[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Windows Authentication

From: Warren Gavin <wmopnc_at_gmail.com>
Date: 2004-09-11 03:30:27 CEST

I had initially tried what Seth had done but I had no luck. Here's
what worked for me.

<Location /repos>
  DAV svn
  SVNPath d:/svn-repository/

  AuthType Basic
  AuthName "Subversion Repository"
  require valid-user

  AuthLDAPURL "ldap://server:389/ou=Organization,dc=domain,dc=com?sAMAccountName?sub?(objectClass=user)"
  AuthLDAPBindDN "user@domain.com"
  AuthLDAPBindPassword password

Probably not the best way but it worked.

On Tue, 7 Sep 2004 11:10:37 -0700, Seth de l'Isle <seth.delisle@ge.com> wrote:
> On Sun, Sep 05, 2004 at 05:36:22AM +0200, Branko ??ibej wrote:
> > You can get a similar effect on Unix with mod_auth_pam and pam_smb
> > (there used to be a mod_auth_ntlm, but IIRC it's defunct now), however
> > it doesn't understand the Windows-specific handshake -- in other words,
> > it just checks the basic auth tokens against an NT domain controller.
> I evaluated mod_auth_pam and pam_smb, as well as using mod_auth_ldap
> against active directory. mod_auth_ldap proved to require less setup.
> I didn't find a good example of apache authenticating against active
> directory, so maybe my configuration would be useful to others:
> <Directory />
> Options FollowSymLinks
> AllowOverride None
> Order deny,allow
> AuthType Basic
> AuthLDAPURL "ldaps://mydomain.com:389/dc=mydomain,dc=com?sAMAccountName"
> AuthLDAPBindDN "cn=Seth Delisle,ou=IT Administration,dc=mydomain,dc=com"
> AuthName Restricted
> Require valid-user
> </Directory>
> Note that you need an AuthLDAPBindDN enty that resolves to a user with
> permissions to browse the active directory, and that the first cn= is not the
> same string that you would use to log into a windows box, it's described as the
> "Display Name" when using window's mmc domain-users "snap-in."
> The Apache2 docs describe the configuration directives in detail:
> http://httpd.apache.org/docs-2.0/mod/mod_auth_ldap.html

Warren Gavin
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sat Sep 11 03:31:26 2004

This is an archived mail posted to the Subversion Users mailing list.