FYI, I was hoping that mod_authz_ldap (http://authzldap.othello.ch/) might do what I need, but unfortunately, while I can build the module, Apache won't start when it configured. [root@localhost conf]# /apps/httpd/bin/apachectl restart httpd: Syntax error on line 149 of /apps/httpd/conf/httpd.conf: Cannot load modules/mod_authz_ldap.so into server: /apps/httpd/modules/mod_authz_ldap.so: undefined symbol: ap_requires >From googling, it looks like ap_requires was removed from Apache 2.4. I've tried the mailing list for mod_authz_ldap, but am getting a bounce from their mail server. Is there any other way to do this besides using mod_authz_ldap? Thanks, Jim -------------------------------------------- On Mon, 4/25/16, o haya <ohaya@xxxxxxxxx.INVALID> wrote: Subject: Configure Apache to verify client certificate in an LDAP server? To: users@xxxxxxxxxxxxxxxx Cc: ohaya@xxxxxxxxx Date: Monday, April 25, 2016, 8:55 PM Hi, I have the following situation: - Apache configured for client-authenticated SSL - An LDAP server (an OpenDS instance) containing all of our users What we want to do is that after Apache performs the 2-way SSL handshake, that somehow Apache verifies the certificate matches some user that is in the LDAP server and if so, then allows access (and if it doesn't match any user, then denies access). By "somehow", this would probably mean searching the LDAP server for, say, a matching certificate subject string or something like that. I've been looking at mod_authnz_ldap, but haven't found how to use that with a client cert (and no password), so I was hoping that someone here might know how the above can be accomplished? Thanks, Jim --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|