I was wondering if there is a way to combine client certificate authentication 
with an LDAP or database lookup in Apache?

What I mean is:

- Apache performs 2-way SSL handshake with user browser and if that 
authentication is successful, then
- Apache (some Apache module) gets the CN string from the client certificate 
and does an LDAP or database lookup of that certificate string, and
      - If the lookup is successful, then the request gets processed normally 
by Apache
      - If either the 2-way SSL handshake fails or the LDAP (or database) 
lookup fails, then Apache returns a 40x response

I've been searching (it SEEMS like this should be possible), but I haven't been 
able to find an "out-of-box" approach with Apache for doing this yet.


To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to