有没有办法从 Apache2 配置中的 HTTP 授权标头获取密码？

发布于 2024-11-13 08:42:24 字数 790 浏览 3 评论 0原文

我发现我可以通过以下代码访问 HTTP 授权标头，

RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

不幸的是我不明白如何从 base64 对其进行解码，然后拆分用户名和密码。

当然，在 apache 配置之外执行此操作非常容易，但我需要配置内的用户名和密码才能将它们传递到 LDAP 授权模块。

实际上我想做这样的事情：

<Directory "C:/my/directory">
    WSGIApplicationGroup %{GLOBAL}
    Order deny,allow
    Allow from all

    AuthType Basic
    AuthName "Trac"
    AuthBasicProvider "ldap"
    AuthLDAPURL "ldap://domain.local:3268/DC=domain,DC=local?sAMAccountName?sub?> (objectClass=user)"
    AuthLDAPBindDN       %{HTTP_USER}@domain.local
    AuthLDAPBindPassword %{HTTP_PASSWORD}

    AuthzLDAPAuthoritative off

    Require valid-user
</Directory>

我需要这个，因为我们的 LDAP 服务器不接受匿名请求。

原文

I've found that I can access HTTP Authorization header by the following code

RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

Unfortunately I don't understand how to decode it from base64 and then split username and password.

Of course it's very easy to do this outside apache config, but I need user name and password inside the config in order to pass them to LDAP authorization module.

Actually I want to do something like this:

<Directory "C:/my/directory">
    WSGIApplicationGroup %{GLOBAL}
    Order deny,allow
    Allow from all

    AuthType Basic
    AuthName "Trac"
    AuthBasicProvider "ldap"
    AuthLDAPURL "ldap://domain.local:3268/DC=domain,DC=local?sAMAccountName?sub?> (objectClass=user)"
    AuthLDAPBindDN       %{HTTP_USER}@domain.local
    AuthLDAPBindPassword %{HTTP_PASSWORD}

    AuthzLDAPAuthoritative off

    Require valid-user
</Directory>

I need this because our LDAP server doesn't accept anonymous requests.

分享到QQ

分享到微博