Author: Graham Leggett Date: To: dev Subject: Re: Client authorization against LDAP using client certificates
Müller Johannes wrote:
> we want to use client authorization against LDAP using client certificates on Apache webserver 2.2.
> Unfortunately this is not possible with Apache webserver at the current state of development.
> There have been third party modules (ModXAuthLDAP, mod_authz_ldap) in the past which did this task quite well.
> But they haven’t been updated for years and therefore do not work with httpd newer than 2.0.
> Therefore my company has put some effort in developing a reasonable solution for its needs.
I think the thing that is missing is that the FakeBasicAuth option
within mod_ssl should flag the request to say that a password isn't
necessary.
mod_authnz_ldap (and others) should then be taught to recognise this
flag within the request, and not test the password if this is the case.
