Re: Combine client certificate authentication plus database or LDAP lookup?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

Sorry, but I think that I kind totally misunderstood what we actually need, so can you all kindly cancel what I said below.  Here's a more accurate description:

- Request comes into Apache.  The request has content body (a POST) that has information.
- We need to parse that information in the body to extract a string, and then
- We need to search a database or LDAP for that string and
     o If the string is present, the Apache should continue its processing, or
     o if the string is not present, the Apache should send an error response

Is there a generic way to do something like the above, e.g., something like a mod_authz_cgi, or something like that?

For some reason, I thought that there used to be a mod_authz_perl or something similar?

If there was something like that, we could use a Perl or some other language script to do the LDAP or DB lookup, etc.

Thanks,
Jim


--------------------------------------------
On Wed, 10/12/16, o haya <ohaya@xxxxxxxxx.INVALID> wrote:

 Subject:  Combine client certificate authentication plus database or LDAP lookup?
 To: users@xxxxxxxxxxxxxxxx
 Cc: ohaya@xxxxxxxxx
 Date: Wednesday, October 12, 2016, 3:13 PM
 
 Hi,
 
 I was wondering if there is a way to combine client
 certificate authentication with an LDAP or database lookup
 in Apache?
 
 What I mean is:
 
 - Apache performs 2-way SSL handshake with user browser and
 if that authentication is successful, then
 - Apache (some Apache module) gets the CN string from the
 client certificate and does an LDAP or database lookup of
 that certificate string, and
       - If the lookup is successful, then the
 request gets processed normally by Apache
       - If either the 2-way SSL handshake
 fails or the LDAP (or database) lookup fails, then Apache
 returns a 40x response
 
 I've been searching (it SEEMS like this should be possible),
 but I haven't been able to find an "out-of-box" approach
 with Apache for doing this yet.
 
 Thanks,
 Jim
 
 ---------------------------------------------------------------------
 To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
 For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
 
 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux