Return-Path: Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: (qmail 69298 invoked from network); 4 Jul 2008 13:50:15 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 4 Jul 2008 13:50:15 -0000 Received: (qmail 29188 invoked by uid 500); 4 Jul 2008 13:50:13 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 29134 invoked by uid 500); 4 Jul 2008 13:50:13 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 29123 invoked by uid 99); 4 Jul 2008 13:50:13 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Jul 2008 06:50:13 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [62.134.35.91] (HELO mail5.eon-is.com) (62.134.35.91) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Jul 2008 13:49:22 +0000 Received: from unknown (HELO sa00191.server.eon-energie.net) ([10.16.96.203]) by mail5.eon-is.com with ESMTP; 04 Jul 2008 15:48:41 +0200 Received: from sme0044.o.eon-energie.net ([10.16.96.208]) by sa00191.server.eon-energie.net with ESMTP; 04 Jul 2008 15:48:41 +0200 Received: from SME0008.o.eon-energie.net ([10.16.96.130]) by SME0044.o.eon-energie.net with Microsoft SMTPSVC(6.0.3790.1830); Fri, 4 Jul 2008 15:48:42 +0200 Received: from SME0011.o.eon-energie.net ([10.16.96.133]) by SME0008.o.eon-energie.net with Microsoft SMTPSVC(6.0.3790.1830); Fri, 4 Jul 2008 15:48:42 +0200 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: AW: Client authorization against LDAP using client certificates Date: Fri, 4 Jul 2008 15:48:41 +0200 Message-ID: <2DA2D25922A8EF48B9357D19AE7E0CE4075E3F9E@SME0011.o.eon-energie.net> In-Reply-To: <99EA83DCDE961346AFA9B5EC33FEC08BEDB46A@VF-MBX11.internal.vodafone.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Client authorization against LDAP using client certificates Thread-Index: Acjd0Y4iwq+8FHgYQUOnpBMxIfsDRgAACK1gAAF5qvAAASSccA== References: <2DA2D25922A8EF48B9357D19AE7E0CE4075E394D@SME0011.o.eon-energie.net> <486DE9C6.1080909@sharp.fm> <2DA2D25922A8EF48B9357D19AE7E0CE4075E3CA6@SME0011.o.eon-energie.net> <1404e5910807040528o6b55937ey7626182e23005567@mail.gmail.com> <2DA2D25922A8EF48B9357D19AE7E0CE4075E3F52@SME0011.o.eon-energie.net> <99EA83DCDE961346AFA9B5EC33FEC08BEDB46A@VF-MBX11.internal.vodafone.com> From: =?iso-8859-1?Q?M=FCller_Johannes?= To: X-OriginalArrivalTime: 04 Jul 2008 13:48:42.0363 (UTC) FILETIME=[ABB8FCB0:01C8DDDC] X-Virus-Checked: Checked by ClamAV on apache.org Yeah, we thought about this one too, but we tend to get this = functionality into the apache source linked directly to the AAA model. Greetings -----Urspr=FCngliche Nachricht----- Von: "Pl=FCm, R=FCdiger, VF-Group" [mailto:ruediger.pluem@vodafone.com]=20 Gesendet: Freitag, 4. Juli 2008 15:19 An: dev@httpd.apache.org Betreff: Re: Client authorization against LDAP using client certificates You can do it this way and make your module non authoritative by returning DECLINED. See http://httpd.apache.org/docs/2.2/en/mod/mod_auth_basic.html#authbasicauth= oritative http://httpd.apache.org/docs/2.2/en/mod/mod_authnz_ldap.html#authzldapaut= horitative You can make this configurable by creating something like a=20 AuthCertAuthoritative directive in you module. And based on its value = you return either DECLINED or DONE. Regards R=FCdiger