Re: [users@httpd] Combine client certificate authentication plus database or LDAP lookup?

Wed, 12 Oct 2016 13:09:07 -0700 

Hi,

Sorry, but I think that I kind totally misunderstood what we actually need, so 
can you all kindly cancel what I said below.  Here's a more accurate 
description:

- Request comes into Apache.  The request has content body (a POST) that has 
information.
- We need to parse that information in the body to extract a string, and then
- We need to search a database or LDAP for that string and
     o If the string is present, the Apache should continue its processing, or
     o if the string is not present, the Apache should send an error response

Is there a generic way to do something like the above, e.g., something like a 
mod_authz_cgi, or something like that?

For some reason, I thought that there used to be a mod_authz_perl or something 
similar?

If there was something like that, we could use a Perl or some other language 
script to do the LDAP or DB lookup, etc.

Thanks,
Jim


--------------------------------------------
On Wed, 10/12/16, o haya <oh...@yahoo.com.INVALID> wrote:

 Subject: [users@httpd] Combine client certificate authentication plus database 
or LDAP lookup?
 To: users@httpd.apache.org
 Cc: oh...@yahoo.com
 Date: Wednesday, October 12, 2016, 3:13 PM
 
 Hi,
 
 I was wondering if there is a way to combine client
 certificate authentication with an LDAP or database lookup
 in Apache?
 
 What I mean is:
 
 - Apache performs 2-way SSL handshake with user browser and
 if that authentication is successful, then
 - Apache (some Apache module) gets the CN string from the
 client certificate and does an LDAP or database lookup of
 that certificate string, and
       - If the lookup is successful, then the
 request gets processed normally by Apache
       - If either the 2-way SSL handshake
 fails or the LDAP (or database) lookup fails, then Apache
 returns a 40x response
 
 I've been searching (it SEEMS like this should be possible),
 but I haven't been able to find an "out-of-box" approach
 with Apache for doing this yet.
 
 Thanks,
 Jim
 
 ---------------------------------------------------------------------
 To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
 For additional commands, e-mail: users-h...@httpd.apache.org
 
 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to