httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <minf...@sharp.fm>
Subject Re: X.509 client certificates and LDAP authorization
Date Tue, 08 Sep 2009 11:41:45 GMT
Udo Rader wrote:

> I am just trying to set up a X.509 client certificates + LDAP based
> authorizaton system.
> 
> I've setup all pieces best to my knowledge (mod_ssl, mod_auth_basic,
> mod_auth_ldap), but I am still having problems to connect to our LDAP
> server because "SSLOption FakeBasicAuth" still explicically requires
> "password" as password for each user in order to successfully
> authenticate against mod_auth_ldap.

Authenticate or authorise?

Are you trying to authenticate the user using SSL certs, and then
authorise the user using LDAP? Or do you want users to be authenticated
both by SSL client certs and by LDAP?

Authenticate: is the user who the user says they are?
Authorise: is the user allowed to access the resource?

In theory, authenticate using SSL and authorise using LDAP should work,
it would be a bug if it doesn't.

Authenticating against both cert and LDAP at the same time definitely
doesn't work, but shouldn't be too difficult to patch.

Regards,
Graham
--

Mime
View raw message