httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Müller Johannes <>
Subject Re: Client authorization against LDAP using client certificates
Date Fri, 04 Jul 2008 09:43:23 GMT
Well, this would require quite big changes to all authentication modules, i guess.
I think, the better way would be to skip authentication completely in mod_auth_basic in case
the user is set in the request object, because the user is already authenticated somehow through

-----Ursprüngliche Nachricht-----
Von: Graham Leggett [] 
Gesendet: Freitag, 4. Juli 2008 11:14
Betreff: Re: Client authorization against LDAP using client certificates

Müller Johannes wrote:

> we want to use client authorization against LDAP using client certificates on Apache
webserver 2.2.
> Unfortunately this is not possible with Apache webserver at the current state of development.
> There have been third party modules (ModXAuthLDAP, mod_authz_ldap) in the past which
did this task quite well.
> But they haven't been updated for years and therefore do not work with httpd newer than
> Therefore my company has put some effort in developing a reasonable solution for its

I think the thing that is missing is that the FakeBasicAuth option 
within mod_ssl should flag the request to say that a password isn't 

mod_authnz_ldap (and others) should then be taught to recognise this 
flag within the request, and not test the password if this is the case.


View raw message