Yep. I found the issue in the apache config. Thanks, Mike > -----Original Message----- > From: Nathan Rixham [mailto:nrixham@xxxxxxxxx] > Sent: Wednesday, January 13, 2010 1:12 PM > To: Hansen, Mike > Cc: php-general@xxxxxxxxxxxxx > Subject: Re: What server am I authenticating to? > > Hansen, Mike wrote: > > > > > >> -----Original Message----- > >> From: daniel.egeberg@xxxxxxxxx > >> [mailto:daniel.egeberg@xxxxxxxxx] On Behalf Of Daniel Egeberg > >> Sent: Wednesday, January 13, 2010 11:39 AM > >> To: Hansen, Mike > >> Cc: php-general@xxxxxxxxxxxxx > >> Subject: Re: What server am I authenticating to? > >> > >> On Wed, Jan 13, 2010 at 19:04, Hansen, Mike > >> <Mike.Hansen@xxxxxxxxx> wrote: > >>> I took over maint of an app, and the former maintainer is > >> no longer available. > >>> I was under the assumption that authentication was done > >> through an LDAP. How do I find out which LDAP server is > >> PHP/Apache using? It might be right in front of my face in > >> the apache config or php.ini, but I can't seem to find it. > >> I'm not sure what it'd be called in those config files. There > >> is no htaccess or htpasswd files that I could find on the > >> server. Below is the code that I believe does the authentication. > >>> if (!isset($_SERVER['PHP_AUTH_USER'])) { > >>> header('WWW-Authenticate: Basic realm="***"'); > >>> header('HTTP/1.0 401 Unauthorized'); > >>> echo 'Access denied'; > >>> exit; > >>> } > >>> else > >>> > >>> > >>> If anyone can point me right direction, that'd be great. > >>> > >>> Mike > >> Basic HTTP authentication is not using LDAP. You can use > PHP_AUTH_USER > >> and PHP_AUTH_PW to verify that the credentials are correct > (they'll be > >> populated with whatever the user entered). Exactly how you > do that is > >> up to you (hard code it, look in a database, LDAP, etc.). You then > >> send the 401 response code along with WWW-Authenticate if the > >> credentials aren't satisfactory. > >> > >> -- > >> Daniel Egeberg > >> > > > > I'll do some more digging. Would the LDAP authentication be > happening from apache or from within PHP? The user only sees > a username and password dialog. If they hit cancel, they get > the "Access denied" which I was assuming was from this bit of code. > > > > Mike > > if it's ldap then most likely you should check the sites apache config > file (apache-dir/sites-available) or .htaccess for something like.. > > <Location /> > AuthType Basic > AuthName "***" > AuthBasicProvider ldap > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
