RE: Apache 2.0.39 + ssl + ldap with client certificate authentication

2002-10-03 Thread Jose Correia (J) 

Hi Vadim

The patch allows for both certificate and basic authentication. 

Check http://authzldap.othello.ch/howto.html for two examples on how
to use it. Do be aware that at the moment it's only mean for Apache
1.3.x. I did see a posting by the author himself on this list
yesterday, saying he was adding support for Apache 2 fairly soon.

W.r.t : "What kind of LDAP lookup works best with
X509_NAME_oneline()-style names?"
do check the howto's. The certificate authentication can be done
against the certificate subject or serial number.

W.r.t: "Should the LDAP tree be somewhat special?"
It does have to implement a few objects as shown in the howto but its
fairly simple.

I used Openldap as my ldap server and it worked nicely.

Cheers
Jose


-Original Message-
From: Vadim Fedukovich [mailto:[EMAIL PROTECTED]]
Sent: 02 October 2002 17:41
To: [EMAIL PROTECTED]
Subject: Re: Apache 2.0.39 + ssl + ldap with client certificate
authentication


Hi Jose,

would you please outline how exactly one could use this patch?
What kind of LDAP lookup works best with X509_NAME_oneline()-style
names?
Should the LDAP tree be somewhat special?

thank you and sorry for off-topic,
Vadim

On Wed, Oct 02, 2002 at 08:50:36AM +0200, Jose Correia (J) wrote:
> Hi Sarah
>  
> Take a look at http://authzldap.othello.ch/index.html
>  
> I've used it successfully.
>  
> Cheers
> Jose
>  
> 
> -Original Message-
> From: Sarath Chandra M [mailto:[EMAIL PROTECTED]]
> Sent: 29 September 2002 11:17
> To: [EMAIL PROTECTED]
> Subject: Apache 2.0.39 + ssl + ldap with client certificate
> authentication
> 
> 
>  
> Dear group,
> Has anybody tried doing ldap client certificate authentication for
an
> apache
> 2.0.39 ssl server ?
> 
> Our environment is :
> RedHat linux 7.1 kernel 2.4.x
> apache 2.0.39 (inc. mod_ssl)
> openssl-engine-0.9.6g
> openldap (on a different redhat linux server)
> 
> The apache website has a verisign server certificate, a self-signed
CA
> certificate and all clients have
> certificates in the ldap server signed by this CA.
> 
> When clients present their certificate to browse the Apache secure
> site,
> Apache should check the
> existence of their certificate in the LDAP server and also the
> validity of
> the contents of the certificate presented.
> 
> Kindly provide some direction to any solution or resources related
to
> this
> issue.
> 
> Any help would be highly appreciated.
> 
> TIA
> Sarath
> 
> 
> 

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

RE: Apache 2.0.39 + ssl + ldap with client certificate authentication

2002-10-02 Thread Andreas Mueller 

On Wed, 2 Oct 2002, Sarath Chandra M wrote:
> Dear Jose,
> I had looked at the site u mentioned. But my problem is in applying the
> patch (http://authzldap.othello.ch/modssl-patch.html) to mod_ssl
> as said in the installation page of the same site.
> If you could tell me how to apply this patch, then I can go ahead and
> try.
I'm right now working on a new release of the module that is supĀ­
posed to support apache2, hopefully I'll get that out of the door
today or tomorrow.

Mit herzlichem Gruss

Andreas Mueller

--
Dr. Andreas Mueller, Beratung und Entwicklung
CH-8852 Altendorf Switzerland
Tel: +41 55 4621483   Fax: +41 55 4621485
[EMAIL PROTECTED]



__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: Apache 2.0.39 + ssl + ldap with client certificate authentication

2002-10-02 Thread Vadim Fedukovich 

Hi Jose,

would you please outline how exactly one could use this patch?
What kind of LDAP lookup works best with X509_NAME_oneline()-style names?
Should the LDAP tree be somewhat special?

thank you and sorry for off-topic,
Vadim

On Wed, Oct 02, 2002 at 08:50:36AM +0200, Jose Correia (J) wrote:
> Hi Sarah
>  
> Take a look at http://authzldap.othello.ch/index.html
>  
> I've used it successfully.
>  
> Cheers
> Jose
>  
> 
> -Original Message-
> From: Sarath Chandra M [mailto:[EMAIL PROTECTED]]
> Sent: 29 September 2002 11:17
> To: [EMAIL PROTECTED]
> Subject: Apache 2.0.39 + ssl + ldap with client certificate
> authentication
> 
> 
>  
> Dear group,
> Has anybody tried doing ldap client certificate authentication for an
> apache
> 2.0.39 ssl server ?
> 
> Our environment is :
> RedHat linux 7.1 kernel 2.4.x
> apache 2.0.39 (inc. mod_ssl)
> openssl-engine-0.9.6g
> openldap (on a different redhat linux server)
> 
> The apache website has a verisign server certificate, a self-signed CA
> certificate and all clients have
> certificates in the ldap server signed by this CA.
> 
> When clients present their certificate to browse the Apache secure
> site,
> Apache should check the
> existence of their certificate in the LDAP server and also the
> validity of
> the contents of the certificate presented.
> 
> Kindly provide some direction to any solution or resources related to
> this
> issue.
> 
> Any help would be highly appreciated.
> 
> TIA
> Sarath
> 
> 
> 

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]