" What you need to implement is a handler which is working after mod_ssl has done it's job and before mod_dav is doing its job but therefore you must know in which phase of Apache they are working."
Ahhh, thanks for pointing me in the right direction. (light bulb lit up) ;) -----Original Message----- From: Tom Schindl [mailto:[EMAIL PROTECTED] Sent: Sunday, March 26, 2006 5:07 AM To: Dennis Sinelnikov Cc: modperl@perl.apache.org Subject: Re: Controlling subversion access Hi Dennis, first of all it would be nice if you could tell us what version of Apache/mod-perl you are running. Second I'm not sure I userstand what you are trying to do because I'm not very familiar with SSL and DAV. If I'm not completely mistaken things like $ENV{SSL_CLIENT_S_DN} are set on request time and not on startup where the perl-sections in your httpd.conf are parsed. What you need to implement is a handler which is working after mod_ssl has done it's job and before mod_dav is doing its job but therefore you must know in which phase of Apache they are working. If elaborate a bit more I'm sure we (mod_perl) can help you ;-) Tom Dennis Sinelnikov wrote: > Dear fellow developers, > > > > Here is what I'm trying to do in my httpd-ssl.conf: > > > > <Perl> > > $client_dn = $ENV{SSL_CLIENT_S_DN}; > > $client_dn =~ /.*UID=(.*)$/; > > $client_uid = $1; > > > > $Location{"/svnroot"} = { > > DAV => 'svn', > > SVNPath => '/home/svnroot', > > SSLUserName => $client_uid, > > AuthzSVNAccessFile => '/usr/local/apache2/conf/svnauthorization' > > } > > </Perl> > > > > Obviously, the above code is not quite right (otherwise I would not be > emailing everyone ;) > > Basically, I'm trying to parse the UID off of the Client's certificate > DN and use it to set SSLUserName, so I can later use that uid in > svnauthorization file to control read/write privileges of my subversion > repository per user basis. The reason why I need to parse UID off of > the DN is because for some reason SSL_CLIENT_S_DN_UID is not getting > set, but I see it in my log when I log the full DN (bug?). If anyone > had to do similar authorization using the client cert, please let me > know and any suggestions are welcome. > > Thanks much! > > Dennis >
