2016-10-15 19:57:04 +02:00
<!DOCTYPE html>
< html lang = "en" dir = "ltr" >
< head >
< meta charset = "utf-8" / >
< title > documentation:2.0:header_remote_user_conversion< / title >
< meta name = "generator" content = "DokuWiki" / >
< meta name = "robots" content = "index,follow" / >
< meta name = "keywords" content = "documentation,2.0,header_remote_user_conversion" / >
< link rel = "search" type = "application/opensearchdescription+xml" href = "lib/exe/opensearch.html" title = "LemonLDAP::NG" / >
< link rel = "start" href = "header_remote_user_conversion.html" / >
< link rel = "contents" href = "header_remote_user_conversion.html" title = "Sitemap" / >
< link rel = "stylesheet" type = "text/css" href = "lib/exe/css.php.t.bootstrap3.css" / >
2017-02-07 17:35:26 +01:00
<!-- //if:usedebianlibs
< link rel = "stylesheet" type = "text/css" href = "/javascript/bootstrap/css/bootstrap.min.css" / >
//elsif:useexternallibs
< link rel = "stylesheet" type = "text/css" href = "https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" > < / script >
//elsif:cssminified
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.min.css" / >
//else -->
< link rel = "stylesheet" type = "text/css" href = "/static/bwr/bootstrap/dist/css/bootstrap.css" / >
<!-- //endif -->
2016-10-15 19:57:04 +02:00
< script type = "text/javascript" > / * < ! [ C D A T A [ * / v a r N S = ' d o c u m e n t a t i o n : 2 . 0 ' ; v a r J S I N F O = { " i d " : " d o c u m e n t a t i o n : 2 . 0 : h e a d e r _ r e m o t e _ u s e r _ c o n v e r s i o n " , " n a m e s p a c e " : " d o c u m e n t a t i o n : 2 . 0 " } ;
/*!]]>*/< / script >
< script type = "text/javascript" charset = "utf-8" src = "lib/exe/js.php.t.bootstrap3.js" > < / script >
2017-02-07 17:35:26 +01:00
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery/jquery.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/jquery-2.2.0.min.js" > < / script >
//elsif:jsminified
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.min.js" > < / script >
//else -->
< script type = "text/javascript" src = "/static/bwr/jquery/dist/jquery.js" > < / script >
<!-- //endif -->
<!-- //if:usedebianlibs
< script type = "text/javascript" src = "/javascript/jquery-ui/jquery-ui.min.js" > < / script >
//elsif:useexternallibs
< script type = "text/javascript" src = "http://code.jquery.com/ui/1.10.4/jquery-ui.min.js" > < / script >
//elsif:jsminified
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.min.js" > < / script >
2017-02-07 17:35:26 +01:00
//else -->
2018-03-08 13:29:31 +01:00
< script type = "text/javascript" src = "/static/bwr/jquery-ui/jquery-ui.js" > < / script >
2017-02-07 17:35:26 +01:00
<!-- //endif -->
2016-10-15 19:57:04 +02:00
< / head >
< body >
< div class = "dokuwiki export container" >
< h1 class = "sectionedit1" id = "convert_http_header_into_environment_variable" > Convert HTTP header into environment variable< / h1 >
< div class = "level1" >
2017-10-24 13:04:03 +02:00
< / div >
<!-- EDIT1 SECTION "Convert HTTP header into environment variable" [1 - 61] -->
< h2 class = "sectionedit2" id = "apache" > Apache< / h2 >
< div class = "level2" >
2016-10-15 19:57:04 +02:00
< p >
Using < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > in reverse proxy mode, you will not have the < code > REMOTE_USER< / code > environment variable set. Indeed, this variable is set by the Handler on the physical server hosting the Handler, and not on other servers where the Handler is not installed.
< / p >
< p >
Apache < a href = "http://httpd.apache.org/docs/current/mod/mod_setenvif.html" class = "urlextern" title = "http://httpd.apache.org/docs/current/mod/mod_setenvif.html" rel = "nofollow" > SetEnvIf module< / a > will let you transform the Auth-User HTTP header in < code > REMOTE_USER< / code > environment variable:
< / p >
< pre class = "code file apache" > < span class = "kw1" > SetEnvIfNoCase< / span > Auth-< span class = "kw1" > User< / span > < span class = "st0" > " (.*)" < / span > REMOTE_USER=$1< / pre >
< p >
This can be used to protect applications relying on < code > REMOTE_USER< / code > environment variable in reverse proxy mode. In this case you will have two Apache configuration files:
< / p >
< ul >
< li class = "level1" > < div class = "li" > Apache configuration file on < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > reverse proxy (hosting < abbr title = "LemonLDAP::NG" > LL::NG< / abbr > Handler):< / div >
< / li >
< / ul >
< pre class = "code file apache" > < < span class = "kw3" > VirtualHost< / span > *:< span class = "nu0" > 80< / span > >
< span class = "kw1" > ServerName< / span > application.example.com
PerlHeaderParserHandler Lemonldap::NG::Handler
< span class = "kw1" > ProxyPreserveHost< / span > < span class = "kw2" > on< / span >
< span class = "kw1" > ProxyPass< / span > / http://APPLICATION_IP/
< span class = "kw1" > ProxyPassReverse< / span > / http://APPLICATION_IP/
< /< span class = "kw3" > VirtualHost< / span > > < / pre >
< ul >
< li class = "level1" > < div class = "li" > Apache configuration file on application server (hosting the application):< / div >
< / li >
< / ul >
< pre class = "code file apache" > < < span class = "kw3" > VirtualHost< / span > *:< span class = "nu0" > 80< / span > >
< span class = "kw1" > ServerName< / span > application.example.com
< span class = "kw1" > SetEnvIfNoCase< / span > Auth-< span class = "kw1" > User< / span > < span class = "st0" > " (.*)" < / span > REMOTE_USER=$1
< span class = "kw1" > DocumentRoot< / span > /var/www/application
< /< span class = "kw3" > VirtualHost< / span > > < / pre >
< div class = "notetip" > Sometimes, PHP applications also check the PHP_AUTH_USER and PHP_AUHT_PW environment variables. You can set them the same way:
< pre class = "code file apache" > < span class = "kw1" > SetEnvIfNoCase< / span > Auth-< span class = "kw1" > User< / span > < span class = "st0" > " (.*)" < / span > PHP_AUTH_USER=$1
< span class = "kw1" > SetEnvIfNoCase< / span > Auth-Password < span class = "st0" > " (.*)" < / span > PHP_AUTH_PW=$1< / pre >
< p >
Of course, you need to < a href = "passwordstore.html" class = "wikilink1" title = "documentation:2.0:passwordstore" > store password in session< / a > to fill PHP_AUTH_PW.
< / p >
< / div >
< / div >
2017-10-24 13:04:03 +02:00
<!-- EDIT2 SECTION "Apache" [62 - 1756] -->
< h2 class = "sectionedit3" id = "nginx" > Nginx< / h2 >
< div class = "level2" >
< p >
Nginx doesn' t launch directly PHP pages (or other languages): it dials with FastCGI servers (like php-fpm). As you can see in examples, it' s easy to map a LLNG header to a fastcgi param. Example:
< / p >
< pre class = "code file nginx" > auth_request_set $authuser $upstream_http_auth_user;
fastcgi_param HTTP_MYVAR $authuser;< / pre >
2016-10-15 19:57:04 +02:00
< / div >
2017-10-24 13:04:03 +02:00
<!-- EDIT3 SECTION "Nginx" [1757 - ] --> < / div >
2016-10-15 19:57:04 +02:00
< / body >
< / html >