"Andrea e Luca Giacobazzi" <[EMAIL PROTECTED]> writes:
> >Your patch doesn't do _quite_ what I need it to though. I need to allow
> >the user to configure the mapping from subject DN to LDAP DN, etc. I'll
> >be submitting my patch when it gets working as well. We should try and
> >merge the two so we don't have a billion patches for LDAP verification
> >floating around, kind of like the LDAP auth modules for apache. :)
>
> Ok, of course. What I'm trying to do now is to control access on Apache
> directory with SSLRequire, depending on env var status i set in my patch,
> OCSP_LDAP_RESPONSE, but SSLRequire doesn't work and still denies
> access. I saw that the cause is that I set the env var value after
> SSLRequire check. Any idea about that ?
I really don't know much about mod_ssl itself, just LDAP and the various
security modules we use internally :) Sorry.
> >One thing I plan on adding to this is the ability to specify the search
> >base based on the attribute/value pairs in the subject DN. You would
> >basically have a printf-like format string for your search base, like:
> >
> >uid=%{CN}, OU=%{OU}, OU=People, O=%{O}, C=US
>
> I tried to perform ldap search on der attribute like
> usercertificate;binary, but I can't do that with LDAPv2 search
> filter... any suggestion ?
There is no attribute to search on binary attributes right now, which is
_really_ unfortunate. If we could, we would not have to do any of this DN
mapping into the directory, and the configuration of this would be _MUCH_
simpler. Maybe eventually. :)
-bp
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
