RE: Integrating Subversion/Apache with Windows Active directory (LDAP)

We are using Subversion with Apache, WebDAV and LDAP (Active Directory). Our server is running on Microsoft Windows 2000.
We are authenticating via LDAP users and groups. To do this we specify AuthLDAPURL etc. See excerpt from our httpd.conf (slightly obfuscated for security reasons):
 
<Location /subversion>
  DAV svn
  SVNParentPath C:/xxxx/subversion
  SVNIndexXSLT "/style/svnindex.xsl"
 
  AuthType Basic
  AuthName "Subversion Courses"
  SVNAutoversioning on
 
  AuthLDAPURL " ldap://topnz.ac.nz/DC=topnz,DC=ac,DC=nz?sAMAccountName"
  AuthLDAPBindDN "CN=zzzz,OU=Service Accounts,DC=topnz,DC=ac,DC=nz"
  AuthLDAPBindPassword "yyyy"
# Default access is restricted to repository administrators
  require group CN=Subversion Administrator,OU=Svn Groups,DC=topnz,DC=ac,DC=nz
</Location>
 
See also postings with subject "httpd.conf problem limiting access to lower levels" on 20 July 2005. Wild cards (e.g. *) do not work in the Location and Directory elements.
 
To prevent having to enter password every time, check the box for the system to remember it, wherever possible. You will still be asked whenever changing repository etc.
 
Regards,
Donald Rogers
P.S. This is a copy of what I wrote to the group on 17 July 2005
 

-----Original Message-----
From: Lafond, Pascal [mailto:PascalLafond@SierraSystems.com]
Sent: Friday, 2 December 2005 10:53 a.m.
To: users@subversion.tigris.org
Subject: Integrating Subversion/Apache with Windows Active directory (LDAP)

I have been unable to get my subversion install to work with Windows active directory

I am using

- Subversion 1.2.3

- Apache 2.0.55 (apache_2.0.55-win32-x86-no_ssl.msi)

- Windows Server 2003

With no security subversion and apache work fine and I am able to access the repository.

When I try to set up LDAP security with httpd.conf file detailed below.

- Apache starts fine

- Connecting with IE I get prompted for my credentials

- Apache dies (stops)

Was anyone else able to get LDAP authentication working with apache subversion? If so I would greatly appreciate your help.

The relevant sections of my httpd.conf file are as follows

LoadModule access_module modules/mod_access.so

LoadModule actions_module modules/mod_actions.so

LoadModule alias_module modules/mod_alias.so

LoadModule asis_module modules/mod_asis.so

LoadModule auth_module modules/mod_auth.so

# Added for LDAP authentication

LoadModule ldap_module modules/util_ldap.so

LoadModule auth_ldap_module modules/mod_auth_ldap.so

LoadModule autoindex_module modules/mod_autoindex.so

LoadModule cgi_module modules/mod_cgi.so

LoadModule dav_module modules/mod_dav.so

# Subversion

LoadModule dav_svn_module modules/mod_dav_svn.so

LoadModule dir_module modules/mod_dir.so

LoadModule env_module modules/mod_env.so

LoadModule imap_module modules/mod_imap.so

LoadModule include_module modules/mod_include.so

LoadModule isapi_module modules/mod_isapi.so

LoadModule log_config_module modules/mod_log_config.so

LoadModule mime_module modules/mod_mime.so

LoadModule negotiation_module modules/mod_negotiation.so

LoadModule setenvif_module modules/mod_setenvif.so

LoadModule userdir_module modules/mod_userdir.so

# Subversion

<Location /svn>

  DAV svn

  # any /svn/foo URL will map to a repository C:/svn/foo

  SVNParentPath C:/svn

  AuthType Basic

  AuthName "Subversion repository"

  AuthLDAPUrl ldap://servername/OU=WPG,DC=domain,DC=com

  Require valid-user

</Location>

Note: I replaced the actual name of the server with servername and one of the DC parameters to domain

----Notice Regarding Confidentiality----
This email, including any and all attachments, (this "Email") is intended only for the party to whom it is addressed and may contain information that is confidential or privileged. Sierra Systems Group Inc. and its affiliates accept no responsibility for any loss or damage suffered by any person resulting from any unauthorized use of or reliance upon this Email. If you are not the intended recipient, you are hereby notified that any dissemination, copying or other use of this Email is prohibited. Please notify us of the error in communication by return email and destroy all copies of this Email. Thank you.
Received on Fri Dec 2 03:20:53 2005