[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: First commit fails??

From: Brian Fohl <brian.fohl_at_gmail.com>
Date: 2005-03-17 14:49:19 CET

I did have to do a bit of tinkering to get the LDAP authentication to
work properly. I would appreciate it if you could shared what worked
for you, as well. Here's what I came up with that works (aside from
the first commit failing):

<Location /svn>
  DAV svn
  SVNParentPath "//svrintranet01/RDrive/Subversion"
  SVNAutoversioning on
  SVNPathAuthz off

  # For any operations other than these, require an authenticated user.
          SetHandler ldap-status
        Order deny,allow
        Allow from all
        AuthLDAPEnabled on
         AuthLDAPBindDN "CN=BrowserAccount,OU=Service Accounts,DC=mycompany,DC=com"
        AuthLDAPAuthoritative on
        require valid-user
        AuthType Basic
        AuthName "Subversion Read-only Repository"


On Wed, 16 Mar 2005 23:33:40 -0500, Dominic Anello <danello@danky.com> wrote:
> On 2005-03-16 12:07:47 -0500, Brian Fohl wrote:
> > Thanks for the advice, Dominic. I am loading mod_authz_svn, but I
> > have "SVNPathAuthz off" in my Location tag, so I don't know if that
> > matters. Here's the error I'm getting in the log:
> >
> > [Wed Mar 16 11:46:47 2005] [warn] [client] [972] auth_ldap
> > authenticate: user firstname.lastname authentication failed; URI
> > /svn/repo/!svn/act/5fb8bcac-3621-e84f-910d-ed334639c888 [LDAP:
> > ldap_simple_bind_s() failed][Unavailable]
> ----8<----
> Well, the man page for ldap_error has this in it:
> LDAP_UNAVAILABLE The DSA is unavailable.
> Not exactly helpful. DSA is directory server agent, which I guess is
> is the AD server in this case.
> I poked around a little bit and it seems like this error can be related
> to the ldap client being unable to negotiate an authentication protocol
> with the server. Did you compile mod_ldap with SSL enabled? I think I
> read somewhere that by default AD only accepts encrypted requests.
> The only other thing I can think of is maybe there is something wrong
> with your AuthLDAP parameters? I can post what worked for me tomorrow
> if you'd like.
> Again, don't take any of this as gospel, I just setup my configuration
> using an Apache/AD/LDAP recipe I found online.
> --
> I've been told that to get what you want
> You just gotta give what you can.
> But I know for what I want -- it don't come easy as that.

To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Mar 17 14:52:11 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.