httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Young <and...@an3e.org>
Subject [users@httpd] SSL Authentication and LDAP Authorization
Date Fri, 13 Dec 2013 17:55:42 GMT
Can one configure httpd to authenticate with SSL and authorize with LDAP?
I have not found a way of configuring mod_authnz_ldap to just authorize.

Using Ubuntu 12.04.3 LTS, Apache/2.2.22, I have mod_ssl authenticating 
just fine with--
   SSLVerifyClient require
   SSLVerifyDepth  10
   <Location />
     SSLRequire    %{SSL_CLIENT_S_DN_O} eq "MyOrganization"

but I need to add authorization that restricts access to department 
members known only through our LDAP directory.  I want something on the 
order of--

   SSLUserName SSL_CLIENT_S_DN_CN
   AuthLDAPURL 
"ldap://directory.example.org/ou=employees,ou=people,dc=example,dc=org?cn
   Require ldap-attribute department="550"

It seems that mod_authnz_ldap just must authenticate too using the LDAP 
password through AuthType Basic.

In my search for an answer I did find a module that advertizes to do 
what I want--
http://stackoverflow.com/questions/7635380/apache-ssl-client-certificate-ldap-authorizations

but I prefer not compiling a custom version of httpd.

Thanks, Andrew



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message