mod_ssl Environment Variable?

mod_ssl Environment Variable?

am 27.10.2008 14:48:57 von Wilhelm.Greiner

This is a multipart message in MIME format.
--=_alternative 004BCA4AC12574EF_=
Content-Type: text/plain; charset="us-ascii"

Hello,

I would like to do the following (Apache 2.2 config):


AuthUserFile /dev/null
#SSLOptions +ExportCertData +FakeBasicAuth
SSLOptions +FakeBasicAuth
#SSLRequire (%{SSL_CLIENT_S_DN_O} in {"ClientO1", "ClientO2"})
AuthLDAPURL "ldap://192.168.1.3:389/dc=testnet,dc=de?uid"
AuthType Basic
AuthName "Internal Server Content"
#AuthBasicAuthoritative Off
AuthBasicProvider ldap
Require ldap-user %{SSL_CLIENT_S_DN_OU}


I want to use Client certificates, after Connect, one of the Fields
in the Certificate i will check (existance) in an ldap Server.


But in the apache Variable %{SSL_CLIENT_S_DN_OU} are not basicly the
OU String (testorg), there is a very long String, like this:

uid=/c=de/st=niedersachsen/o=ClientO1/ou=testorg/cn=maschine n/
emailaddress=support@testnet.de

With this string now apache askes the ldap Server, that seems all
correctly, but in the uid Field in my ldap is the Entry named
"testorg".

Is this an Error, that the Variable %{SSL_CLIENT_S_DN_OU} contains
ALL Client Cert Data and not the one requested (OU)?

Or is it like an perl hash and my syntax is simply wrong?

Wilhelm
--=_alternative 004BCA4AC12574EF_=
Content-Type: text/html; charset="us-ascii"



Hello,



I would like to do the following (Apache 2.2 config):



<Directory /var/www/desert/storage/jctmirrorserver/dav/Service42>

 AuthUserFile /dev/null

 #SSLOptions +ExportCertData +FakeBasicAuth

 SSLOptions +FakeBasicAuth

 #SSLRequire (%{SSL_CLIENT_S_DN_O} in {"ClientO1", "ClientO2"})

 AuthLDAPURL "ldap://192.168.1.3:389/dc=testnet,dc=de?uid"

 AuthType Basic

 AuthName "Internal Server Content"

 #AuthBasicAuthoritative Off

 AuthBasicProvider ldap

 Require ldap-user %{SSL_CLIENT_S_DN_OU}

</Directory>



I want to use Client certificates, after Connect, one of the Fields

in the Certificate i will check (existance) in an ldap Server.





But in the apache Variable %{SSL_CLIENT_S_DN_OU} are not basicly the

OU String (testorg), there is a very long String, like this:



uid=/c=de/st=niedersachsen/o=ClientO1/ou=testorg/cn=maschine n/

emailaddress=support@testnet.de



With this string now apache askes the ldap Server, that seems all

correctly, but in the uid Field in my ldap is the Entry named

"testorg".



Is this an Error, that the Variable %{SSL_CLIENT_S_DN_OU} contains

ALL Client Cert Data and not the one requested (OU)?



Or is it like an perl hash and my syntax is simply wrong?



Wilhelm
--=_alternative 004BCA4AC12574EF_=--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org