RE: How to authenticate Subversion with SASL2 + LDAP
From: Johan Corveleyn <johan.corveleyn_at_uz.kuleuven.ac.be>
Date: Mon, 15 Jun 2009 17:36:06 +0200
> -----Oorspronkelijk bericht-----
SASL documentation is indeed very poor, and certainly when you're trying to focus on use of LDAP with svnserve. You have to learn all about the different password exchange mechanisms (plain, md5-digest, cram-digest, ...) figuring out all about saslauthd and other stuff, while all you want to know is: where do I configure the LDAP server, bind dn and bind password and stuff like that (like with Apache + LDAP).
Short answer: it's not possible, unless you apply a specific patch and build svn server from source. See e.g. http://svn.haxx.se/dev/archive-2008-01/0719.shtml. I haven't tried it myself though (can't compile from source).
The reason why it's not possible, despite what the documentation of SVN says? Read the "Known Issues" in http://svn.collab.net/repos/svn/trunk/notes/sasl.txt:
This was one of my major frustrations when trying to get SVN up and running for the first time. We wanted to go for svnserve to get the last drop of performance out of it (and seemingly simple to set up). I lost days and days looking for a solution, why it wouldn't work despite following carefully the SASL instructions, ... until I found that "known issue" in the sasl.txt file. In the end we switched to Apache just for this (I have not regretted it, but just the time I lost with that ... I would have liked to have known this beforehand).
The SVN devs could do current and future SVN users, administrators, ... a big service by clearly documenting this! Please put this in big bold letters in the book: svnserve + SASL + LDAP is not supported. Don't let people work on this assumption until they find the small print in that sasl.txt file. Please don't act in the book like all the SASL mechanisms are supported, because they clearly are not.
And if it ever would be supported: please provide a simple example in the book for getting this up and running.
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
This is an archived mail posted to the Subversion Users mailing list.