I have a site that is using x509 client certificates (2 way SSL) to authenticate users and an LDAP directory that contains authorization information. I would like to use one of the certificate attributes to query the directory ( SSL_CLIENT_S_DN_CN to be exact ). I see how to use mod_ssl to use the user's client certificates for authentication and I see how to use mod_auth_ldap and the like to use the username from basic or form based authentication to query the LDAP store for authorization. What I haven't seen a good example for is how to use an attribute of the user's client certificate in place of the username to query the LDAP. Any ideas?
views:
544answers:
2This only works for using client certificates to connect to the LDAP itself. (In that case, the Apache Web Server is the client). In my case, the user is the one with the client certificate.
MattMcKnight
2008-10-14 17:25:39
This looks promising, if I can get my customer to accept it into their baseline.
MattMcKnight
2008-10-19 03:19:38