We were having problems browsing around the repository with the web
browser too, similar to the command line, it keeps asking to
re-authenticate. So that points at some sort of caching happening in
mod_ldap or active directory rather than the .subversion files. It
seems it is AD that is returning the error which Mod_ldap turns into an
"operations error". It seems like it does not bind properly a lot of
the time.
- Paul
On Jul 19, 2004, at 12:18 PM, Campbell, Matthew A wrote:
> Just my $0.02...
>
> Could your users have authentication tokens cached in their respective
> ~/.subversion/ directories? That would probably wreak havoc and
> cause added
> chaos.
>
> > -----Original Message-----
> > From: Paul Ossenbruggen [mailto:paul.ossenbruggen@convoii.net]
> > Sent: Monday, July 19, 2004 2:13 PM
> > To: users@subversion.tigris.org
> > Subject: Problems using AuthLDAP and ActiveDirectory
> >
> >
> > Our company has been using AuthLDAP against an ActiveDirectory
> server
> > with Subversion for a little less than 90 days, I know this because,
> > that is about how long it takes before we are required to change our
> > passwords in the Active Directory domain. During that time we
> > had some
> > minor problems where, it would not authenticate properly sometimes.
> > Navigating around the the repository would periodically cause you to
> > have to retype your password but for the most part, it seemed
> > to work.
> > Once I had to restart the apache server to get it working again.
> >
> > Then the 90 day password change happened and all hell broke
> > loose after
> > the users changed their passwords. Now it intermittently but
> > much more
> > frequently does not authenticate. It fails almost 50% of each LDAP
> > query. We tried various things like changing the
> > LDAPCacheEntries size
> > to 0. This seemed to make things worse which makes sense
> > because it was
> > checking with the server more frequently. We tried restarting the
> > Active Directory server and the Apache server but it still is
> flaky..
> > Anyway, we are now back to a password file because it has become so
> > unreliable, has anyone else had similar problems? I know that
> > Subversion is not really involved at this level, it has more
> > to do with
> > MOD_LDAP, Active Directory and Apache but it does exercise this
> > functionality pretty heavily.
> >
> > - Paul
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> > For additional commands, e-mail: users-help@subversion.tigris.org
> >
>
Received on Mon Jul 19 23:08:26 2004