Can one configure httpd to authenticate with SSL and authorize with LDAP?
I have not found a way of configuring mod_authnz_ldap to just authorize.
Using Ubuntu 12.04.3 LTS, Apache/2.2.22, I have mod_ssl authenticating
just fine with--
SSLVerifyClient require
SSLVerifyDepth 10
<Location />
SSLRequire %{SSL_CLIENT_S_DN_O} eq "MyOrganization"
but I need to add authorization that restricts access to department
members known only through our LDAP directory. I want something on the
order of--
SSLUserName SSL_CLIENT_S_DN_CN
AuthLDAPURL
"ldap://directory.example.org/ou=employees,ou=people,dc=example,dc=org?cn
Require ldap-attribute department="550"
It seems that mod_authnz_ldap just must authenticate too using the LDAP
password through AuthType Basic.
In my search for an answer I did find a module that advertizes to do
what I want--
http://stackoverflow.com/questions/7635380/apache-ssl-client-certificate-ldap-authorizations
but I prefer not compiling a custom version of httpd.
Thanks, Andrew
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
