I'm running Apache 2.x, PHP 5 with the mod_auth_sspi module and adLDAP ( http://adldap.sourceforge.net/
). I can use adLDAP against AD to authenticate a user, but I'm trying to do seamless authentication (using FAQ #6 on http://adldap.sourceforge.net/faq.php
). This will be used on the internal domain cobbworld.com.
The problem is the sample code (attached as a snippet) always returns, ProWEBDEV-VM/admin as the user when I try hitting the server (from another box where I am logged into the domain). I check the $_SERVER['REMOTE_USER'] variable and it is always ProWEBDEV-VM/admin.
I am logged into my VM web server through VCenter, and this response is coming from my desktop where I am using my company username/password (both on cobbworld). When other users try to access the test page, they recieve a message box prompting them for a username and password.
I'm confused as to what is going on. Help? Please let me know what information would be helpful.
Also - from the documentation of mod_auth_sspi, it seems like it could do the seamless authentication w/o the need for adLDAP. I've done this much easier before with ASP, but I need to do it w/ PHP now. Thanks!
$cred = explode('\\',$_SERVER['REMOTE_USER']);
if (count($cred) == 1) array_unshift($cred, "(no domain info - perhaps SSPIOmitDomain is On)");
list($domain, $user) = $cred;
echo "You appear to be user <B>$user</B><BR/>";
echo "logged into the domain <B>$domain</B>";
Here's my output (from my local machine on the domain w/ my user ID):
You appear to be user admin
logged into the domain PROWEBDEV-VM
(Note: I log on to my dev server as admin/PROWEBDEV-VM... and httpd.exe is running as a SYSTEM service.)