[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Antwort: Subversion 1.5.5 LDAP Authentication

From: Mehrdad Sadri <mehrdad.sadri_at_mscsoftware.com>
Date: Thu, 29 Jan 2009 11:53:07 -0800

Hi Robin,

This method is using SSPI, and I set it up the way you asked me to. I put in all the directives in the httpd.conf and I am able to log-in and see the repositories in svn. However, I am not sure if is doing any authentication at all. I commented out the line
" # AuthzSVNAccessFile "C:/Apache2.2/conf/svn-authz.conf"" and I am still AVABLE to login. For that matter I think anyone can login. Seems like there is no authorization required even though I have " Require valid-user"?????

Secondly, I am not so much interested in getting the SSPI method to work. I am interested in getting
The following method to work with SSL; see below.

<Location /svn/>
  DAV svn
  SVNListParentPath on
  SVNParentPath D:/svnrepos/
  AuthName "Subversion Repository"
  AuthBasicProvider ldap
  AuthType Basic
  AuthzLDAPAuthoritative off
 AuthLDAPURL "ldap://ldapserver.orbit.com:3268/DC=orbit,DC=com?sAMAccountName?sub?(objectClass=*)" NONE
        AuthLDAPBindDN "CN=Users,dc=orbit,dc=com"
        AuthLDAPBindPassword ldapasswd
        require valid-user


Also, in the attached files you send me you have method described and but in your email you have another.
Which is a preferred method? Which method works?
I have searched all over the documentation for Apache, still not able to get the LDAP work properly.

Any help would be greatly appreciated.

Thanks in advance!

Mehrdad Sadri
MSC.Software Corp.

>-----Original Message-----
>From: Robin.Gueldenpfennig_at_enercon.de [mailto:Robin.Gueldenpfennig_at_enercon.de]
>Sent: Tuesday, January 27, 2009 11:51 PM
>To: Mehrdad Sadri
>Cc: users_at_subversion.tigris.org
>Subject: Antwort: Subversion 1.5.5 LDAP Authentication
>Please exclude httpd-ssl.conf and put this into your httpd.conf:
>Listen 443
><Location /SVN_ROOT>
> DAV svn
> SVNParentPath D:\svnrepos\
> SVNListParentPath on
> SSLRequireSSL
> AuthName "Subversion Repositories"
>##Authentication via ENERCON Windows Domain
> AuthType SSPI
> SSPIAuth On
> SSPIAuthoritative On
> SSPIDomain orbit
> SSPIOmitDomain on
> SSPIUsernameCase lower
> SSPIPerRequestAuth off
> SSPIOfferBasic On
>##Authorization file which handles access rights
> AuthzSVNAccessFile conf/svnaccessfile.conf ## in this file you can insert the
>Windows Domain user names and their rights for the repositories
> Require valid-user
>##SSL Authentication module
><IfModule ssl_module>
> SSLMutex default
> SSLRandomSeed startup builtin
> SSLSessionCache none
>##The following creates an SSL server which speaks only the SSLv3 protocol and
>its ciphers
> SSLProtocol -all +SSLv3
> SSLCipherSuite SSLv3:+HIGH:+MEDIUM:+LOW:+EXP </IfModule>
>CustomLog logs/ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\"
>CustomLog logs/svn_logfile.log "%t %u %U %{SVN-ACTION}e" env=SVN-ACTION
><VirtualHost *:443>
> SSLEngine On
> SSLCertificateFile conf/ssl/sslcert.crt
> SSLCertificateKeyFile conf/ssl/sslkey.key </VirtualHost>
>If this works you can modify it for matching your needs...
>Mit freundlichen Grüßen
>Robin Güldenpfennig
>Robin Güldenpfennig
>Service IT / SCADA Department
>ENERCON Service Center
>Dornumer Straße 20
>26607 Aurich / Germany
>Diese E-Mail und mögliche Anhänge enthalten vertrauliche Informationen, die
>rechtlich besonders geschützt sein können. Wenn Sie nicht der beabsichtigte
>Empfänger bzw. Adressat dieser E-mail sind und diese E-Mail etwa aufgrund eines
>technischen Fehlers oder eines Versehens erhalten haben, informieren Sie uns
>bitte sofort und löschen Sie anschließend die E-Mail. Das unbefugte Kopieren
>dieser E-Mail, etwaiger Anhänge sowie die unbefugte Weitergabe der enthaltenen
>Informationen an Dritte ist nicht gestattet.
>This e-mail message together with its attachments, if any, is confidential and
>may contain information subject to legal privilege (e.g.
>attorney-client-privilege). If you are not the intended recipient or have
>received this e-mail in error, please inform us immediately and delete this
>message. Any unauthorised copying of this message (and attachments) or
>unauthorised distribution of the information contained herein is prohibited.
> Mehrdad Sadri
> <mehrdad.sadri_at_ms
> csoftware.com> An
> users_at_subversion.tigris.org
> 27.01.2009 22:50 Kopie
> Thema
> Subversion 1.5.5 LDAP
> Authentication
>I have Installed Subversion 1.5.5 and Apache 2.2.11 with OpenSSL. I am able to
>login and access Subversion repositories fine.
>However, I like to change my authentication method now and used our Windows
>2003 AD (LDAP) for authentication.
>I have spend several days and googled it, but still not able to get it to work.
>I have tried it with SSL and without, but no luck.
>Attached is my httpd.conf and httpd-ssl.conf.
>I would appreciate any help.
>Mehrdad Sadri , Process Consulting -Support, Tel: (714)445-3136, Fax:
>(714)784-4420, Mobile: (949)306-7575
>MSC Software Corporation , 2 MacArthur Place, Santa Ana, CA 92707
> (See attached file: httpd.conf)(See attached file: httpd-ssl.conf)


To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].

Received on 2009-01-29 20:56:41 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.