My reason behind posting here, is since it is still unclear in my experience what specific needs should be met to be able to make this happen.

We run our PHP applications with an iSeries Apache web server. Our customers take presctiption IE. We all do use AD for the usernames within our company network.

The present apache server setup doesn't need any customers to sign in to the pages... if you're on our network, you can get the page.

It is possible to way (through LDAP or any other means) of having the drenched on home windows username? Your final last measure, is always to redirect the customers for an ASP.Internet site located on our home windows servers, and pass the username to the PHP application. However, this can be a very last measure.

The hyperlink here: Can you receive a Home windows (AD) username in PHP? has a number of good suggestions, nevertheless the AUTH_USER variable IS empty as pointed out within the link... and that i dont think the iSeries Apache server can use Home windows integrated auth.

If a person could explain my options, and (if at all possible) the problem of individuals options... it might be grealy appreciated. Be as specific as you possibly can like me not familiar with LDAP or server designs.

You will get it from an ActiveX object and JavaScript since you are using IE. To obtain this into PHP, maybe include it as being a concealed area inside a login page?

try {
  var activex = new ActiveXObject('WScript.Network');
  document.write(activex.userName);
} catch (ex) {
  document.write("unable to get user info");
}

From my experience writing SSO handling for PHP applications, you may make the work using a mix of mod_auth_ntlm and Kerberos (take a look at this link, it's not far from things i remember, though my original setup was ~five years ago on the Gentoo box). Basically recall properly, you need to discover the username within the $_SERVER["REMOTE_USER"] variable within this setup.