LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 03-12-2008, 10:55 AM   #1
starmonche
Member
 
Registered: Jan 2007
Location: Overland Park
Distribution: Centos6
Posts: 60

Rep: Reputation: 15
Apache redirect based on LDAP authentication


I'm building a job request intranet site using PHP and MySQL and am looking for a way to either redirect a user to a certain page based on their LDAP login or be able to disable certain pieces of the page based on their AD username/group.

For example, people in the admin group could have full control and be able to edit all records but anyone else would only be able to submit new records and see records that they've submitted.

My current "solution" is to create a shortcut on each user's desktop that passes along their AD login name when opening the site. (IE http://sitename/jrequest.html?user=thilfiger) but I'd prefer doing it the "right" way.

The webserver is Ubuntu and it's on the domain (as in I can log on locally using my domain credentials) so that piece is already taken care of. The server is running the latest stable Apache, MySQL, and PHP versions.
 
Old 03-12-2008, 11:31 PM   #2
frndrfoe
Member
 
Registered: Jan 2008
Distribution: RHEL, CentOS, Ubuntu
Posts: 379

Rep: Reputation: 38
unless there is something in the environment variables that are sent from the browser to the web server that you can key off of like the hostname you will have to reley on the uname/passwd that they provide when they access the page. Then you could use the php scripts to determine their access rights.
 
Old 03-13-2008, 12:09 AM   #3
leebrent
Member
 
Registered: Oct 2007
Location: Nanaimo
Distribution: Red Hat 5
Posts: 39

Rep: Reputation: 15
You could use a PHP query to pull information out of LDAP. This would allow you to store a URL in LDAP for that user?

http://ca3.php.net/ldap

Creating a secure session variable with the user information in it would be the easiest. Might pull some level of access out of LDAP an LDAP query to use when figuring out what level of access that user should have on site.

Cheers,

Brent.
 
Old 03-21-2008, 11:42 AM   #4
starmonche
Member
 
Registered: Jan 2007
Location: Overland Park
Distribution: Centos6
Posts: 60

Original Poster
Rep: Reputation: 15
AuthType Basic
AuthName "LDAP Auth"
AuthBasicProvider ldap
AuthLDAPBindDN cn=USERNAME,ou=Accounts,ou=Admin,DC=companyname,DC=com
AuthLDAPBindPassword "PASSWORD"
AuthLDAPURL ldap://10.0.0.28/ou=Admin,dc=companyname,dc=com?sAMAccountName?sub?(objectClass=user)
AuthzLDAPAuthoritative off
Require valid-user

--------------------------

The above text is my .htaccess file and it works by binding to LDAP with the user "USERNAME" and the password "PASSWORD" and then validates the existence of the account/password the user provides when opening the page. Can this be rewritten to bind and validate with the credentials provided by the user instead of the account I've hard-coded here?

Last edited by starmonche; 03-24-2008 at 09:56 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
apache ldap authentication with htpasswd laggerific Linux - Software 3 01-07-2010 09:37 AM
LXer: Apache authentication and authorization using LDAP LXer Syndicated Linux News 0 10-31-2007 04:50 PM
Apache LDAP authentication Amuro-Ray2020 Linux - Security 5 07-28-2007 07:31 PM
ldap authentication for Apache anjani.78 Linux - Software 1 08-03-2006 05:06 AM
LXer: LDAP-Based Authentication for Samba LXer Syndicated Linux News 0 02-02-2006 02:01 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 06:46 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration