RE: Apache 2.0.59, SVN 1.4 and LDAP
From: Clint Stotesbery <cstotes_at_hotmail.com>
Date: 2006-11-04 03:20:04 CET
>However, if you're running> Apache on Windows (like me), you'll notice that mod_auth_ldap is rather> flakey and frequently crashes when it's unbinding form the LDAP server.
> Date: Fri, 3 Nov 2006 11:04:30 +0000> From: damian.powell_at_davislangdon.com> To: users_at_subversion.tigris.org> Subject: RE: Apache 2.0.59, SVN 1.4 and LDAP> > The example below does the trick for me. However, if you're running> Apache on Windows (like me), you'll notice that mod_auth_ldap is rather> flakey and frequently crashes when it's unbinding form the LDAP server.> > Also, the conversation between Apache and the LDAP server is not> encrypted so if your LDAP server is also your Active Directory server,> then your Active Directory password will be going over the network in> the clear. To make things worse, your password could be going over the> network in the clear twice: once between your Subversion client and> Apache, and again between Apache and your LDAP server.> > There is also a potential gotcha with the LDAP URL. If you *are* using> LDAP to access Active Directory, then you need to specify at least one> OU as well as the DC components. If you want to search from the root of> the Active Directory domain, you'll have to specify port 3268 in the> LDAP URL (like this:> "ldap://MyAdServer:3268/DC=MyDomain,DC=com?sAMAccountName") rather than> the URL in the example.> > I should also point out that the configuration shown will allow any> authenticated user to browse the repository but only allow members of> the DeveloperStaff group to commit changes.> > Don't let me put you off though! :)> > While I'm on the subject: does anybody have a Windows build of> Subversion 1.4 that is built against Apache 2.2?> > <Location /svn>> # Subversion configuration> DAV svn> SVNParentPath C:/Repositories/Subversion> # Authentication> AuthType Basic> AuthName "Subversion Repository"> AuthLDAPUrl> "ldap://MyAdServer/OU=MyOu,DC=MyDomain,DC=com?sAMAccountName"> AuthLDAPBindDN "mydomain\adviewerusername"> AuthLDAPBindPassword "adviewerpassword"> # Authorization> <Limit GET PROPFIND OPTIONS REPORT>> Require valid-user> </Limit>> <LimitExcept GET PROPFIND OPTIONS REPORT>> Require group CN=DeveloperStaff,OU=MyOu,DC=MyDomain,DC=com> </LimitExcept>> </Location>> > > > PS: Apologies for this long signature:> > > > > **********************************************************************> PRIVACY AND CONFIDENTIALITY NOTICE> > This email, and any files transmitted with it, is strictly > confidential and intended solely for the person or organisation to > whom it is addressed. If it comes to the attention of any other > unauthorised person, no action may be taken on it nor should it be > copied or shown to any third party.> > If you have received this email in error please return it> to postmaster_at_davislangdon.com> > This email message has been swept for the presence of computer viruses.> **********************************************************************> > > > <font face="Arial, Helvetica" style="font-size:7.6pt" color="black">Project Management | Cost Management | Management Consulting | Legal Support | Specification Consulting | Engineering Services | Property Tax & Finance<br clear="all"> </font><br><font face="Arial, Helvetica" style="font-size:7pt;" color="#808285">Davis Langdon LLP is a limited liability partnership registered in England and Wales with registered number OC306911. A list of members' names is available for inspection at MidCity Place, 71 High Holborn, London WC1V 6QS, the firm's principal place of business and registered office.<br><br>Davis Langdon LLP is a member firm of Davis Langdon & Seah International, with offices in: England, Scotland, Wales, Ireland, France, Spain, Poland, Lebanon, Bahrain, UAE, Qatar, Saudi Arabia, Egypt, Brunei, China, Hong Kong, India, Indonesia, Korea, Malaysia, Philippines, Singapore, Thailand, Vietnam, Australia, New Zealand, South Africa, Botswana and the USA</font><br><br><hr><font face="Arial, Helvetica" style="font-size:7pt" color="black">PRIVACY AND CONFIDENTIALITY NOTICE<br><br>This email, and any files transmitted with it, is strictly confidential and intended solely for the person or organisation to whom it is addressed. If it comes to the attention of any other unauthorised person, no action may be taken on it nor should it be copied or shown to any third party. This email message has been swept for the presence of computer viruses.<br><br>If you have received this email in error please return it to <a href="mailto:postmaster_at_davislangdon.com">postmaster_at_davislangdon.com</a><hr></font>> > > _____________________________________________________________________> This e-mail has been scanned for viruses by Verizon Business Internet Managed Scanning Services - powered by MessageLabs. For further information visit http://www.mci.com> > ---------------------------------------------------------------------> To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org> For additional commands, e-mail: users-help_at_subversion.tigris.org>
|
This is an archived mail posted to the Subversion Users mailing list.
This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.