Hmmm ... didn't hear back any responses on this. Is there anyone out
there with experience running SVN on Apache that might have some idea
what's happening here? I'm really rather stumped!
I can't understand why this Apache configuration performs the
authorization perfectly when the client is a web browser, but fails when
the client is SVN.
* What exactly is SVN doing with WebDAV that is making this fail?
* What is an HTTP REPORT request, and why might that be failing here?
HTTP GET is obviously working perfectly here, since I was able to test
this successfully when connecting with a browser. So what's different
about HTTP REPORT?
Can anyone shed some light here?
Thanks,
DR
On 11/17/2009 05:24 PM, David Rosenstrauch wrote:
> I've recently set up SVN on Apache WebDAV, using SSL, along with LDAP
> authentication. All's been working like a charm.
>
> However, for various reasons out of my control it's been decided that we
> need to use an alternate port for SSL (81), and that in addition SVN
> should not be accessible over the standard https port of 443.
>
> The 2 SSL ports are set up on the server using a virtual host directive
> (<VirtualHost _default_:443 _default_:81>). And I thought I'd found the
> correct way to do the restriction by port number, by using Apache's
> SSLRequire directive. But when I enable that directive, SVN starts
> throwing errors like:
>
> svn: REPORT request failed on '/svn/ourrepo/!svn/vcc/default'
> svn: Not authorized to open root of edit operation
>
> It seems that the SSLRequire directive is somehow blocking the SVN
> client from connecting using HTTP REPORT. But I'm quite puzzled as to
> why that should be the case. (Particularly because when I query the
> repository on both SSL ports from a web browser all works as expected.)
>
> Although googling turned up a number of pages referring to the same
> error message, I didn't see any concrete solution. Anyone have any
> wisdom/workarounds on this problem? Our Apache subversion.conf is
> attached below.
>
> Thanks,
>
> DR
>
> --
>
> LoadModule dav_svn_module modules/mod_dav_svn.so
> LoadModule authz_svn_module modules/mod_authz_svn.so
>
> LDAPSharedCacheSize 200000
> LDAPCacheEntries 1024
> LDAPCacheTTL 600
> LDAPOpCacheEntries 1024
> LDAPOpCacheTTL 600
>
> <Location /svn>
> DAV svn
> SVNParentPath /var/svn
>
> # Require SSL connection for SVN access
> SSLRequireSSL
> # Require SSL over non-obvious port 81 for SVN access
> # SSLRequire %{SERVER_PORT} == 81
> # SSLRequire %{SERVER_PORT} eq "81"
>
> AuthType Basic
> AuthBasicProvider ldap
> AuthName "Subversion"
> AuthLDAPURL
> ldaps://ldap.ourdomain.com/ou=users,dc=ourdomain,dc=com?uid?one
> AuthLDAPBindDN uid=subversion,ou=system,dc=ourdomain,dc=com
> AuthLDAPBindPassword <one of our system ldap passwords>
> AuthzLDAPAuthoritative off
> Require valid-user
> Require ldap-attribute employeeType=active
> </Location>
>
> ------------------------------------------------------
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2419181
>
> To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2420106
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-11-19 17:53:36 CET