Hi Dennis, first of all it would be nice if you could tell us what version of Apache/mod-perl you are running. Second I'm not sure I userstand what you are trying to do because I'm not very familiar with SSL and DAV.
If I'm not completely mistaken things like $ENV{SSL_CLIENT_S_DN} are set
on request time and not on startup where the perl-sections in your
httpd.conf are parsed. What you need to implement is a handler which is
working after mod_ssl has done it's job and before mod_dav is doing its
job but therefore you must know in which phase of Apache they are working.
If elaborate a bit more I'm sure we (mod_perl) can help you ;-)
Tom
Dennis Sinelnikov wrote:
> Dear fellow developers,
>
>
>
> Here is what I’m trying to do in my httpd-ssl.conf:
>
>
>
> <Perl>
>
> $client_dn = $ENV{SSL_CLIENT_S_DN};
>
> $client_dn =~ /.*UID=(.*)$/;
>
> $client_uid = $1;
>
>
>
> $Location{"/svnroot"} = {
>
> DAV => 'svn',
>
> SVNPath => '/home/svnroot',
>
> SSLUserName => $client_uid,
>
> AuthzSVNAccessFile => '/usr/local/apache2/conf/svnauthorization'
>
> }
>
> </Perl>
>
>
>
> Obviously, the above code is not quite right (otherwise I would not be
> emailing everyone ;)
>
> Basically, I’m trying to parse the UID off of the Client’s certificate
> DN and use it to set SSLUserName, so I can later use that uid in
> svnauthorization file to control read/write privileges of my subversion
> repository per user basis. The reason why I need to parse UID off of
> the DN is because for some reason SSL_CLIENT_S_DN_UID is not getting
> set, but I see it in my log when I log the full DN (bug?). If anyone
> had to do similar authorization using the client cert, please let me
> know and any suggestions are welcome.
>
> Thanks much!
>
> Dennis
>
signature.asc
Description: OpenPGP digital signature
