[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: LDAP authentication and Subversion

From: Sean E. Russell <ser_at_germane-software.com>
Date: 2002-11-22 07:00:41 CET

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Je Thu November 21 2002 16:22, John Barstow skribis:
> Authentication in the Subversion client is handled by the Neon library.

Does the SVN client *really* need to know about how authentication is handled
on the server?? Theoretically, the client should be ignorant of what the
authentication mechanism is, aside from having to supply the server with the
proper credentials. Specifically, LDAP authentication on the server doesn't
require any other credentials than is required by Basic -- a user name and
password. I understand that the auth mechanism largely determines what sort
of credentials the server requires from the client, and so there *is* an
amount of necessary support on the client side; my claim here is that LDAP
looks to clients no different than Basic, or perhaps Digest. I believe, in
fact, that my LDAP configuration (which I pasted) has mod_ldap reporting
itself as *being* Basic.

> just need to turn it on (look for a #if 0). If the authentication scheme
> is begin recognized as one of the supported schemes, it's probably a bug in
> Neon. Otherwise, it might be detecting as an unsupported scheme.

This makes sense... sort of. POLS would lead me to believe that, in that
case, the SVN client would tell me that it doesn't recognise the schema,
rather than asking for the username/password and then failing, as if it knew
what it was about. Further, I'd expect different results in the Apache
logs... it is certainly getting the username from the client properly.

I'll check the client-side logging for more info.

> The other relevant issue is whether or not you are passing through a proxy;
> the code to handle proxy servers is slightly different and could be a
> suspect.

No, no proxies on this intranet.

*Has* anyone else successfully used LDAP as an authentication mechanism in
Apache specifically for controlling access to SVN repositories?

Thanks for your response, John.

- --- SER
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE93cgVP0KxygnleI8RArOOAKCxOTDLifz2uA3+cUt0ltXE9Nh5DACfXqVu
b4x3bOLqhyhatZ+GDP+6frU=
=zkbd
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Fri Nov 22 07:01:41 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.