[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnserve LDAP support

From: John Beranek <john_at_redux.org.uk>
Date: Thu, 09 Jul 2009 16:06:50 +0100

[Sorry to reopen an old(ish) thread...]

Johan Corveleyn wrote:
>> -----Oorspronkelijk bericht-----
>> Van: 'Stefan Sperling' [mailto:stsp_at_elego.de]
>> Verzonden: donderdag 25 juni 2009 15:11
>> On Thu, Jun 25, 2009 at 01:54:10PM +0200, Johan Corveleyn wrote:
> [snip]
>>> I must say that I was quite disappointed, when searching the
>>> mailinglist archives, to see that a patch to get LDAP support
>> directly
>>> into svnserve (without SASL) was rejected:
>>> http://svn.haxx.se/dev/archive-2008-02/0081.shtml
>>>
>>> I can understand the dev's arguments about increased maintenance
>> cost
>>> etc., but this is just such an important feature. Maybe nobody at
>> the
>>> time realized that svn+SASL+LDAP just doesn't work ...
>> Note that Eric is not active anymore these days (he could still
>> veto the change but I guess he won't care much...)
>>
>> But I see the following (different set of) problems with it,
>> in order of importance:
>>
>> - It introduces a dependency on the ldap library even though this
>> should (in theory) already be supported by SASL.
>
> Granted, adding yet another library dependency might be annoying.

I can see how this is difficult/unwelcome - I have an alternative
suggestion though. Would the developers be open to a new 'basic'
pluggable authentication layer, where when an authentication is
required, the username/password the user provides is passed _in the
clear_ to a configured authentication script - probably on STDIN, for
security?

>> There's a better short-term solution, see patch at the end of
>> this mail.

I've taken your patch and applied it to a local build of
Subversion...however, I can't find documentation on the web on how to
configure Cyrus SASL to connect to a (Microsoft AD) LDAP server. Can
anyone provide an example configuration, or point me at the relevant
documentation by any chance?

Alternatively I'll find a more appropriate place (SASL lists perhaps) to
ask.

Cheers,

John. 

-- 
John Beranek                         To generalise is to be an idiot.
http://redux.org.uk/                                 -- William Blake
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2369418
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].

Received on 2009-07-09 17:08:03 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.