httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sebastian Reitenbach <>
Subject combine client certificate authentication with ldap based authentication
Date Mon, 15 Dec 2008 08:55:25 GMT

I want to authenticate users on apache. In case they have a valid x509 
client certificate in their browser for authentication, then that should be 
sufficient. In case the client does not have such a certificate, the user 
should be able to authenticate via username/password against ldap.

I got both working on its own, but when I try to combine both, and I have a 
x509 certificate, then it still asks for a username/password.

<VirtualHost _default_:443>
    ServerName test.intern
    HostnameLookups Off

    SSLEngine on
    SSLCertificateFile /etc/apache2/certs/server.crt
    SSLCertificateKeyFile /etc/apache2/certs/server.key
    SSLCertificateChainFile /etc/apache2/certs/ca.crt
    SSLCACertificateFile /etc/apache2/certs/ca.crt

    CustomLog /var/log/apache2/ssl_test_request_log   ssl_combined

    <Location /ssl>
        Order deny,allow
        Deny from all
        Allow from

        Satisfy              any


        #SSLVerifyClient optional
        SSLVerifyClient require
        SSLVerifyDepth 9
        SSLOptions +FakeBasicAuth +StrictRequire
        AuthUserFile         /etc/apache2/conf.d/httpd.passwd
        require              valid-user

        AuthType Basic
        AuthBasicProvider "ldap"
        AuthName "TEST Login"
        AuthLDAPUrl "ldap://ldap:389/ou=people,dc=intern"
        AuthzLDAPAuthoritative off
        require ldap-user testuser

I'm not sure, when I read the manual, whether the Satisfy any is relevant 
for my case at all.

Any pointer into the right direction is highly appreciated.

kind regards

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message