----- Original Message -----
From: "Branko Čibej" <email@example.com>
To: "Samay" <firstname.lastname@example.org>
Cc: "GOVAERTS Lieven" <Lieven.GOVAERTS@post.be>;
Sent: Tuesday, August 09, 2005 10:32 AM
Subject: Re: Windows svn/tortoise clients with an Apache
2.0.54/AuthenNTLM/svn 1.2.1/Linux server
> Samay wrote:
>> ----- Original Message ----- From: "GOVAERTS Lieven"
>> To: <email@example.com>
>> Sent: Tuesday, August 09, 2005 1:42 AM
>> Subject: RE: RE: Windows svn/tortoise clients with an Apache
>> 2.0.54/AuthenNTLM/svn 1.2.1/Linux server
>>> For your information, we're using mod_ldap with Apache on a Suse 9.1
>>> server in a Windows domain and Active Directory authentication without
>>> We had a problem with the openldap code crashing on invalid passwords,
>>> but that was solved by upgrading to the latest version of openldap (
>>> 2.2.27 ).
>>> This seems be to a nice and stable solution. Currently we have some 30
>>> on Subversion, but our end goal is some 250, and I don't expect problems
>>> with the LDAP / AD part.
>> IMO, Mod_auth_kerb is better option for authentication, as its
>> lightweight and provides single-sign-on :) okay, specific to SVN clients,
>> when neon 0.25.x is part of it, but at least foundation is right there.
>> We are usine it for about 100+ users and works like a charm.
> Yes, I only wish there was a way to tell mod_auth_kerb to drop the realm
> name from the generated basic-auth user name... currently you get
> "fred@REALM" into your svn:author instead of just "fred."
> -- Brane
actually REALM is important if
a) one is authenticating agaisnt multiple AD domains. One need to know
user@REALM1 is different from user@REALM2.
b) specific to AD, user@REALM is the real user ID on AD, hence makes it easy
to implement access control on Apache, etc.
c) if AD is configured properly, then user@REALM also is the email address.
To unsubscribe, e-mail: firstname.lastname@example.org
For additional commands, e-mail: email@example.com
Received on Tue Aug 9 02:41:09 2005