[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Re: ldap authentication in subversion

From: Irfan Sayed <irfu.sayed_at_gmail.com>
Date: Fri, 24 Apr 2009 21:21:46 +0530

Hi All,
it seems that some issues are resolved. here is the update.
now my httpd.conf file looks as
<Location "/svn">
        DAV svn
        SVNParentPath /usr/local/svn
        SVNListParentPath On
        SVNAutoversioning On
        AuthBasicProvider ldap
        AuthType Basic
        AuthzLDAPAuthoritative off
        AuthName "My "
        AuthLDAPURL
"ldap://exfo.com:389/DC=exfo.com?sAMAccountName?sub?(objectClass=*)"
        AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo.com"
        AuthLDAPBindPassword jaba_1234
        AuthzSVNAccessFile /etc/subversion/acl
 # require ldap-group CN=irfsay1,CN=Users,DC=exfo.com
        require valid-user
</location>

and now i am getting error like "password mismatch"
here are some error lines in log file.

[Fri Apr 24 21:14:34 2009] [notice] Apache/2.2.11 (Unix) DAV/2
SVN/1.5.4 configured -- resuming normal operations
[Fri Apr 24 21:14:49 2009] [warn] [client 10.192.3.58] [8432]
auth_ldap authenticate: user irfsay1 authentication failed; URI
/svn/projects [LDAP: ldap_simple_bind_s() failed][Invalid credentials]
[Fri Apr 24 21:14:49 2009] [error] [client 10.192.3.58] user irfsay1:
authentication failure for "/svn/projects": Password Mismatch
[Fri Apr 24 21:14:58 2009] [error] [client 10.192.3.58] File does not
exist: /var/www/html/favicon.ico
[root_at_svntest1 conf]#

