I did have to do a bit of tinkering to get the LDAP authentication to
work properly. I would appreciate it if you could shared what worked
for you, as well. Here's what I came up with that works (aside from
the first commit failing):
# For any operations other than these, require an authenticated user.
<LimitExcept GET PROPFIND OPTIONS REPORT>
Allow from all
AuthLDAPBindDN "CN=BrowserAccount,OU=Service Accounts,DC=mycompany,DC=com"
AuthName "Subversion Read-only Repository"
On Wed, 16 Mar 2005 23:33:40 -0500, Dominic Anello <firstname.lastname@example.org> wrote:
> On 2005-03-16 12:07:47 -0500, Brian Fohl wrote:
> > Thanks for the advice, Dominic. I am loading mod_authz_svn, but I
> > have "SVNPathAuthz off" in my Location tag, so I don't know if that
> > matters. Here's the error I'm getting in the log:
> > [Wed Mar 16 11:46:47 2005] [warn] [client 10.0.0.144]  auth_ldap
> > authenticate: user firstname.lastname authentication failed; URI
> > /svn/repo/!svn/act/5fb8bcac-3621-e84f-910d-ed334639c888 [LDAP:
> > ldap_simple_bind_s() failed][Unavailable]
> Well, the man page for ldap_error has this in it:
> LDAP_UNAVAILABLE The DSA is unavailable.
> Not exactly helpful. DSA is directory server agent, which I guess is
> is the AD server in this case.
> I poked around a little bit and it seems like this error can be related
> to the ldap client being unable to negotiate an authentication protocol
> with the server. Did you compile mod_ldap with SSL enabled? I think I
> read somewhere that by default AD only accepts encrypted requests.
> The only other thing I can think of is maybe there is something wrong
> with your AuthLDAP parameters? I can post what worked for me tomorrow
> if you'd like.
> Again, don't take any of this as gospel, I just setup my configuration
> using an Apache/AD/LDAP recipe I found online.
> I've been told that to get what you want
> You just gotta give what you can.
> But I know for what I want -- it don't come easy as that.
To unsubscribe, e-mail: email@example.com
For additional commands, e-mail: firstname.lastname@example.org
Received on Thu Mar 17 14:52:11 2005