Udo Rader wrote: > Maybe a more concrete sample can help clarify what I am talking about, > here's my approximate setup: > > <Location /fooBar> > SSLVerifyClient require > SSLRequireSSL > > SSLOptions +FakeBasicAuth > AuthName "Snake Oil Authentication" > AuthType Basic > AuthBasicProvider ldap > AuthLDAPRemoteUserAttribute uid > > AuthLDAPURL ldap://127.0.0.1/dc=example,dc=com?subjectDN?one > require valid-user > </Location>
Right, so you're trying to authenticate twice, first using certs, then
using LDAP, and you're not trying to authorise at all ("require
valid-user").
That it doesn't do (yet), but shouldn't be hard to implement. mod_ssl
needs to signal that the user has been successfully authenticated using
a cert, and mod_authnz_ldap needs to respond to the signal that the user
has been successfully authenticated using a cert, and skip the password
check if so.
Regards,
Graham
--
smime.p7s
Description: S/MIME Cryptographic Signature
