Apache, SSL Client certificate, LDAP authorizations

apache-2.2 ssl-certificate ldap

High there, Is it possible to mix mod_ssl and mod_auth_ldap so that the authentication is done with the client certificate and authorizations with mod_auth_ldap (Require group)? If so, can you give me some pointer? Thanks in advance


Solution 1:

OK, for those interested, apache requires the presence of an AuthType directive and the validation of the username by some module.

So I have written a very short module that accepts AuthType Any and accepts any username.

The configuration looks like that:

<Location /slaptest>
    Allow from all
    SSLVerifyClient require
    SSLVerifyDepth 1

    SSLUserName SSL_CLIENT_S_DN_CN

    AuthType Any
    AuthAnyAuthoritative on

    AuthLDAPURL "ldaps://vldap-rectech/ou=XXX,ou=YYY,o=ZZZ?cn"
    AuthzLDAPAuthoritative on
    AuthLDAPBindDN "cn=UUU,ou=Users,ou=XXX,ou=YYY,o=ZZZ"
    AuthLDAPBindPassword "******"
    AuthLDAPGroupAttributeIsDN on
    AuthLDAPGroupAttribute member
    AuthLDAPRemoteUserIsDN off
    Require valid-user
    Require ldap-group cn=ADMIN,ou=Groups,ou=XXX,ou=YYY,o=ZZZ
</Location>

Related

How to rewrite email subject in postfix for outgoing mail if From contains specific address?
iptables preroute localhost
Setting up FQDN in sendmail [closed]
How do I migrate Amazon EC2 Windows AMI (or instances) from one region to another?
How can I tell which clients are connecting to a NIS/ypserv master server?
Sign outgoing mails with DomainKey on exim4 and Ubuntu
Installing a certificate without the CSR's originating website in IIS 6
OpenSSL issues in Debian Wheezy
Exchange server can't receive from AOL; MapiExceptionNamedPropsQuotaExceeded
Sonicwall routing between multiple subnets on multiple interfaces
HP Proliant DL180 G5 server treats 3-TB SATA disks as 750-GB ones
How to upgrade iDRAC firmware and BIOS of Dell PowerEdge R510?