[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: LDAP for authentication

From: Barnett, Chris <Chris.Barnett_at_Yum.com>
Date: 2004-08-12 07:00:25 CEST

Hi Vijay!

> Hello,
> I am trying to configure mod_dav_svn so that it uses
> mod_auth_ldap/mod_ldap for authentication. Has anyone tried this
> successfully?

Sure have.

> I am not sure if the problem is with the fact that the LDAP directory
> is actually Active Directory LDAP or am I just using the wrong options
> (?uid?sub). Any thoughts?

I'm also authenticating against an Active Directory server

Here's my config (with names changed):

<Location /repos>
   DAV svn
   SVNPath /path/to/repository

   # Limit write permission to list of valid users.
   <LimitExcept GET PROPFIND OPTIONS REPORT>

      AuthType Basic
      AuthName "Repository Name"
      AuthLDAPEnabled On
      AuthLDAPAuthoritative on
      AuthLDAPURL
ldap://ldap.server.com/dc=ldap,dc=server,dc=com?sAMAccou
ntName
      AuthLDAPBindDN DOMAINNAME\ldapuser
      AuthLDAPBindPassword ldapuserpassword

   </LimitExcept>
</Location>

Note that I'm using sAMAccountName as the login name, not sure if this
is always the correct thing to do, but it works for me.

I've also made apache bind as "ldapuser", rather than the user who is
actually authenticating. This account would need to be created under
your domain. I don't know if this is needed (for Active Directory), I
know it's not what you're really supposed to do. But again, it works for
me.

For the record, I am running svn 1.0.4 on redhat 9 with apache 2.0.48.

Active Directory is running under Windows 2000 Server.

HTH,

Chris

This communication is confidential and may be legally privileged. If you are not the intended recipient, (i) please do not read or disclose to others, (ii) please notify the sender by reply mail, and (iii) please delete this communication from your system. Failure to follow this process may be unlawful. Thank you for your cooperation.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Aug 12 07:00:54 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.