[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: AuthzSVNAccessFile and branching

From: Lieven Govaerts <lgo_at_mobsol.be>
Date: 2005-07-06 19:50:41 CEST

Eric,

I don't have answers, just some remarks:

1. in the log:
 
[Wed Jul 06 09:41:21 2005] [error] [client 10.31.1.21] Access denied:
'(null)' COPY landfill:/branches/1.0/trunk landfill:/branches/1.0/trunk

there is (null) where the username should be filled in, did you do
this manually or was it the original error log? If this is like it
appeared in the log it sure is a problem.

2. Your log and the error show that svn is trying to create a trunk folder
inside the branches/1.0 folder, so I guess the branches/1.0 folder was
already created? Try deleting it first, or create another branch.
( probably was part of the example? )

3. I'm not sure about the:
        Options Indexes FollowSymLinks
        AllowOverride None
        order allow,deny
        allow from all
   part, but I copied this in my own apache conf, without problems. Why
   do you need this?

4. I do all my testing and production with Subversion 1.2, my logs show
some differences in comparison to yours:
C:\temp>svn copy http://mobsol.be/svn/public/trunk
http://mobsol.be/svn/public/b
ranches/1.0 -m "branch 1.0" --username lgo
[Wed Jul 06 19:39:48 2005] [error] [client 84.195.197.106] Access denied:
'lgo' CHECKOUT public:/branches
[Wed Jul 06 19:39:51 2005] [error] [client 84.195.197.106] Access denied:
'lgo' CHECKOUT public:/branches

It shows the CHECKOUT command instead of COPY. I'm not sure what this means.
Maybe you can upgrade your testenvironment to 1.2 ( or 1.2.1 ) to see what
happens there?

5. And maybe the obvious question: try to specify --username & --password
with your
svn copy command, so you're really sure which account you're using. And
check if
this account is truly in the developers group.

Lieven.

-----Original Message-----
From: news [mailto:news@sea.gmane.org] On Behalf Of Eric Eickhoff
Sent: woensdag 6 juli 2005 17:01
To: users@subversion.tigris.org
Subject: Re: AuthzSVNAccessFile and branching

Thanks Lieven for your info. Here are the log file entries:

When I issue the following command:

svn cp http://subv2.xyz.com/repos/landfill/trunk
http://subv2.xyz.com/repos/landfill/branches/1.0 -m "1.0 branch"

it will prompt me 3 times for username/password and then displays the
following:

subversion/libsvn_ra_dav/util.c:294: (apr_err=170001)
svn: COPY of branches/1.0/trunk: authorization failed (http://subv2.xyz.com)

The Apache error_log contains a series of these entries:

[Wed Jul 06 09:41:21 2005] [error] [client 10.31.1.21] Access denied:
'(null)' COPY landfill:/branches/1.0/trunk landfill:/branches/1.0/trunk [Wed
Jul 06 09:41:24 2005] [error] [client 10.31.1.21] Access denied:
'(null)' COPY landfill:/branches/1.0/trunk landfill:/branches/1.0/trunk [Wed
Jul 06 09:41:27 2005] [error] [client 10.31.1.21] Access denied:
'(null)' COPY landfill:/branches/1.0/trunk landfill:/branches/1.0/trunk

This is happening on both my production Subversion server and a test
subversion server (running subversion 1.1.3 -- all else the same).

Again, commits work without a problem, so I know that I have write access to
the repository. Any suggestions?

"Lieven Govaerts" <lgo@mobsol.be> wrote in message
news:20050706070617.683FA1980DA@europa.telenet-ops.be...
> Eric,
>
> I don't have the solution for your problem, just some info that may
> help you solve it.
>
> I have the same setup like yours in terms of components and
> configuration, only using different versions:
>
> apache 2.0.54 on Suse
> Subversion 1.2
> Authentication against AD with mod_authz_ldap
>
> Our LDAP configuration is identical to yours.
>
> Our svnaccess.conf is identical to your first version.
>
> This configuration allows us to make branches without problem.
>
> Maybe you can post some relevant extracts of apache's error.log file?
>
> Lieven.
>
>
>
>
> -----Original Message-----
> From: news [mailto:news@sea.gmane.org] On Behalf Of Eric Eickhoff
> Sent: dinsdag 5 juli 2005 20:46
> To: users@subversion.tigris.org
> Subject: AuthzSVNAccessFile and branching
>
> I am currently having an issue with doing a 'svn copy' command
> (attempting to create a branch) and the way my access permissions are
> set up in the AuthzSVNAccessFile.
>
> I am doing LDAP authentication without a problem, and can do commits
> to the repository with no problem -- it is just when doing a svn copy,
> I keep getting prompted for username and password and eventually
> fails.
>
> Here are the details:
>
> Subversion 1.1.2 on RHEL v3
> Authenticating against W2K Active Directory via mod_authz_ldap Apache
> 2.0
>
> httpd.conf
> -----------
> <Location /svn>
> DAV svn
> SVNParentPath /svn
> SVNIndexXSLT "/svnindex.xsl"
> Options Indexes FollowSymLinks
> AllowOverride None
> order allow,deny
> allow from all
> AuthzLDAPMethod ldap
> AuthzLDAPServer ldap1.xyz.com:389
> AuthzLDAPBindDN "CN=subv,OU=XXX,DC=xyz, DC=com"
> AuthzLDAPBindPassword "*******"
> AuthzLDAPUserBase "ou=XXX,dc=xyz,dc=com"
> AuthzLDAPUserKey sAMAccountName
> AuthzLDAPUserScope subtree
> AuthzSVNAccessFile /opt/subversion/svn-access-file
> AuthType basic
> AuthName "Subversion Access"
> require valid-user
> </Location>
>
> svn-access-file
> --------------------
> [groups]
> developers = user1
>
> #to allow everyone read access
> [/]
>
> * = r
>
> [landfill:/]
> #allow all developers complete access
> @developers = rw
>
>
> Now, with this config, I can commit changes to the landfill repository
> with no problem. However, if I try to create a branch (via svn copy),
> it will fail after prompting for the username and password several
> times (on the commit, it prompts once for the username/password and
> them performs the commit). The apache error_log displays Access
> Denied entries.
>
> If, I modify the following section of the svn-access-file as such:
>
> [/]
>
> * = rw
>
> OR
>
> [landfill:/]
>
> * = rw
>
> everything works without a hitch.
>
> Based on what I have read in the manual and online, the original
> configurations above should work to allow everyone read access and the
> developers group read/write access (including copies). Am I way off base?
>
> Thanks for the help!
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
> --
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.0.323 / Virus Database: 267.8.9/39 - Release Date:
> 4/07/2005
>
>
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.323 / Virus Database: 267.8.9/42 - Release Date:
> 6/07/2005

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.8.9/42 - Release Date: 6/07/2005
 
-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.8.9/42 - Release Date: 6/07/2005
 
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Jul 6 19:54:04 2005

This is an archived mail posted to the Subversion Users mailing list.