Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Authenticating using LDAP (NTLM SSO) |
|
| Author |
|
tony1979
Joined: 04 Jul 2013
Posts: 1
Location: England, Reading
|
 Posted: Thu 04 Jul '13 15:40 Post subject: Authenticating using LDAP (NTLM SSO) |
 |
|
Hi all. I've been working solidly for days trying to figure out what's preventing me from using the NTLM LDAP SSO plugin for elgg (http://community.elgg.org/plugins/1046127/0.1/ntlm-ldap-sso); but I'm at a loss now and hope someone might be able to help. The reason I'm posting this here is because I've been redirected fom the github forum, as the problem would appear to be with server configuration as opposed to the elgg software.
My setup
elgg 1.8.15, Apache (with SSL) 2.2.22 (Win32), OpenSSL 0.9.8t, PHP 5.2.17. Internal site running from a Windows 2003 server.
Problem
Users can access the site okay when using their accounts created through elgg, but we would like them to authenticate via their AD credentials and automatically create the account in elgg.
I have configured the LDAP plugin correctly, but it's not even getting to the point of authenticating against my LDAP server as the PHP_AUTH_USER and PHP_AUTH_PW is never getting set. I've checked all the key/values stored in $_SERVER and they simply aren't there. I even checked the error log, and I can see:
| Code: | | [Thu Jun 27 10:07:52 2013] [error] [client 10.87.23.80] PHP NOTICE: 2013-06-27 10:07:52 (BST): "Undefined index: PHP_AUTH_USER" in file C:\\Program Files (x86)\\Apache Software Foundation\\Apache2.2\\htdocs\\mod\\ntlm_sso\\start.php (line 57), referer: https://*******/admin/settings/advanced |
I've read lots of forums talking about these variables being unavailable in a CGI setup, but this is module mode. If PHP_AUTH_USER isn't being used to store the username/password at the login screen for elgg, then what is? I've even tried editing the .htaccess file to include:
| Code: | | RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] |
and then modifying the start.php of the plugin with the following:
| Code: | | list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); |
but when looking at the HTTP_AUTHORIZATION value via phpinfo(), it's always empty/not set too:
| Code: | | HTTP_AUTHORIZATION no value |
The error log does show this however:
| Code: | | [Thu Jun 27 10:33:12 2013] [error] [client 10.87.23.80] PHP NOTICE: 2013-06-27 10:33:12 (BST): "Undefined offset: 1" in file C:\\Program Files (x86)\\Apache Software Foundation\\Apache2.2\\htdocs\\mod\\ntlm_sso\\start.php (line 49), referer: https://*******/admin/settings/advanced |
Line 49 is where I create the "list". However, I'm not even confident that this will work, as I'm not running in CGI mode.
Can anyone help? I'm happy to provide further details if required.
Thanks in advance,
Tony. |
|
| Back to top |
|
Steffen
Moderator
Joined: 15 Oct 2005
Posts: 3092
Location: Hilversum, NL, EU
|
| Posted: Sun 28 Jul '13 21:53 Post subject: |
|
|
You can try:
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
Steffen |
|
| Back to top |
|
|
|
|
|
|
