Another tip. If you are only using user accounts. Your AuthLDAPURL can
be rewritten to this:
AuthLDAPURL "ldap://exfo.com:389/DC=exfo.com?sAMAccountName?sub?(&(objectClass=user)(objectCategory=person))"
On Fri, Apr 24, 2009 at 12:51, Irfan Sayed <irfu.sayed_at_gmail.com> wrote:
> Hi All,
> it seems that some issues are resolved. here is the update.
> now my httpd.conf file looks as
> <Location "/svn">
> DAV svn
> SVNParentPath /usr/local/svn
> SVNListParentPath On
> SVNAutoversioning On
> AuthBasicProvider ldap
> AuthType Basic
> AuthzLDAPAuthoritative off
> AuthName "My "
> AuthLDAPURL
> "ldap://exfo.com:389/DC=exfo.com?sAMAccountName?sub?(objectClass=*)"
> AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo.com"
> AuthLDAPBindPassword jaba_1234
> AuthzSVNAccessFile /etc/subversion/acl
> # require ldap-group CN=irfsay1,CN=Users,DC=exfo.com
> require valid-user
> </location>
>
> and now i am getting error like "password mismatch"
> here are some error lines in log file.
>
> [Fri Apr 24 21:14:34 2009] [notice] Apache/2.2.11 (Unix) DAV/2
> SVN/1.5.4 configured -- resuming normal operations
> [Fri Apr 24 21:14:49 2009] [warn] [client 10.192.3.58] [8432]
> auth_ldap authenticate: user irfsay1 authentication failed; URI
> /svn/projects [LDAP: ldap_simple_bind_s() failed][Invalid credentials]
> [Fri Apr 24 21:14:49 2009] [error] [client 10.192.3.58] user irfsay1:
> authentication failure for "/svn/projects": Password Mismatch
> [Fri Apr 24 21:14:58 2009] [error] [client 10.192.3.58] File does not
> exist: /var/www/html/favicon.ico
> [root_at_svntest1 conf]#
>
> but i am typing correct password
> please please advice
>
> Regards
> irf
>
> On 4/24/09, Johan Corveleyn <johan.corveleyn_at_uz.kuleuven.ac.be> wrote:
>> Well, since you specified the AuthLDAPURL as
>> "ldap://sppufls01.exfo.com:389/...", your Apache (or more specifically the
>> mod_authnz_ldap module) will have to make connections to this url. This
>> means that, yes, your LDAP server must be accessible from the Apache (SVN)
>> server through port 389.
>>
>> To troubleshoot this, try executing a "telnet sppufls01.exfo.com 389" on the
>> command line of your Apache (SVN) server. If the connection is refused, you
>> know you've got a network problem to solve first (either make the LDAP
>> server listen on that port, or check any firewalls that are in between the
>> svn server and the LDAP server).
>>
>> Regards,
>> Johan
>>
>> Van: Irfan Sayed [mailto:irfu.sayed_at_gmail.com]
>> Verzonden: vrijdag 24 april 2009 17:17
>> Aan: Johan Corveleyn; webpost_at_tigris.org; users_at_subversion.tigris.org
>> Onderwerp: Re: Re: ldap authentication in subversion
>>
>> Hi All,
>> Thanks for helping me.
>> Here is the update
>>
>> first of all i dont have any directory as /usr/local/apache2. everything is
>> present in /etc/httpd
>>
>> after doing some search for any latest patches for apache , yum utility
>> installed apr-util-ldap module.
>>
>> after installation when i tried again to see whether it is working or not
>> then it throws me an error like "internal server error"
>>
>> now in the error log i am getting some error like "unable to connect LDAP
>> server"
>>
>> is it neccessary that port 389 should be opened ??
>>
>> I have attached error log . please have a look
>> please please advice
>>
>> Regards
>> Irf
>> On Fri, Apr 24, 2009 at 6:38 PM, Johan Corveleyn
>> <johan.corveleyn_at_uz.kuleuven.ac.be<mailto:johan.corveleyn_at_uz.kuleuven.ac.be>>
>> wrote:
>> We had exactly the same problem (on Solaris 10 though): segfaults from the
>> child processes of apache when it tries to authenticate via LDAP.
>>
>> The reason was that we had our Apache installed in a different location than
>> the standard one (which is /usr/local/apache2). Could that be the case with
>> your installation? Where does your Apache reside?
>>
>> After some truss'ing we found that it failed when trying to access
>> /usr/local/apache2/lib/apr-util-1/apr_ldap.so, which obviously didn't exist
>> in our case. So, although the Solaris package we used to install Apache
>> supported specifying a custom installation directory, the installation was
>> not exactly correct (some paths were hardcoded/compiled/linked/... to be in
>> /usr/local/apache2).
>>
>> As a workaround we made a symlink from /usr/local/apache2/lib/apr-util-1 to
>> <location of apach2 lib>/apr-util-1. That solved the problem.
