Hi,
I am just trying to set up a X.509 client certificates + LDAP based
authorizaton system.
I've setup all pieces best to my knowledge (mod_ssl, mod_auth_basic,
mod_auth_ldap), but I am still having problems to connect to our LDAP
server because "SSLOption FakeBasicAuth" still explicically requires
"password" as password for each user in order to successfully
authenticate against mod_auth_ldap.
Almost one year ago, someone has already asked the same question [1] but
I am not sure if any progress has been made.
The problem is described quite well in the OP:
--------CUT--------
The client connects using SSL and a client certificate. Mod_ssl receives
the request and checks the validity of the certificate using CRLs. After
that it sets the user field in the Apache request object to the cn of
the certificate (SSLUserName SSL_CLIENT_S_DN_CN). Afterwards
mod_auth_basic tries to authenticate the user against its configured
provider, wich is LDAP in our case. This fails, because there is no
password coming from the certificate, which is quite obvious.
As you can see the missing password in the authentication phase is our
main problem. We tried to use SSLOptions +FakeBasicAuth, but then we
would have to set “password” as password for all users in our directory.
This is definitely no solution.
--------CUT--------
So has anything changed/improved in the meantime?
Thanks in advance :-)
[1] http://phpot.bestsolution.at/nanourl/bbsy2
--
Udo Rader, CTO
http://www.bestsolution.at
http://riaschissl.blogspot.com
