RE: Using LDAP to authenticate users

From: Reagan Penner <Reagan_Penner_at_pmc-sierra.com>
Date: 2006-08-02 22:51:59 CEST

Hello, thanks for the response.

I assume that when you talk about "there are two separate modules out there - one is a third party module and the other is integrated into Apache. Make sure you use the integrated one." you are referring to the mod_auth_ldap module?

My currently configuration looks as follows:
apache 2.2.2 and subversion 1.3.2.

When I try to install mod_auth_ldap (either 2.12 or 2.16 I get the following error:

mod_auth_ldap.c:74:24: apr_compat.h: No such file or directory

If I make this change (include apr_compat.h -> include ap_compat.h) in the mod_auth_ldap.c file then this error goes away and these errors pops up:

mod_auth_ldap.c:558: error: parse error before "ldap_auth_config_rec"
mod_auth_ldap.c:558: error: initializer element is not constant
mod_auth_ldap.c:558: error: (near initialization for `ldap_auth_cmds[0].cmd_data')
...

It is almost like mod_auth_ldap has not kept up with apache even thought both 2.12 and 2.16 say that they are 2.x compliant.

Any help with this would be greatly appreciated. Is there a different module that I should be trying to use? It is mentioned that I want the one that is integrated with apache? Do I have to rebuild apache, does apache ship with ldap?

thanks in advance - reagan

_____

From: Frank Gruman [mailto:fgatwork@verizon.net]
Sent: Wednesday, August 02, 2006 7:01 AM
To: Frank Gruman
Cc: Reagan Penner; users@subversion.tigris.org
Subject: Re: Using LDAP to authenticate users

Frank Gruman wrote:

Reagan Penner wrote:
<snip>

The problem is that I can't seem to find any good source of documentation on the Tigris site that would walk me through configuring the system with LDAP. I see that the svn book walks through basic httpd authentication but not LDAP/active directory.

Is the subersion community leaving this as an apache task or is there a good howto that someone could point me to?

</snip>

This is primarily an Apache task. That is one of the major advantages of being able to host your repository through Apache - you can use any of Apache's authentication/authorization modules. You can google for a lot of them. There are two separate modules out there - one is a third-party module and the other is integrated into Apache. Make sure you use the integrated one. I am not sure the other is still maintained.

When you set this up, try to use your AD Global Catalog (port 3268) rather than the standard LDAP port of 389. There is a bug floating out there (http://issues.apache.org/bugzilla/show_bug.cgi?id=26538 <http://issues.apache.org/bugzilla/show_bug.cgi?id=26538> ) that still shows as not resolved when connecting through the standard LDAP method.

Regards,
Frank

I stand corrected on my previous post. It looks like Apache MAY have resolved the alias referencing issue I noted above. Check out http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html <http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html> .

Regards,
Frank
Received on Wed Aug 2 22:54:14 2006

This message: [ Message body ]
Next message: Garrett Rooney: "Re: Change Properties of a file at a previous revision"
Previous message: Garrett Rooney: "Re: HOOK Script Question: how can I determine url from a transaction with SVNlook"
Maybe in reply to: Reagan Penner: "Using LDAP to authenticate users"
Next in thread: Frank Gruman: "Re: Using LDAP to authenticate users"
Reply: Frank Gruman: "Re: Using LDAP to authenticate users"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]