logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Coding & Scripting Corner View previous topic :: View next topic
Reply to topic   Topic: Authenticating using LDAP (NTLM SSO)
Author
tony1979



Joined: 04 Jul 2013
Posts: 1
Location: England, Reading

PostPosted: Thu 04 Jul '13 15:40    Post subject: Authenticating using LDAP (NTLM SSO) Reply with quote

Hi all. I've been working solidly for days trying to figure out what's preventing me from using the NTLM LDAP SSO plugin for elgg (http://community.elgg.org/plugins/1046127/0.1/ntlm-ldap-sso); but I'm at a loss now and hope someone might be able to help. The reason I'm posting this here is because I've been redirected fom the github forum, as the problem would appear to be with server configuration as opposed to the elgg software.

My setup

elgg 1.8.15, Apache (with SSL) 2.2.22 (Win32), OpenSSL 0.9.8t, PHP 5.2.17. Internal site running from a Windows 2003 server.

Problem

Users can access the site okay when using their accounts created through elgg, but we would like them to authenticate via their AD credentials and automatically create the account in elgg.

I have configured the LDAP plugin correctly, but it's not even getting to the point of authenticating against my LDAP server as the PHP_AUTH_USER and PHP_AUTH_PW is never getting set. I've checked all the key/values stored in $_SERVER and they simply aren't there. I even checked the error log, and I can see:

Code:
[Thu Jun 27 10:07:52 2013] [error] [client 10.87.23.80] PHP NOTICE: 2013-06-27 10:07:52 (BST): "Undefined index:  PHP_AUTH_USER" in file C:\\Program Files (x86)\\Apache Software Foundation\\Apache2.2\\htdocs\\mod\\ntlm_sso\\start.php (line 57), referer: https://*******/admin/settings/advanced


I've read lots of forums talking about these variables being unavailable in a CGI setup, but this is module mode. If PHP_AUTH_USER isn't being used to store the username/password at the login screen for elgg, then what is? I've even tried editing the .htaccess file to include:

Code:
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]


and then modifying the start.php of the plugin with the following:

Code:
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));


but when looking at the HTTP_AUTHORIZATION value via phpinfo(), it's always empty/not set too:

Code:
HTTP_AUTHORIZATION no value


The error log does show this however:

Code:
[Thu Jun 27 10:33:12 2013] [error] [client 10.87.23.80] PHP NOTICE: 2013-06-27 10:33:12 (BST): "Undefined offset:  1" in file C:\\Program Files (x86)\\Apache Software Foundation\\Apache2.2\\htdocs\\mod\\ntlm_sso\\start.php (line 49), referer: https://*******/admin/settings/advanced


Line 49 is where I create the "list". However, I'm not even confident that this will work, as I'm not running in CGI mode.

Can anyone help? I'm happy to provide further details if required.

Thanks in advance,

Tony.
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU

PostPosted: Sun 28 Jul '13 21:53    Post subject: Reply with quote

You can try:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1


Steffen
Back to top


Reply to topic   Topic: Authenticating using LDAP (NTLM SSO) View previous topic :: View next topic
Post new topic   Forum Index -> Coding & Scripting Corner