[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: First commit fails??

From: Brian Fohl <brian.fohl_at_gmail.com>
Date: 2005-03-17 14:49:19 CET

I did have to do a bit of tinkering to get the LDAP authentication to
work properly. I would appreciate it if you could shared what worked
for you, as well. Here's what I came up with that works (aside from
the first commit failing):

<Location /svn>
  DAV svn
  SVNParentPath "//svrintranet01/RDrive/Subversion"
  SVNAutoversioning on
  SVNPathAuthz off

  # For any operations other than these, require an authenticated user.
  <LimitExcept GET PROPFIND OPTIONS REPORT>
          SetHandler ldap-status
        Order deny,allow
        Allow from all
        AuthLDAPEnabled on
        AuthLDAPURL
ldap://svr-dc1/CN=Users,DC=mycompany,DC=com?sAMAccountName?sub?(Objectclass=user)
         AuthLDAPBindDN "CN=BrowserAccount,OU=Service Accounts,DC=mycompany,DC=com"
         AuthLDAPBindPassword "XXXXXXXXXXXXXXXXXXXXXXX"
        AuthLDAPAuthoritative on
        require valid-user
        AuthType Basic
        AuthName "Subversion Read-only Repository"
  </LimitExcept>
</Location>

Thanks,
Brian

On Wed, 16 Mar 2005 23:33:40 -0500, Dominic Anello <danello@danky.com> wrote:
> On 2005-03-16 12:07:47 -0500, Brian Fohl wrote:
> > Thanks for the advice, Dominic. I am loading mod_authz_svn, but I
> > have "SVNPathAuthz off" in my Location tag, so I don't know if that
> > matters. Here's the error I'm getting in the log:
> >
> > [Wed Mar 16 11:46:47 2005] [warn] [client 10.0.0.144] [972] auth_ldap
> > authenticate: user firstname.lastname authentication failed; URI
> > /svn/repo/!svn/act/5fb8bcac-3621-e84f-910d-ed334639c888 [LDAP:
> > ldap_simple_bind_s() failed][Unavailable]
> ----8<----
>
> Well, the man page for ldap_error has this in it:
> LDAP_UNAVAILABLE The DSA is unavailable.
>
> Not exactly helpful. DSA is directory server agent, which I guess is
> is the AD server in this case.
>
> I poked around a little bit and it seems like this error can be related
> to the ldap client being unable to negotiate an authentication protocol
> with the server. Did you compile mod_ldap with SSL enabled? I think I
> read somewhere that by default AD only accepts encrypted requests.
>
> The only other thing I can think of is maybe there is something wrong
> with your AuthLDAP parameters? I can post what worked for me tomorrow
> if you'd like.
>
> Again, don't take any of this as gospel, I just setup my configuration
> using an Apache/AD/LDAP recipe I found online.
>
> --
> I've been told that to get what you want
> You just gotta give what you can.
> But I know for what I want -- it don't come easy as that.
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Mar 17 14:52:11 2005

This is an archived mail posted to the Subversion Users mailing list.