Hello Tom & mod_perlers, Here is what I'm running: Apache 2.2.0 mod_perl 2.0 OpenSSL 0.9.7a mod_ssl 2.2.0
Ok, more info... Here is the code in my httpd-ssl.conf that works: <Location /svn> DAV svn SVNPath /home/svnroot SSLUserName SSL_CLIENT_S_DN_CN AuthzSVNAccessFile /usr/local/apache2/conf/svnauthorization </Location> However, I need the UID, and SSL_CLIENT_S_DN_UID is not getting set, that's why I decided to go the <Perl> route. I need to mimick exactly the samething as above but only parse the SSL_CLIENT_S_DN to get the UID and set SSLUserName. Thanks all, Dennis -----Original Message----- From: Tom Schindl [mailto:[EMAIL PROTECTED] Sent: Sunday, March 26, 2006 5:07 AM To: Dennis Sinelnikov Cc: modperl@perl.apache.org Subject: Re: Controlling subversion access Hi Dennis, first of all it would be nice if you could tell us what version of Apache/mod-perl you are running. Second I'm not sure I userstand what you are trying to do because I'm not very familiar with SSL and DAV. If I'm not completely mistaken things like $ENV{SSL_CLIENT_S_DN} are set on request time and not on startup where the perl-sections in your httpd.conf are parsed. What you need to implement is a handler which is working after mod_ssl has done it's job and before mod_dav is doing its job but therefore you must know in which phase of Apache they are working. If elaborate a bit more I'm sure we (mod_perl) can help you ;-) Tom Dennis Sinelnikov wrote: > Dear fellow developers, > > > > Here is what I'm trying to do in my httpd-ssl.conf: > > > > <Perl> > > $client_dn = $ENV{SSL_CLIENT_S_DN}; > > $client_dn =~ /.*UID=(.*)$/; > > $client_uid = $1; > > > > $Location{"/svnroot"} = { > > DAV => 'svn', > > SVNPath => '/home/svnroot', > > SSLUserName => $client_uid, > > AuthzSVNAccessFile => '/usr/local/apache2/conf/svnauthorization' > > } > > </Perl> > > > > Obviously, the above code is not quite right (otherwise I would not be > emailing everyone ;) > > Basically, I'm trying to parse the UID off of the Client's certificate > DN and use it to set SSLUserName, so I can later use that uid in > svnauthorization file to control read/write privileges of my subversion > repository per user basis. The reason why I need to parse UID off of > the DN is because for some reason SSL_CLIENT_S_DN_UID is not getting > set, but I see it in my log when I log the full DN (bug?). If anyone > had to do similar authorization using the client cert, please let me > know and any suggestions are welcome. > > Thanks much! > > Dennis >
