It appears I have found the fix. I had not looked into this issue for
several months, and recently returned to it. We are running a minimal
Apache configuration (only loading modules we require). One of the
modules that was disabled was auth_anon. It appears that this behavior
was resolved by loading the auth_anon module. Once loaded, the access
denied during copies (renames, etc) were cured up, fixing the issue.
I hope this help others,
Brian
Brian Brophy wrote:
> I have now tried "Require ldap-user" and unfortunately it still
> results in the same issue.
>
> Here if the command run:
> svn copy -m "testing"
> "https://server.corp.net/svn/abc/Common/Architecture/Publish/Working/hotBackup"
> "https://server.corp.net/svn/abc/Common/Architecture/Publish/Working/hotBackup3"
> --username abc_user1 --password myPass
>
> Here is the resulting ssl_error_log entries (shows more info ... note
> this was isolated to a test server where the command above was the
> only request sent in and below are all log entries from that command):
> [Sat Aug 12 08:09:52 2006] [info] Connection to child 7 established
> (server server.corp.net:443, client 127.0.0.1)
> [Sat Aug 12 08:09:52 2006] [info] Seeding PRNG with 136 bytes of entropy
> [Sat Aug 12 08:09:53 2006] [info] Initial (No.1) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted: -
> PROPFIND abc:/Common/Architecture/Publish/Working
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.2) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted: -
> PROPFIND abc:
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.3) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted: -
> PROPFIND abc:
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.4) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted: -
> PROPFIND abc:/Common/Architecture/Publish/Working
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.5) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted: -
> PROPFIND abc:
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.6) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted: -
> PROPFIND abc:
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.7) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted: -
> PROPFIND abc:/Common/Architecture/Publish/Working/hotBackup
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.8) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted: -
> PROPFIND abc:
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.9) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted: -
> PROPFIND abc:/Common/Architecture/Publish/Working/hotBackup
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.10) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted: -
> PROPFIND abc:/Common/Architecture/Publish/Working/hotBackup3
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted: -
> GET abc:/Common/Architecture/Publish/Working/hotBackup3
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.11) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted: -
> PROPFIND abc:/Common/Architecture/Publish/Working
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.12) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted: -
> PROPFIND abc:
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.13) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted: -
> PROPFIND abc:/Common/Architecture/Publish/Working/hotBackup3
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted: -
> GET abc:/Common/Architecture/Publish/Working/hotBackup3
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.14) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted: -
> OPTIONS abc:/Common/Architecture/Publish/Working
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.15) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted: -
> MKACTIVITY abc:
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.16) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted: -
> PROPFIND abc:/Common/Architecture/Publish/Working
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.17) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted: -
> PROPFIND abc:
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.18) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted: -
> CHECKOUT abc:
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.19) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted: -
> PROPPATCH abc:
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.20) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted: -
> PROPFIND abc:/Common/Architecture/Publish/Working
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.21) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [error] [client 127.0.0.1] [21687] no
> password?
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.22) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted:
> 'abc_user1' CHECKOUT abc:/Common/Architecture/Publish/Working
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.23) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted:
> 'abc_user1' PROPFIND abc:/Common/Architecture/Publish/Working/hotBackup3
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted:
> '(null)' GET abc:/Common/Architecture/Publish/Working/hotBackup3
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.24) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted:
> 'abc_user1' PROPFIND abc:/Common/Architecture/Publish/Working/hotBackup
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.25) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:53 2006] [info] [client 127.0.0.1] Access granted:
> 'abc_user1' PROPFIND abc:
> [Sat Aug 12 08:09:53 2006] [info] Subsequent (No.26) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:54 2006] [info] [client 127.0.0.1] Access granted:
> 'abc_user1' COPY abc:/Common/Architecture/Publish/Working/hotBackup
> abc:/Common/Architecture/Publish/Working/hotBackup3
> [Sat Aug 12 08:09:54 2006] [error] [client 127.0.0.1] Access denied:
> '(null)' COPY abc:/Common/Architecture/Publish/Working/hotBackup3
> abc:/Common/Architecture/Publish/Working/hotBackup3
> [Sat Aug 12 08:09:54 2006] [info] Subsequent (No.27) HTTPS request
> received for child 7 (server server.corp.net:443)
> [Sat Aug 12 08:09:54 2006] [info] [client 127.0.0.1] Access granted:
> 'abc_user1' DELETE abc:
> [Sat Aug 12 08:09:54 2006] [info] Connection to child 7 closed with
> standard shutdown(server server.corp.net:443, client 127.0.0.1)
>
>
> Here is the current subversion.conf:
> LoadModule authz_ldap_module modules/mod_authz_ldap.so
> LoadModule dav_svn_module modules/mod_dav_svn.so
> LoadModule authz_svn_module modules/mod_authz_svn.so
>
> # ABC Repository
> <Location /svn/abc>
> DAV svn
> SVNPath /shared/subversion/repos/abc
>
> SVNIndexXSLT "/arch-svnindex.xsl"
>
> SSLRequireSSL
>
> AuthType Basic
> AuthName "ABC LDAP"
>
> AuthzLDAPMethod ldap
> AuthzLDAPAuthoritative off
> AuthzSVNAuthoritative on
> AuthzLDAPServer 127.0.0.1:10636
> AuthzLDAPLogLevel debug
> AuthzLDAPUserBase cn=users,ou=abc,dc=abc,dc=com
> AuthzLDAPUserKey uid
> AuthzLDAPUserScope base
> AuthzLDAPGroupBase cn=groups,ou=abc,dc=abc,dc=com
> AuthzLDAPGroupKey cn
> AuthzLDAPGroupScope base
> AuthzLDAPMemberKey uniquemember
> AuthzLDAPSetGroupAuth ldapdn
>
> Satisfy any
> Require ldap-user
>
> AuthzSVNAccessFile /shared/subversion/repos/abc/conf/subversion.acl
> </Location>
>
> And, here is the /shared/subversion/repos/abc/conf/subversion.acl file:
> # Last Updated 08/12/2006 07:58:01 from ldap://127.0.0.1:10636
> [groups]
> abc_SVN Administrator = abc_user1, abc_user2
> abc_SVN Architecture = abc_user1, abc_user3
> abc_SVN Security Framework = abc_user5, abc_user4
>
> [/]
> * = r
> @abc_SVN Administrator = rw
>
> [abc:/Common/Architecture]
> @abc_SVN Architecture = rw
>
>
> Justin Erenkrantz wrote:
>> On 8/9/06, Brian Brophy <brianbrophy@email.com> wrote:
>>> I tried the suggested (not use LimitExcept but instead use Require
>>> valid-user and satisfy any) but I am experiencing the same issue. The
>>
>> Did you try 'Require ldap-user' instead of 'Require valid-user'? --
>> justin
>>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Jan 13 03:43:26 2007