I am authenticating my users with the following configuration (simplified)

<AuthnProviderAlias ldap server1>
  AuthLDAPURL ldap://server1/whatever?uid?one?

<AuthnProviderAlias ldap server2>
  AuthLDAPURL ldap://server2/whatever?uid?one?

<Location />
  AuthName "Realm"
  AuthType Basic
  AuthBasicProvider server1 server2
  AuthzLDAPAuthoritative off
  require valid-user

Is there any way I can know if which LDAP server my user was authenticated from? When the authentication is sucessful I'd like to set an HTTP header (something like "SourceLDAPServer: server2") to be able to tell which server the user was valid in. Is that possible with Apache 2.2.x?

2 Answers2


Should be possible with Apache mod_headers. I don't know about the environment variables mod_ldap would use, though. If you have PHP installed, just create a PHP file containing line

<?php phpinfo(); ?>

And surf to that file. See the environment variables printed in that page and try to find out if there are any ldap variables around.

It seems the only way to do this is to select more attributes from the LDAP servers like so:

<AuthnProviderAlias ldap server1>
  AuthLDAPURL ldap://server1/whatever?uid,type1?one?

<AuthnProviderAlias ldap server2>
  AuthLDAPURL ldap://server2/whatever?uid,type2?one?

When the authentication succeeds you find either AUTHENTICATE_type1 or AUTHENTICATE_type2 as environment variables depending on which LDAP server did the authentication.

With mod_headers, it then becomes possible to setup the header value this way

Header set UserType type1 env=AUTHENTICATE_type1
Header set UserType type2 env=AUTHENTICATE_type2
