>
>So to map just email addresses, you would specify 'email=mail' as your
>mapping. You can also specify multiple mappings to narrow the search even
>further. So something like 'email=mail,uid' would result in an LDAP search
>like (&([EMAIL PROTECTED])(uid=wmperry)). If a match is found, we
>pull out all the userCertificate (this attribute is configurable as well of
>course) values, and proceed to compare them. If any of the values are
>identical to the blob of data you passed in, the certificate is considered
>valid.
I already wrote a cert status check with ldap directory , searching by
e-mail and setting new env var containing the cert status, that you can use
in SSLRequire. I send you attached.
I just miss some knowledge to implement some new Apache directives (any
suggestion?) to enable/disable the checking, and set some parameters via
httpd.conf, like ldap servers, and to clean up a little the code, maybe for
the inclusion...
Let's merge as much as possible.
Andrea
eng_ker.patch.tar.gz
eng_var.patch.tar.gz
