Topic: Reverse proxy with LDAP check on client certificate cn

[Luna]

Apache version 2.4.29, Windows Server 2012 R2

Just started and is very new to working with Apache. I am using Apache as a forward and reverse proxy for application to application SOAP communication. I have the connection setup with SSL mutual authentication. Currently trying to setup on the reverse proxy a way to check the client certificate cn against the LDAP directory, but I am having problems getting it to work.

The C# client application that I made works in making the connection to the service behind the proxy, but once I add in the LDAP configuration changes in the httpd-ssl file, the client app returns an error: "The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Basic realm="ApacheProxy"'."

Below is the configuration I'm using. Maybe there is something I am missing or doing incorrectly? I'm not so confident this can accomplish what I am aiming for.

<Location / >

AuthName "ApacheProxy"
AuthType Basic
AuthBasicProvider ldap
AuthLDAPURL "my_ldap_url"
AuthLDAPBindDN "cn=mycn,ou=applications,o=myo,c=myc"
AuthLDAPBindPassword mypassword
Require ldap-dn "cn=mycn,ou=applications,o=myo,c=myc"
LDAPReferrals Off
AuthLDAPCompareDNOnServer on

</Location>

When I try to navigate from my browser to the reverse proxy, it prompts for login. When I use my LDAP credentials, nothing happens, but by Wireshark I can see that my connection to LDAP was successful. I suspect I am having issues from my client application because of the login prompt. I would like to consult the community to see if there is a solution for doing an LDAP check on the client certificate cn without being prompted to login.

To summarize and word it differently, is there a way to automatically login to LDAP to check the cn of the client certificate when an application hits the Apache reverse proxy?