How to use client certificates in Apache httpd to connect to an LDAP for authorization?
-
10-07-2019 - |
Question
I have a site that is using x509 client certificates (2 way SSL) to authenticate users and an LDAP directory that contains authorization information. I would like to use one of the certificate attributes to query the directory ( SSL_CLIENT_S_DN_CN to be exact ). I see how to use mod_ssl to use the user's client certificates for authentication and I see how to use mod_auth_ldap and the like to use the username from basic or form based authentication to query the LDAP store for authorization. What I haven't seen a good example for is how to use an attribute of the user's client certificate in place of the username to query the LDAP. Any ideas?
Solution
A module exists for apache 2.2.x: modXLDAPAuth
OTHER TIPS
this might help: settingcerts + mod_authnz_ldap (authldapurl)