Hi,
I want to authenticate users on apache. In case they have a valid x509
client certificate in their browser for authentication, then that should be
sufficient. In case the client does not have such a certificate, the user
should be able to authenticate via username/password against ldap.
I got both working on its own, but when I try to combine both, and I have a
x509 certificate, then it still asks for a username/password.
<VirtualHost _default_:443>
ServerName test.intern
HostnameLookups Off
SSLEngine on
SSLCertificateFile /etc/apache2/certs/server.crt
SSLCertificateKeyFile /etc/apache2/certs/server.key
SSLCertificateChainFile /etc/apache2/certs/ca.crt
SSLCACertificateFile /etc/apache2/certs/ca.crt
CustomLog /var/log/apache2/ssl_test_request_log ssl_combined
<Location /ssl>
Order deny,allow
Deny from all
Allow from 127.0.0.1
Satisfy any
SSLRequireSSL
#SSLVerifyClient optional
SSLVerifyClient require
SSLVerifyDepth 9
SSLOptions +FakeBasicAuth +StrictRequire
AuthUserFile /etc/apache2/conf.d/httpd.passwd
require valid-user
AuthType Basic
AuthBasicProvider "ldap"
AuthName "TEST Login"
AuthLDAPUrl "ldap://ldap:389/ou=people,dc=intern";
AuthzLDAPAuthoritative off
require ldap-user testuser
</Location>
</VirtualHost>
I'm not sure, when I read the manual, whether the Satisfy any is relevant
for my case at all.
Any pointer into the right direction is highly appreciated.
kind regards
Sebastian
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|