Hi Vadim The patch allows for both certificate and basic authentication.
Check http://authzldap.othello.ch/howto.html for two examples on how to use it. Do be aware that at the moment it's only mean for Apache 1.3.x. I did see a posting by the author himself on this list yesterday, saying he was adding support for Apache 2 fairly soon. W.r.t : "What kind of LDAP lookup works best with X509_NAME_oneline()-style names?" do check the howto's. The certificate authentication can be done against the certificate subject or serial number. W.r.t: "Should the LDAP tree be somewhat special?" It does have to implement a few objects as shown in the howto but its fairly simple. I used Openldap as my ldap server and it worked nicely. Cheers Jose -----Original Message----- From: Vadim Fedukovich [mailto:[EMAIL PROTECTED]] Sent: 02 October 2002 17:41 To: [EMAIL PROTECTED] Subject: Re: Apache 2.0.39 + ssl + ldap with client certificate authentication Hi Jose, would you please outline how exactly one could use this patch? What kind of LDAP lookup works best with X509_NAME_oneline()-style names? Should the LDAP tree be somewhat special? thank you and sorry for off-topic, Vadim On Wed, Oct 02, 2002 at 08:50:36AM +0200, Jose Correia (J) wrote: > Hi Sarah > > Take a look at http://authzldap.othello.ch/index.html > > I've used it successfully. > > Cheers > Jose > > > -----Original Message----- > From: Sarath Chandra M [mailto:[EMAIL PROTECTED]] > Sent: 29 September 2002 11:17 > To: [EMAIL PROTECTED] > Subject: Apache 2.0.39 + ssl + ldap with client certificate > authentication > > > > Dear group, > Has anybody tried doing ldap client certificate authentication for an > apache > 2.0.39 ssl server ? > > Our environment is : > RedHat linux 7.1 kernel 2.4.x > apache 2.0.39 (inc. mod_ssl) > openssl-engine-0.9.6g > openldap (on a different redhat linux server) > > The apache website has a verisign server certificate, a self-signed CA > certificate and all clients have > certificates in the ldap server signed by this CA. > > When clients present their certificate to browse the Apache secure > site, > Apache should check the > existence of their certificate in the LDAP server and also the > validity of > the contents of the certificate presented. > > Kindly provide some direction to any solution or resources related to > this > issue. > > Any help would be highly appreciated. > > TIA > Sarath > > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
