authentication in PHP

Answer 1

If you activate the mod_authnz_ldap module and configure your section like this:

<Directory /var/www/yoursite/>
    AuthName "LDAP Secured"
    AuthType Basic
    AuthLDAPUrl "ldap://your.ldap.server:389/dc=example,dc=com?sAMAccountName"
    AuthLDAPBindDN "ADUser@ADDomain.local"
    AuthLDAPBindPassword "secret"
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative off
    Require valid-user
</Directory>

Then in your PHP code you can obtain the user ID that was used to log in like this:

<?php
    $userId = $_SERVER['AUTHENTICATE_SAMACCOUNTNAME'];
    echo "User ID: " . $userId;
<?

Any LDAP attribute that you specify in the AuthLDAPUrl directive can be obtained this way (prefix it with AUTHENTICATE_ and then append the attribute name in all uppercase). You can add more attributes by separating them with commas, but only the first one will be used for authentication. See http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#exposed and http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html#authldapurl for further details.

Answer 2

I am not sure if it's the same with mod_lsap, but when you authenticate using Apache, the username and password are stored in the $_SERVER's superglobals.

$_SERVER['PHP_AUTH_USER']
$_SERVER['PHP_AUTH_PW']

http://ca.php.net/manual/en/reserved.variables.server.php