[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: LDAP Setup

From: Todd D. Esposito <Todd_at_ToddEsposito.com>
Date: 2006-08-28 19:41:07 CEST

David,

I use the following in my apache setup (slightly obfuscated). This would, :

<Location /svn/>
  DAV svn
  SVNPath /var/svn
  AuthType Basic
  AuthName "My Code Repository"
  AuthLDAPAuthoritative on
  AuthLDAPUrl
ldap://localhost:389/o=myorg,dc=example,dc=com?uid?sub?(access-attribute=SVN)
  <LimitExcept GET PROPFIND OPTIONS REPORT>
    Require valid-user
  </LimitExcept>
</Location>

A key point here are that the components of the ldap URI should work from
the ldapsearch command line. To test that your filter works, break it up
and try it with ldapsearch, to wit:

$ ldapsearch -H '{your-host:port}' -b '{your-basedn}' '{your-filter}'
'{your-attribute}'

This should give you a list of all the entries which pass the filter.
Verify that the user you are trying to use is in the list.

If this works, then your URI is good, and on to other troubleshooting. If
not, then you will need to play with your URI until you get good results.

I find that the SVN book (http://svnbook.red-bean.com/) is pretty good,
and the Apache on-line docs for AuthLDAP
(http://httpd.apache.org/docs/2.0/mod/mod_auth_ldap.html) are good, if a
bit terse.

On Mon, August 28, 2006 9:50, Gale, David said:
> Ok, so no response to my earlier question--can anyone point me to a good
> resource to explain LDAP to me, specifically how to construct the
> authorization URL?
>
> Thanks,
> -David
>
> Gale, David wrote:
>> I'm working on configuring our svn server to talk to our LDAP server,
>> but I'm afraid I don't understand the Apache documentation/LDAP well
>> enough to ask our networks guy the right questions.
>>
>> Specifically, I don't know what to put in the AuthLDAPURL. I've got
>> the host & port setup correctly, but when I try to authenticate, I
>> get the following in the apache error log:
>>
>> [Fri Aug 11 14:37:09 2006] [warn] [client <IP>] [682] auth_ldap
>> authenticate: user dsg authentication failed; URI /views/
>> [ldap_search_ext_s() for user failed][Operations error]
>>
>> So, I need the basedn?attribute?scope?filter portion of the url. I
>> thought I'd gotten what I needed from our networks guy (though he
>> wasn't sure what fields I was asking for), but clearly I didn't get
>> it right. He's offered to let me poke around on the ldap server
>> directly to see if I can find what I need, but I don't know what I'd
>> be looking for.
>>
>> I know this is a very vague request for help, for which I apologize,
>> but my question is: what information do I need from the LDAP server
>> (and where can I find it) to construct the proper URL?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>

Todd D. Esposito
www.ToddEsposito.com
Todd@ToddEsposito.com
630-362-6868

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Aug 28 19:44:15 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.