[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

LDAP authentication and Subversion

From: Sean E. Russell <ser_at_germane-software.com>
Date: 2002-11-21 22:06:00 CET

I recently dove into trying to use mod_ldap 2.6 for Apache 2 for
authenticating Subversion repository access. In a nutshell, I've found
that everything works as expected *except* any authentication via the
svn CLI client. I'd like to hear from anybody who has successfully
gotten the subversion client to authenticate against the repository.

It appears that mod_ldap refuses to authenticate the Subversion CLI
client. Given the Subversion Location:

    <Location "/authtest">
        DAV svn
        SVNPath /edited/
        AuthType Basic
        AuthName "Authentication Test repository"
        AllowOverride None
        order allow,deny
        allow from all
        LDAP_Server sever.com
        LDAP_Port 1234
        Base_DN "dc=domain,dc=com"
        UID_Attr uid
        Require valid-user
    </Location>

if I hit /authtest with Mozilla (or IE), I get the authentication
dialog, and if I enter a valid username/password, can browse the
repository. Nice. However, any attempt to hit the repository with the
SVN client results in:

    svn: Authorization failed
    svn: MKACTIVITY of /path: authorization
failed

for an import, or

    svn: Authorization failed
    svn: PROPFIND of /authtest: authorization failed

for a checkout.

The logs (with LDAP in debug mode) show this for the SVN client access
attempt:

    [Thu Nov 21 15:36:53 2002] [error] [client 123.123.123.123]
[mod_auth_ldap.c] - LDAP server=server.com,Port=1234
    [Thu Nov 21 15:36:53 2002] [error] [client 123.123.123.123]
[mod_auth_ldap.c] - opening connection to LDAP server:
server.com at port: 1233
    [Thu Nov 21 15:36:53 2002] [error] [client 123.123.123.123]
[mod_auth_ldap.c] - filter: (uid=userid)
    [Thu Nov 21 15:36:53 2002] [error] [client 123.123.123.123]
[mod_auth_ldap.c] - Bind_DN/Bind_Pass is not provided
    [Thu Nov 21 15:36:53 2002] [error] [client 123.123.123.123]
[mod_auth_ldap.c] - in ldapFindUserDN() user DN:
uid=userid,ou=people,c=US,dc=domain,dc=com
    [Thu Nov 21 15:36:53 2002] [error] [client 123.123.123.123]
[mod_auth_ldap.c] - User DN: uid=userid,ou=people,c=US,dc=gsk,dc=com
    [Thu Nov 21 15:36:53 2002] [error] [client 123.123.123.123]
[mod_auth_ldap.c] - Invalid Login or Password for:userid

Is there something special needed for supporting the SVN client? I'm
trying to think of why the client fails to authenticate where the web
browsers succeed. Is there some password munging that is/isn't
occurring? My ability to sniff packets in this environment is extremely
limited.

This is r3200.

Thanks.

--- SER

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Nov 21 22:07:45 2002

This is an archived mail posted to the Subversion Dev mailing list.