>>
>> Regards,
>> Johan
>>
>> -----Oorspronkelijk bericht-----
>> Van: Carlos Beppler [mailto:beppler_at_gmail.com<mailto:beppler_at_gmail.com>]
>> Verzonden: vrijdag 24 april 2009 14:55
>> Aan: Irfan Sayed
>> CC: webpost_at_tigris.org<mailto:webpost_at_tigris.org>;
>> users_at_subversion.tigris.org<mailto:users_at_subversion.tigris.org>
>> Onderwerp: Re: Re: ldap authentication in subversion
>>
>> It appears that your LDAP module is causing segmentation faults on the
>> child process.
>>
>> I do not have experience with Fedora (we use Debian here).
>>
>> You are loading the mod_authnz_ldap. Are you loading the mod_ldap too?
>> Look for this entries on your configuration files.
>>
>> LoadModule ldap_module /usr/lib/apache2/modules/mod_ldap.so
>>
>> LoadModule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so
>>
>>
>> [Fri Apr 24 11:00:12 2009] [debug] mod_authnz_ldap.c(377): [client
>> 10.192.2.195] [12733] auth_ldap authenticate: using URL
>> ldap://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?(objectClass=*)<http://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?%28objectClass=*%29>
>> [Fri Apr 24 11:00:13 2009] [notice] child pid 12733 exit signal
>> Segmentation fault (11)
>>
>>
>> On Fri, Apr 24, 2009 at 09:41, Irfan Sayed
>> <irfu.sayed_at_gmail.com<mailto:irfu.sayed_at_gmail.com>> wrote:
>>> Hi,
>>>
>>> Apache is running on Fedora 10 (Linux).
>>> I have attached error.log for your reference.
>>>
>>> Please please advice/help
>>>
>>> Regards
>>> Irf
>>>
>>>
>>> On 4/24/09, Carlos Alberto Costa Beppler
>>> <beppler_at_gmail.com<mailto:beppler_at_gmail.com>> wrote:
>>>> If you are using Windows 2000 or later the port 389 is probably already
>>>> open.
>>>>
>>>> Is this apache on Windows or Linux? Can you send the contents of the
>>>> error log file from Apache?
>>>>
>>>> On Fri, Apr 24, 2009 at 09:10, Irfan Sayed
>>>> <irfu.sayed_at_gmail.com<mailto:irfu.sayed_at_gmail.com>> wrote:
>>>>> Sorry.
>>>>> Here is the updated one.
>>>>>
>>>>> <Location "/svn">
>>>>> DAV svn
>>>>> SVNParentPath /usr/local/svn
>>>>> SVNListParentPath On
>>>>> SVNAutoversioning On
>>>>> AuthBasicProvider ldap
>>>>> AuthType Basic
>>>>> AuthzLDAPAuthoritative off
>>>>> AuthName "My "
>>>>> AuthLDAPURL
>>>>> "ldap://sppufls01.exfo.com:389/DC=exfo.com?sAMAccountName?sub?(objectClass=*)<http://sppufls01.exfo.com:389/DC=exfo.com?sAMAccountName?sub?%28objectClass=*%29>"
>>>>> AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo.com<http://exfo.com>"
>>>>> AuthLDAPBindPassword jaba_1234
>>>>> AuthzSVNAccessFile /etc/subversion/acl
>>>>> # require ldap-group
>>>>> CN=irfsay1,CN=Users,DC=exfo.com<http://exfo.com>
>>>>> require valid-user
>>>>> </Location>
>>>>>
>>>>> Still it is not working. i think the problem is that 389 port might
>>>>> not be opened on the windows domain controller. Is it neccessary that
>>>>> it should be opened??
>>>>>
>>>>> Please advice
>>>>> Regards
>>>>> Irf
>>>>>
>>>>>
>>>>>
>>>>> On 4/24/09, webpost_at_tigris.org<mailto:webpost_at_tigris.org>
>>>>> <webpost_at_tigris.org<mailto:webpost_at_tigris.org>> wrote:
>>>>>> Apparently from what you write here, you have two AuthLDAPBindDN
>>>>>> directives
>>>>>> in your httpd.conf.
>>>>>>
>>>>>> ------------------------------------------------------
>>>>>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1890469
>>>>>>
>>>>>> To unsubscribe from this discussion, e-mail:
>>>>>> [users-unsubscribe_at_subversion.tigris.org<mailto:users-unsubscribe_at_subversion.tigris.org>].
>>>>>>
>>>>>
>>>>> ------------------------------------------------------
>>>>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891212
>>>>>
>>>>> To unsubscribe from this discussion, e-mail:
>>>>> [users-unsubscribe_at_subversion.tigris.org<mailto:users-unsubscribe_at_subversion.tigris.org>].
>>>>>
>>>>
>>>
>>
>> ------------------------------------------------------
>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891762
>>
>> To unsubscribe from this discussion, e-mail:
>> [users-unsubscribe_at_subversion.tigris.org<mailto:users-unsubscribe_at_subversion.tigris.org>].
>>
>>
>
> ------------------------------------------------------
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1894325
>
> To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1894511
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-04-24 18:21:57 CEST