Apache, SSL Client certificate, LDAP authorizations

OK, for those interested, apache requires the presence of an AuthType directive and the validation of the username by some module.

So I have written a very short module that accepts AuthType Any and accepts any username.

The configuration looks like that:

<Location /slaptest>
    Allow from all
    SSLVerifyClient require
    SSLVerifyDepth 1

    SSLUserName SSL_CLIENT_S_DN_CN

    AuthType Any
    AuthAnyAuthoritative on

    AuthLDAPURL "ldaps://vldap-rectech/ou=XXX,ou=YYY,o=ZZZ?cn"
    AuthzLDAPAuthoritative on
    AuthLDAPBindDN "cn=UUU,ou=Users,ou=XXX,ou=YYY,o=ZZZ"
    AuthLDAPBindPassword "******"
    AuthLDAPGroupAttributeIsDN on
    AuthLDAPGroupAttribute member
    AuthLDAPRemoteUserIsDN off
    Require valid-user
    Require ldap-group cn=ADMIN,ou=Groups,ou=XXX,ou=YYY,o=ZZZ
</Location>

Apache, SSL Client certificate, LDAP authorizations

Tags:

Ldap

Ssl Certificate

Apache 2.2

Related

Recent Posts