Re: X.509 client certificates and LDAP authorization

Find in this group all groups

Home Log In Sign Up FAQ

Unknown

more information…

d : dev@httpd.apache.org

8 September 2009 • 11:23PM -0400

Re: X.509 client certificates and LDAP authorization
by Udo Rader

Google me that

REPLY TO AUTHOR

Google me that

REPLY TO GROUP

Graham Leggett wrote:
> Udo Rader wrote:
>
>> Maybe a more concrete sample can help clarify what I am talking about,
>> here's my approximate setup:
>>
>> <Location /fooBar>
>>   SSLVerifyClient require
>>   SSLRequireSSL
>>
>>   SSLOptions +FakeBasicAuth
>>   AuthName "Snake Oil Authentication"
>>   AuthType Basic
>>   AuthBasicProvider ldap
>>   AuthLDAPRemoteUserAttribute uid
>>
>>   AuthLDAPURL ldap://127.0.0.1/dc=example,dc=com?subjectDN?one
>>   require valid-user
>> </Location>
>
> Right, so you're trying to authenticate twice, first using certs, then
> using LDAP, and you're not trying to authorise at all ("require
> valid-user").

Well, I am not trying to authorize *yet* :-)

> That it doesn't do (yet), but shouldn't be hard to implement. mod_ssl
> needs to signal that the user has been successfully authenticated using
> a cert, and mod_authnz_ldap needs to respond to the signal that the user
> has been successfully authenticated using a cert, and skip the password
> check if so.

Ok, so the situation has not changed in the meantime (as I had hoped :-)

I will try my luck tweaking the sources then and be back.

--
Udo Rader, CTO
http://www.bestsolution.at
http://riaschissl.blogspot.com

Bookmark with:

Delicious

Digg

Facebook

StumbleUpon

Related Messages

opensubscriber is not affiliated with the authors of this message nor responsible for its content.