What server am I authenticating to?

I took over maint of an app, and the former maintainer is no longer =
available. =20

I was under the assumption that authentication was done through an LDAP. =
How do I find out which LDAP server is PHP/Apache using? It might be =
right in front of my face in the apache config or php.ini, but I can't =
seem to find it. I'm not sure what it'd be called in those config files. =
There is no htaccess or htpasswd files that I could find on the server. =
Below is the code that I believe does the authentication. =20

if (!isset($_SERVER['PHP_AUTH_USER'])) {
header('WWW-Authenticate: Basic realm=3D"***"'); =09
header('HTTP/1.0 401 Unauthorized'); =09
echo 'Access denied'; =09
exit;=20
}=20
else =20


If anyone can point me right direction, that'd be great. =20

Mike=20

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: What server am I authenticating to?

On Wed, Jan 13, 2010 at 19:04, Hansen, Mike wrote:
> I took over maint of an app, and the former maintainer is no longer avail=
able.
>
> I was under the assumption that authentication was done through an LDAP. =
How do I find out which LDAP server is PHP/Apache using? It might be right =
in front of my face in the apache config or php.ini, but I can't seem to fi=
nd it. I'm not sure what it'd be called in those config files. There is no =
htaccess or htpasswd files that I could find on the server. Below is the co=
de that I believe does the authentication.
>
> if (!isset($_SERVER['PHP_AUTH_USER'])) {
> header('WWW-Authenticate: Basic realm=3D"***"');
> header('HTTP/1.0 401 Unauthorized');
> echo 'Access denied';
> exit;
> }
> else
>
>
> If anyone can point me right direction, that'd be great.
>
> Mike

Basic HTTP authentication is not using LDAP. You can use PHP_AUTH_USER
and PHP_AUTH_PW to verify that the credentials are correct (they'll be
populated with whatever the user entered). Exactly how you do that is
up to you (hard code it, look in a database, LDAP, etc.). You then
send the 401 response code along with WWW-Authenticate if the
credentials aren't satisfactory.

--=20
Daniel Egeberg

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: What server am I authenticating to?

=20

> -----Original Message-----
> From: daniel.egeberg@gmail.com=20
> [mailto:daniel.egeberg@gmail.com] On Behalf Of Daniel Egeberg
> Sent: Wednesday, January 13, 2010 11:39 AM
> To: Hansen, Mike
> Cc: php-general@lists.php.net
> Subject: Re: [PHP] What server am I authenticating to?
>=20
> On Wed, Jan 13, 2010 at 19:04, Hansen, Mike=20
> wrote:
> > I took over maint of an app, and the former maintainer is=20
> no longer available.
> >
> > I was under the assumption that authentication was done=20
> through an LDAP. How do I find out which LDAP server is=20
> PHP/Apache using? It might be right in front of my face in=20
> the apache config or php.ini, but I can't seem to find it.=20
> I'm not sure what it'd be called in those config files. There=20
> is no htaccess or htpasswd files that I could find on the=20
> server. Below is the code that I believe does the authentication.
> >
> > if (!isset($_SERVER['PHP_AUTH_USER'])) {
> > header('WWW-Authenticate: Basic realm=3D"***"');
> > header('HTTP/1.0 401 Unauthorized');
> > echo 'Access denied';
> > exit;
> > }
> > else
> >
> >
> > If anyone can point me right direction, that'd be great.
> >
> > Mike
>=20
> Basic HTTP authentication is not using LDAP. You can use PHP_AUTH_USER
> and PHP_AUTH_PW to verify that the credentials are correct (they'll be
> populated with whatever the user entered). Exactly how you do that is
> up to you (hard code it, look in a database, LDAP, etc.). You then
> send the 401 response code along with WWW-Authenticate if the
> credentials aren't satisfactory.
>=20
> --=20
> Daniel Egeberg
>=20

I'll do some more digging. Would the LDAP authentication be happening =
from apache or from within PHP? The user only sees a username and =
password dialog. If they hit cancel, they get the "Access denied" which =
I was assuming was from this bit of code.

Mike

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: What server am I authenticating to?

