> -----Original Message-----
> From: daniel.egeb...@gmail.com 
> [mailto:daniel.egeb...@gmail.com] On Behalf Of Daniel Egeberg
> Sent: Wednesday, January 13, 2010 11:39 AM
> To: Hansen, Mike
> Cc: php-general@lists.php.net
> Subject: Re: [PHP] What server am I authenticating to?
> 
> On Wed, Jan 13, 2010 at 19:04, Hansen, Mike 
> <mike.han...@atmel.com> wrote:
> > I took over maint of an app, and the former maintainer is 
> no longer available.
> >
> > I was under the assumption that authentication was done 
> through an LDAP. How do I find out which LDAP server is 
> PHP/Apache using? It might be right in front of my face in 
> the apache config or php.ini, but I can't seem to find it. 
> I'm not sure what it'd be called in those config files. There 
> is no htaccess or htpasswd files that I could find on the 
> server. Below is the code that I believe does the authentication.
> >
> > if (!isset($_SERVER['PHP_AUTH_USER'])) {
> >                header('WWW-Authenticate: Basic realm="***"');
> >                header('HTTP/1.0 401 Unauthorized');
> >                echo 'Access denied';
> >                exit;
> > }
> > else
> >
> >
> > If anyone can point me right direction, that'd be great.
> >
> > Mike
> 
> Basic HTTP authentication is not using LDAP. You can use PHP_AUTH_USER
> and PHP_AUTH_PW to verify that the credentials are correct (they'll be
> populated with whatever the user entered). Exactly how you do that is
> up to you (hard code it, look in a database, LDAP, etc.). You then
> send the 401 response code along with WWW-Authenticate if the
> credentials aren't satisfactory.
> 
> -- 
> Daniel Egeberg
> 

I'll do some more digging. Would the LDAP authentication be happening from 
apache or from within PHP? The user only sees a username and password dialog. 
If they hit cancel, they get the "Access denied" which I was assuming was from 
this bit of code.

Mike

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to