Yeah, we thought about this one too, but we tend to get this functionality into the apache source linked directly to the AAA model.
Greetings -----Ursprüngliche Nachricht----- Von: "Plüm, Rüdiger, VF-Group" [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 4. Juli 2008 15:19 An: [email protected] Betreff: Re: Client authorization against LDAP using client certificates You can do it this way and make your module non authoritative by returning DECLINED. See http://httpd.apache.org/docs/2.2/en/mod/mod_auth_basic.html#authbasicauthoritative http://httpd.apache.org/docs/2.2/en/mod/mod_authnz_ldap.html#authzldapauthoritative You can make this configurable by creating something like a AuthCertAuthoritative directive in you module. And based on its value you return either DECLINED or DONE. Regards Rüdiger