Hansen, Mike wrote:
>
>
>> -----Original Message-----
>> From: daniel.egeberg@gmail.com
>> [mailto:daniel.egeberg@gmail.com] On Behalf Of Daniel Egeberg
>> Sent: Wednesday, January 13, 2010 11:39 AM
>> To: Hansen, Mike
>> Cc: php-general@lists.php.net
>> Subject: Re: [PHP] What server am I authenticating to?
>>
>> On Wed, Jan 13, 2010 at 19:04, Hansen, Mike
>> wrote:
>>> I took over maint of an app, and the former maintainer is
>> no longer available.
>>> I was under the assumption that authentication was done
>> through an LDAP. How do I find out which LDAP server is
>> PHP/Apache using? It might be right in front of my face in
>> the apache config or php.ini, but I can't seem to find it.
>> I'm not sure what it'd be called in those config files. There
>> is no htaccess or htpasswd files that I could find on the
>> server. Below is the code that I believe does the authentication.
>>> if (!isset($_SERVER['PHP_AUTH_USER'])) {
>>> header('WWW-Authenticate: Basic realm="***"');
>>> header('HTTP/1.0 401 Unauthorized');
>>> echo 'Access denied';
>>> exit;
>>> }
>>> else
>>>
>>>
>>> If anyone can point me right direction, that'd be great.
>>>
>>> Mike
>> Basic HTTP authentication is not using LDAP. You can use PHP_AUTH_USER
>> and PHP_AUTH_PW to verify that the credentials are correct (they'll be
>> populated with whatever the user entered). Exactly how you do that is
>> up to you (hard code it, look in a database, LDAP, etc.). You then
>> send the 401 response code along with WWW-Authenticate if the
>> credentials aren't satisfactory.
>>
>> --
>> Daniel Egeberg
>>
>
> I'll do some more digging. Would the LDAP authentication be happening from apache or from within PHP? The user only sees a username and password dialog. If they hit cancel, they get the "Access denied" which I was assuming was from this bit of code.
>
> Mike

if it's ldap then most likely you should check the sites apache config
file (apache-dir/sites-available) or .htaccess for something like..


AuthType Basic
AuthName "***"
AuthBasicProvider ldap

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: What server am I authenticating to?

Yep. I found the issue in the apache config.=20

Thanks,

Mike

> -----Original Message-----
> From: Nathan Rixham [mailto:nrixham@gmail.com]=20
> Sent: Wednesday, January 13, 2010 1:12 PM
> To: Hansen, Mike
> Cc: php-general@lists.php.net
> Subject: Re: [PHP] What server am I authenticating to?
>=20
> Hansen, Mike wrote:
> > =20
> >=20
> >> -----Original Message-----
> >> From: daniel.egeberg@gmail.com=20
> >> [mailto:daniel.egeberg@gmail.com] On Behalf Of Daniel Egeberg
> >> Sent: Wednesday, January 13, 2010 11:39 AM
> >> To: Hansen, Mike
> >> Cc: php-general@lists.php.net
> >> Subject: Re: [PHP] What server am I authenticating to?
> >>
> >> On Wed, Jan 13, 2010 at 19:04, Hansen, Mike=20
> >> wrote:
> >>> I took over maint of an app, and the former maintainer is=20
> >> no longer available.
> >>> I was under the assumption that authentication was done=20
> >> through an LDAP. How do I find out which LDAP server is=20
> >> PHP/Apache using? It might be right in front of my face in=20
> >> the apache config or php.ini, but I can't seem to find it.=20
> >> I'm not sure what it'd be called in those config files. There=20
> >> is no htaccess or htpasswd files that I could find on the=20
> >> server. Below is the code that I believe does the authentication.
> >>> if (!isset($_SERVER['PHP_AUTH_USER'])) {
> >>> header('WWW-Authenticate: Basic realm=3D"***"');
> >>> header('HTTP/1.0 401 Unauthorized');
> >>> echo 'Access denied';
> >>> exit;
> >>> }
> >>> else
> >>>
> >>>
> >>> If anyone can point me right direction, that'd be great.
> >>>
> >>> Mike
> >> Basic HTTP authentication is not using LDAP. You can use=20
> PHP_AUTH_USER
> >> and PHP_AUTH_PW to verify that the credentials are correct=20
> (they'll be
> >> populated with whatever the user entered). Exactly how you=20
> do that is
> >> up to you (hard code it, look in a database, LDAP, etc.). You then
> >> send the 401 response code along with WWW-Authenticate if the
> >> credentials aren't satisfactory.
> >>
> >> --=20
> >> Daniel Egeberg
> >>
> >=20
> > I'll do some more digging. Would the LDAP authentication be=20
> happening from apache or from within PHP? The user only sees=20
> a username and password dialog. If they hit cancel, they get=20
> the "Access denied" which I was assuming was from this bit of code.
> >=20
> > Mike
>=20
> if it's ldap then most likely you should check the sites apache config
> file (apache-dir/sites-available) or .htaccess for something like..
>=20
>
> AuthType Basic
> AuthName "***"
> AuthBasicProvider ldap
>=20

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php