Hello,

I would like to do the following (Apache 2.2 config):


AuthUserFile /dev/null
#SSLOptions +ExportCertData +FakeBasicAuth
SSLOptions +FakeBasicAuth
#SSLRequire (%{SSL_CLIENT_S_DN_O} in {"ClientO1", "ClientO2"})
AuthLDAPURL "ldap://192.168.1.3:389/dc=testnet,dc=de?uid"
AuthType Basic
AuthName "Internal Server Content"
#AuthBasicAuthoritative Off
AuthBasicProvider ldap
Require ldap-user %{SSL_CLIENT_S_DN_OU}


I want to use Client certificates, after Connect, one of the Fields
in the Certificate i will check (existance) in an ldap Server.


But in the apache Variable %{SSL_CLIENT_S_DN_OU} are not basicly the
OU String (testorg), there is a very long String, like this:

uid=/c=de/st=niedersachsen/o=ClientO1/ou=testorg/cn=maschinen/
emailaddress=support@testnet.de

With this string now apache askes the ldap Server, that seems all
correctly, but in the uid Field in my ldap is the Entry named
"testorg".

Is this an Error, that the Variable %{SSL_CLIENT_S_DN_OU} contains
ALL Client Cert Data and not the one requested (OU)?

Or is it like an perl hash and my syntax is simply wrong?

Wilhelm