httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sarath Chandra M" <sarath.chan...@uaeexchange.com>
Subject RE: [users@httpd] LDAP authentication & Certificate authentication
Date Tue, 22 Oct 2002 09:18:52 GMT
Dear Ruda,
Could u please explain 'certificate authentication' which u hav done.
Where are the client certificates ? I hav a requirement to perform
client authentication using ldap and certificates. The process is like
this :
1.	User presents his/her client certificate
2.	apache searches in ldap for the dn, checks if certificate
presented matches
	with corresponding certificate in ldap
3.	decides to allow/reject the client/user to browse the site.

I tried using apache (2.0.42 + mod_ssl) + openssl-engine-0.9.6g +
mod_authz_ldap-0.22
and with openldap on a separate machine. The problem I'm facing is, the
apache
is connecting to ldap but doesn't search for the dn.

Kindly let me know the important things to be checked in configuration
and if I'm
missing anything. 

regards
sarath



-----Original Message-----
From: Rudolf Wolf [mailto:rudolf.wolf@dantax.cz] 
Sent: Tuesday, October 22, 2002 1:09 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] LDAP authentication & Certificate
authentication



Hi,

I'm using OpenLDAP 2.0.23, Apache 2.0.39 with mod_auth_ldap from Apache
website and OpenSSL 0.9.6g. 

Yes, I want have possibility to have a certificate authentication as a
'default' and in case of error to be asked for LDAP username and
password. All should be over SSL. My certificate authentication is now
working properly.

Bye
Ruda.

On Tue, Oct 22, 2002 at 09:32:20AM +0200, Jose Correia (J) wrote:
> Hi there
> 
> Which packages are you using for the ldap authentication and which 
> modules are you using to get ldap to talk to apache??
> 
> And are you wanting both certificate and basic authentication over 
> SSL? Or can't you get certificate authentication to work?
> 
> Regards
> Jose
> 
> -----Original Message-----
> From: Rudolf Wolf [mailto:rudolf.wolf@dantax.cz]
> Sent: 22 October 2002 09:23
> To: users@httpd.apache.org
> Subject: [users@httpd] LDAP authentication & Certificate 
> authentication
> 
> 
> 
> Hello,
> 
> I try to solve this problem. We are using LDAP authentication to 
> access document in our secured website. But now we want use a 
> certificate authentication. I set it up and there was no bigger 
> problem, but now I want to set possibility after unsuccessfult 
> certification authentication ie. I'm not on my computer with
> certificate+private key but need continue  via LDAP authentication.
> 
> Is it possible to do this and how?
> 
> Thanks,
> Ruda Wolf.
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project. See <URL:http://httpd.apache.org/userslist.html> for more 
> info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project. See <URL:http://httpd.apache.org/userslist.html> for more 
> info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project. See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message