[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Path-based authorization buggy when using SASL-LDAP

From: Jan Keirse <jan.keirse_at_tvh.com>
Date: Fri, 23 Nov 2012 17:46:22 +0100

Just a wild guess: does your username (in AD or as you entered it in the
svn client) have the same case as the authz file? Windows doesn't care but
the authz file does.
My apache configuration has this setting to accomodate for this:
  AuthzForceUsernameCase lower
I _think_ svnserve can do the same thing with

force-username-case = lower

Kind Regards,

*JAN KEIRSE*
*CORPORATE SERVICES* • *Specialist Software Developer*
T +32 56 43 42 45 • F +32 56 43 44 46 • jan.keirse_at_tvh.com

*TVH GROUP NV*
Brabantstraat 15 • BE-8790 WAREGEM
T +32 56 43 42 11 • F +32 56 43 44 88 • www.tvh.com

On Fri, Nov 23, 2012 at 4:50 PM, Markus Karg <karg_at_quipsy.de> wrote:

> Hello Subversion Community,****
>
> ** **
>
> do you know any relationship between LDAP and paths in svn?****
>
> ** **
>
> I am running svnserve 1.6.12 on Debian 6.0.6 „squeeze“ and it works really
> well, but now I wanted to switch from plain passwd file to SASL-LDAP
> (ActiveDirectory) based authentication and trapped into a really, really
> weird problem: On **some** paths and files in my repo I cannot write
> anymore („Access Denied“), while I still can read them and write all others!
> ****
>
> ** **
>
> This is strange since:****
>
> **- **It happens only with **some** paths and files and I do not
> see any common pattern!****
>
> **- **I have **not** set up any special treatment oft that paths
> or files in my authzfile!****
>
> **- **All aliases are in one group that has **„rw“** access
> declared in the authzfile, and there is **no** separated „r-only“ rule
> declared on **any** path or file for this group!****
>
> **- **It works **perfectly** with use-sasl=false, i. e. with
> plain passwd file – the problem **only** occurs when I do use-sasl=true!**
> **
>
> ** **
>
> It is totally weird, as I do neither see any relationship between that
> paths and my authzfile configuration, nor do I see any relationship between
> LDAP and that paths!****
>
> ** **
>
> For me it simply looks like a bug in svnserve 1.6.12! L****
>
> ** **
>
> It would be great if anybody could tell me some ideas what I can do, as I
> want to switch from plain passwd file to SASL-LDAP ASAP. J****
>
> ** **
>
> Thanks!****
>
> -Markus****
>
Received on 2012-11-23 17:47:16 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.