Hi, I want to authenticate users on apache. In case they have a valid x509 client certificate in their browser for authentication, then that should be sufficient. In case the client does not have such a certificate, the user should be able to authenticate via username/password against ldap. I got both working on its own, but when I try to combine both, and I have a x509 certificate, then it still asks for a username/password. <VirtualHost _default_:443> ServerName test.intern HostnameLookups Off SSLEngine on SSLCertificateFile /etc/apache2/certs/server.crt SSLCertificateKeyFile /etc/apache2/certs/server.key SSLCertificateChainFile /etc/apache2/certs/ca.crt SSLCACertificateFile /etc/apache2/certs/ca.crt CustomLog /var/log/apache2/ssl_test_request_log ssl_combined <Location /ssl> Order deny,allow Deny from all Allow from 127.0.0.1 Satisfy any SSLRequireSSL #SSLVerifyClient optional SSLVerifyClient require SSLVerifyDepth 9 SSLOptions +FakeBasicAuth +StrictRequire AuthUserFile /etc/apache2/conf.d/httpd.passwd require valid-user AuthType Basic AuthBasicProvider "ldap" AuthName "TEST Login" AuthLDAPUrl "ldap://ldap:389/ou=people,dc=intern" AuthzLDAPAuthoritative off require ldap-user testuser </Location> </VirtualHost> I'm not sure, when I read the manual, whether the Satisfy any is relevant for my case at all. Any pointer into the right direction is highly appreciated. kind regards Sebastian --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx