Talk:How to fill out a person's name, email address and SUNetID on a form behind WebAuth with PHP

From Web Services Wiki

Jump to: navigation, search

You have to use the 'WebAuthLdapAttribute' directive in an .htaccess file in the same directory of your form in order to have those environment variables available.

Strangely, just using:

AuthType WebAuth
Require valid-user
WebAuthLdapAttribute displayName 

Gave me all of the attributes.

I couldn't get it to "automagically" fill in otherwise.

Also, you need to be sure to wrap your variables in <?php ?> tags in order for PHP to recognize them (assuming you're building this form in an .html document), like so:


$sunetid = $_ENV['WEBAUTH_USER'];
$email = $_ENV['WEBAUTH_LDAP_MAIL'];


Jbickar 09:00, 19 October 2009 (PDT)

Installing Auto-Fill on your own server

 The previous instructions work well if you are using the Stanford web server, but if you are using your own server, and want to do Auto-Fill behind WebAuth, then you need a slightly different set of instructions.


The first step in setting this up was getting permission from all the people who control the LDAP data according to the Stanford policy outlined at

You need to know the fields you want to access.

PHP must be installed along with WebAuth

In order to activate PHP imbedded within HTML, the following line must be present in the Apache httpd.conf file

 AddType application/x-httpd-php .php .html

Supposedly, you can also try a test using the command (doesn't work for me.)

 k5start -f /usr/local/apache2/conf/webauth webauth/ -- ldapsearch -h ldap -Y GSSAPI uid=kozar


To use this, the web site must be protected by WebAuth. To do this, create the following .htaccess file and put it in the directory you want to protect and Auto-Fill.  List all the fields you want to capture and WebAuth will grab this info and store it in a set of PHP variables.

 AuthType WebAuth
 require valid-user
 WebAuthLdapAttribute displayName
 WebAuthLdapAttribute mail
 WebAuthLdapAttribute cn
 WebAuthLdapAttribute givenName
 WebAuthLdapAttribute o
 WebAuthLdapAttribute ou
 WebAuthLdapAttribute sn
 WebAuthLdapAttribute street
 WebAuthLdapAttribute suCN
 WebAuthLdapAttribute suLocalPhone
 WebAuthLdapAttribute suSunetID
 WebAuthLdapAttribute uid

This will generate all the different variables that need to be used. There are many more, but at this time, this is all we have requested permission to access. If more fields need to be accessed, just request permission again. You can be test whether the information has been captured by putting the following file in the directory. Filename = test.php


Make sure permissions on that file are 755

Then run the file from a web browser

This will dump all sorts of information about PHP including the $_SYSTEM variables that will hold the WebAuth information. If values for these variables appear in the "phpinfo" page, then the connection to the main campus LDAP server is working OK.

Now that this is done, we can modify our web pages according to the Auto-Fill instructions on the Stanford Wiki
with the following changes.

Here is an example of the code that will grab some information, then display it in a form

 <form name="testform" action="save.php" method="post">
 <label for="email">E-mail address:</label><br>
 <input type="text" name="email" id="email" value="<?=htmlspecialchars($email)?>">
 <input type="submit" name="submit" value="Save" >

Other methods of embedding PHP within HTML don't work as advertised. Especially stuff like

 <input name="name" type="text" id="name" value="<?php echo "$name";?>">

 <input type="hidden" name="formvar" value="<?php phpvar=10; echo phpvar; ?>"> // PHP code inside HTML!!
Personal tools