Is there a way to get a password from HTTP authorization header in Apache2 config?

Question

I've found that I can access HTTP Authorization header by the following code

RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

Unfortunately I don't understand how to decode it from base64 and then split username and password.

Of course it's very easy to do this outside apache config, but I need user name and password inside the config in order to pass them to LDAP authorization module.

Actually I want to do something like this:

<Directory "C:/my/directory">
    WSGIApplicationGroup %{GLOBAL}
    Order deny,allow
    Allow from all

    AuthType Basic
    AuthName "Trac"
    AuthBasicProvider "ldap"
    AuthLDAPURL "ldap://domain.local:3268/DC=domain,DC=local?sAMAccountName?sub?> (objectClass=user)"
    AuthLDAPBindDN       %{HTTP_USER}@domain.local
    AuthLDAPBindPassword %{HTTP_PASSWORD}

    AuthzLDAPAuthoritative off

    Require valid-user
</Directory>

I need this because our LDAP server doesn't accept anonymous requests.

Answer 1

Basically, you should create dedicated LDAP user for authorization.

Related to HTTP_AUTHORIZATION header, check RFC2617 http://www.ietf.org/rfc/rfc2617.txt

It depends on which auth scheme you are using.From BASIC scheme you can decode USERNAME and PASSWORD, but from other maybe not possible (NTLM).