Hi, I have the following situation: - Apache configured for client-authenticated SSL - An LDAP server (an OpenDS instance) containing all of our users What we want to do is that after Apache performs the 2-way SSL handshake, that somehow Apache verifies the certificate matches some user that is in the LDAP server and if so, then allows access (and if it doesn't match any user, then denies access). By "somehow", this would probably mean searching the LDAP server for, say, a matching certificate subject string or something like that. I've been looking at mod_authnz_ldap, but haven't found how to use that with a client cert (and no password), so I was hoping that someone here might know how the above can be accomplished? Thanks, Jim --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx