Here a little doc about how to authenticate apache2 users with X509 certificates and doing LDAP authorization.
Note: I made this test with a Debian sid.
# apt-get install apache2-mpm-prefork libldap-dev libssl-dev apache2-threaded-dev
Download the module XAuthLDAP (available here) and build it :
# ./configure --with-apxs=/usr/bin/apxs2 --with-ldap-dir=/usr --with-openssl=/usr # make # sudo make install
Note that apxs2 doesn't update my apache2.conf, so create a file /etc/apache2/mods-available/xauth.load with :
LoadModule XLDAPAuth_module /usr/lib/apache2/modules/modXLDAPAuth.so
Apache config
<Location /brack> SSLVerifyClient require SSLVerifyDepth 5 SSLOptions +FakeBasicAuth +CompatEnvVars +StrictRequire +StdEnvVars +ExportCertData XLDAPAuthoritative on XLDAPAuthServer ldap.solaris-fr.org XLDAPAuthSuffix "ou=Extranet,dc=solaris-fr,dc=org" XLDAPAuthFilter "(&(host=brack)(CN=%{SSL_CLIENT_S_DN_CN}))" XLDAPAuthEnvName "Brack authentication" XLDAPAuthRemoteUserAttr uid </Location>
LDIF
dn: cn=Bruno Bonfils,ou=Fimasys,ou=Extranet,dc=solaris-fr,dc=org objectClass: account objectClass: person objectClass: top cn: Bruno Bonfils host: brack sn: Bonfils uid: asyd
So, what happens ?