[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion using apache and ldap

From: Brent Kiley <bkiley_at_gmail.com>
Date: 2007-05-10 20:29:12 CEST

Hi Kyle,

Thanks for the response. This may sound like a stupid question, how does it
know where to obtain the password from? Is it possible that this is my
problem? I want it authenticated based on uid so I think my query string is
alright.

Thanks,

Brent

On 5/10/07, Kyle George <kgeorge@tcpsoft.com> wrote:
>
> On Thu, 10 May 2007, Brent Kiley wrote:
>
> > I have finally been able to get subversion working over apache. I have
> now
> > jumped into the task of adding authentication of this access using an
> > openldap directory that is already used for our domain authentication.
> The
> > problem is I can not seem to get it to work. I believe that I have the
> ldap
> >
> > [snip]
> >
> > If anyone has any ideas please let me know, or if I can provide any
> > additional info to diagnose the problem, please tell me.
>
> I run Subversion 1.4.3 on OpenBSD w/ Apache 2.2.4. I authenticate against
> Active Directory (MS-ified LDAP) with the standard mod_authnz_ldap and
> OpenLDAP just fine using the email LDAP attribute for the username. Note
> that the use of port 3268 is for some strange thing with AD and that AD
> requires that a valid DN (distinguished name) be used to "bind" to the
> directory during the search phase. This may or may not be required in
> your setup. Your DNs and paths will definitely be different as well.
>
> Here's what works for me:
>
> <Location /svn>
> # Enable WebDAV with svn provider
> DAV svn
>
> # Parent path for svn repositories
> SVNParentPath /var/svn/repos
>
> # Require that clients authenticate against active directory and belong
> # to the right group
> AuthType basic
> AuthName "subversion repository"
> AuthBasicProvider ldap
> AuthUserFile /dev/null
> AuthzLDAPAuthoritative Off
> AuthLDAPURL
> "ldap://my.domain:3268/dc=my,dc=domain?mail?sub?(&(objectClass=user))"
> AuthLDAPBindDN "cn=mybindusername,ou=Service Accounts,ou=Security
> Groups And Service Accounts,dc=my,dc=domain"
> AuthLDAPBindPassword "mypassword"
> Require ldap-group CN=Development,OU=Security Groups,OU=Security Groups
> And Service Accounts,DC=my,DC=domain
>
> # Once authenticated, restrict repository virtual filesystem
> permissions
> AuthzSVNAccessFile /var/svn/conf/authzsvn
> </Location>
>
> --
> Kyle George
>
Received on Thu May 10 20:29:38 2007

This is an archived mail posted to the Subversion Users mailing list.