but i am typing correct password
please please advice

Regards
irf

On 4/24/09, Johan Corveleyn <johan.corveleyn_at_uz.kuleuven.ac.be> wrote:
> Well, since you specified the AuthLDAPURL as
> "ldap://sppufls01.exfo.com:389/...", your Apache (or more specifically the
> mod_authnz_ldap module) will have to make connections to this url. This
> means that, yes, your LDAP server must be accessible from the Apache (SVN)
> server through port 389.
>
> To troubleshoot this, try executing a "telnet sppufls01.exfo.com 389" on the
> command line of your Apache (SVN) server. If the connection is refused, you
> know you've got a network problem to solve first (either make the LDAP
> server listen on that port, or check any firewalls that are in between the
> svn server and the LDAP server).
>
> Regards,
> Johan
>
> Van: Irfan Sayed [mailto:irfu.sayed_at_gmail.com]
> Verzonden: vrijdag 24 april 2009 17:17
> Aan: Johan Corveleyn; webpost_at_tigris.org; users_at_subversion.tigris.org
> Onderwerp: Re: Re: ldap authentication in subversion
>
> Hi All,
> Thanks for helping me.
> Here is the update
>
> first of all i dont have any directory as /usr/local/apache2. everything is
> present in /etc/httpd
>
> after doing some search for any latest patches for apache , yum utility
> installed apr-util-ldap module.
>
> after installation when i tried again to see whether it is working or not
> then it throws me an error like "internal server error"
>
> now in the error log i am getting some error like "unable to connect LDAP
> server"
>
> is it neccessary that port 389 should be opened ??
>
> I have attached error log . please have a look
> please please advice
>
> Regards
> Irf
> On Fri, Apr 24, 2009 at 6:38 PM, Johan Corveleyn
> <johan.corveleyn_at_uz.kuleuven.ac.be<mailto:johan.corveleyn_at_uz.kuleuven.ac.be>>
> wrote:
> We had exactly the same problem (on Solaris 10 though): segfaults from the
> child processes of apache when it tries to authenticate via LDAP.
>
> The reason was that we had our Apache installed in a different location than
> the standard one (which is /usr/local/apache2). Could that be the case with
> your installation? Where does your Apache reside?
>
> After some truss'ing we found that it failed when trying to access
> /usr/local/apache2/lib/apr-util-1/apr_ldap.so, which obviously didn't exist
> in our case. So, although the Solaris package we used to install Apache
> supported specifying a custom installation directory, the installation was
> not exactly correct (some paths were hardcoded/compiled/linked/... to be in
> /usr/local/apache2).
>
> As a workaround we made a symlink from /usr/local/apache2/lib/apr-util-1 to
> <location of apach2 lib>/apr-util-1. That solved the problem.
>
> Regards,
> Johan
>
> -----Oorspronkelijk bericht-----
> Van: Carlos Beppler [mailto:beppler_at_gmail.com<mailto:beppler_at_gmail.com>]
> Verzonden: vrijdag 24 april 2009 14:55
> Aan: Irfan Sayed
> CC: webpost_at_tigris.org<mailto:webpost_at_tigris.org>;
> users_at_subversion.tigris.org<mailto:users_at_subversion.tigris.org>
> Onderwerp: Re: Re: ldap authentication in subversion
>
> It appears that your LDAP module is causing segmentation faults on the
> child process.
>
> I do not have experience with Fedora (we use Debian here).
>
> You are loading the mod_authnz_ldap. Are you loading the mod_ldap too?
> Look for this entries on your configuration files.
>
> LoadModule ldap_module /usr/lib/apache2/modules/mod_ldap.so
>
> LoadModule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so
>
>
> [Fri Apr 24 11:00:12 2009] [debug] mod_authnz_ldap.c(377): [client
> 10.192.2.195] [12733] auth_ldap authenticate: using URL
> ldap://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?(objectClass=*)<http://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?%28objectClass=*%29>
> [Fri Apr 24 11:00:13 2009] [notice] child pid 12733 exit signal
> Segmentation fault (11)
>
>
> On Fri, Apr 24, 2009 at 09:41, Irfan Sayed
> <irfu.sayed_at_gmail.com<mailto:irfu.sayed_at_gmail.com>> wrote:
>> Hi,
>>
>> Apache is running on Fedora 10 (Linux).
>> I have attached error.log for your reference.
>>
>> Please please advice/help
>>
>> Regards
>> Irf
>>
>>
>> On 4/24/09, Carlos Alberto Costa Beppler
>> <beppler_at_gmail.com<mailto:beppler_at_gmail.com>> wrote:
>>> If you are using Windows 2000 or later the port 389 is probably already
>>> open.
>>>
>>> Is this apache on Windows or Linux? Can you send the contents of the
>>> error log file from Apache?
>>>
>>> On Fri, Apr 24, 2009 at 09:10, Irfan Sayed
>>> <irfu.sayed_at_gmail.com<mailto:irfu.sayed_at_gmail.com>> wrote:
>>>> Sorry.
>>>> Here is the updated one.
>>>>
>>>> <Location "/svn">
>>>> DAV svn
>>>> SVNParentPath /usr/local/svn
>>>> SVNListParentPath On
>>>> SVNAutoversioning On
>>>> AuthBasicProvider ldap
>>>> AuthType Basic
>>>> AuthzLDAPAuthoritative off
>>>> AuthName "My "
>>>> AuthLDAPURL
>>>> "ldap://sppufls01.exfo.com:389/DC=exfo.com?sAMAccountName?sub?(objectClass=*)<http://sppufls01.exfo.com:389/DC=exfo.com?sAMAccountName?sub?%28objectClass=*%29>"
>>>> AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo.com<http://exfo.com>"
>>>> AuthLDAPBindPassword jaba_1234
>>>> AuthzSVNAccessFile /etc/subversion/acl
>>>> # require ldap-group
>>>> CN=irfsay1,CN=Users,DC=exfo.com<http://exfo.com>
>>>> require valid-user
>>>> </Location>
>>>>
>>>> Still it is not working. i think the problem is that 389 port might
>>>> not be opened on the windows domain controller. Is it neccessary that
>>>> it should be opened??
>>>>
>>>> Please advice
>>>> Regards
>>>> Irf
>>>>
>>>>
>>>>
>>>> On 4/24/09, webpost_at_tigris.org<mailto:webpost_at_tigris.org>
>>>> <webpost_at_tigris.org<mailto:webpost_at_tigris.org>> wrote:
>>>>> Apparently from what you write here, you have two AuthLDAPBindDN
>>>>> directives
>>>>> in your httpd.conf.
>>>>>
>>>>> ------------------------------------------------------
>>>>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1890469
>>>>>
>>>>> To unsubscribe from this discussion, e-mail:
>>>>> [users-unsubscribe_at_subversion.tigris.org<mailto:users-unsubscribe_at_subversion.tigris.org>].
>>>>>
>>>>
>>>> ------------------------------------------------------
>>>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891212
>>>>
>>>> To unsubscribe from this discussion, e-mail:
>>>> [users-unsubscribe_at_subversion.tigris.org<mailto:users-unsubscribe_at_subversion.tigris.org>].
>>>>
>>>
>>
>
> ------------------------------------------------------
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891762
>
> To unsubscribe from this discussion, e-mail:
> [users-unsubscribe_at_subversion.tigris.org<mailto:users-unsubscribe_at_subversion.tigris.org>].
>
>

------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1894325

To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-04-24 17:52:45 CEST

This is an archived mail posted to the Subversion Users mailing list.