Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re: Intranet - Get User ID from AD

by NERDVANA (Deacon)
on Nov 20, 2021 at 14:51 UTC ( [id://11138981]=note: print w/replies, xml ) Need Help??


in reply to Intranet - Get User ID from AD

I have some brief exposure to this problem, so I might not be able to give you all the answers, but can at least give some hints on where to look.

One of our customers wanted to authenticate users based on active directory, and we found that web browsers and web servers each usually have a "gssapi" plugin that can do the authentication based on current windows user. What we ended up doing was installing the gssapi plugin for apache, then doing a bunch of awkward kerberos ticket things for the linux server than ran apache, then have the gssapi plugin handle the entire http auth sequence and then hand a header to the perl app, So the perl app never needed to talk to active directory, it just reads a header in the request to know who is authenticated. (and be sure to configure apache to not allow that header to be supplied by the client!)

One disadvantage of that method is because it is HTTP auth, there is no way to log out. If they are logged in on the desktop they have access and if not they don't. If you wanted to control it from Perl, you would need to handle the http auth handshake on your own, using a plugin for whatever web framework you use, if one exists.

I'm also not sure if it is possible to get the browser to report the username without going through the full auth sequence.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11138981]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others exploiting the Monastery: (3)
As of 2024-03-28 17:17 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found