[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

apache2, subversion, active directory, LDAPs authentication failures

From: Scott Lundgren <selundgr_at_uncc.edu>
Date: Wed, 26 May 2010 10:55:04 -0400

I have encountered a problem for which I've been unable to find a solution.

Using RHEL 5.4 my configuration (slightly obscured for security) below
appears to be working in that requesting the defined location triggers an
auth prompt. However when using a correct username & password authentication
always fails and the auth prompt never goes away until the user presses
cancel.

When authentication is turned off DAV/SVN operations work as expected.

What could be wrong?

subversion.conf:

LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

# Enable Subversion logging
CustomLog logs/svn_logfile "%t %u %{SVN-ACTION}e" env=SVN-ACTION

<Location /smc>
   DAV svn
   SVNPath /var/www/svn/smc
   AuthzSVNAccessFile /var/www/svn/smc/conf/svn_access.conf
   AuthBasicProvider ldap
   # LDAP Authentication & Authorization is final; do not check other
databases
   AuthzLDAPAuthoritative on
   AuthType Basic
   AuthName "Service Management Center"
   AuthLDAPBindDN
CN=proxyuser,OU=people,OU=organization,DC=its,DC=university,DC=edu
   AuthLDAPBindPassword password
   AuthLDAPURL
ldaps://its.university.edu:636/OU=people,OU=organization,DC=its,DC=universit
y,DC=edu?sAMAccountName?sub?(objectClass=*)
   Require valid-user
</Location>

error.log:

[Tue May 25 16:03:56 2010] [info] Init: Initializing (virtual) servers for
SSL
[Tue May 25 16:03:56 2010] [info] Configuring server for SSL protocol
[Tue May 25 16:03:56 2010] [info] RSA server certificate enables Server
Gated Cryptography (SGC)
[Tue May 25 16:03:56 2010] [warn] RSA server certificate CommonName (CN)
`*.uncc.edu' does NOT match server name!?
[Tue May 25 16:03:56 2010] [info] Server: Apache/2.2.3, Interface:
mod_ssl/2.2.3, Library: OpenSSL/0.9.8e-fips-rhel5
[Tue May 25 16:03:56 2010] [notice] Apache configured -- resuming normal
operations
[Tue May 25 16:03:56 2010] [info] Server built: Nov 10 2009 09:06:57
[Tue May 25 16:03:56 2010] [debug] prefork.c(991): AcceptMutex: sysvsem
(default: sysvsem)
[Tue May 25 16:04:05 2010] [error] [client 152.15.*.*] user selundgr:
authentication failure for "/smc": Password Mismatch
[Tue May 25 16:04:40 2010] [error] [client 152.15.*.*] File does not exist:
/var/www/html/favicon.ico
[Tue May 25 17:46:18 2010] [error] [client 152.15.*.*] user proxyuser:
authentication failure for "/smc": Password Mismatch
[Tue May 25 17:45:54 2010] [error] [client 152.15.*.*] user selundgr:
authentication failure for "/smc": Password Mismatch

------------------------------------------------------------------------
Scott Lundgren | UNIX Hosting & Open Source Lead
UNC Charlotte | Information Technology Services
9201 University City Blvd. | Charlotte, NC 28223
selundgr@uncc.edu | http://www.uncc.edu
-----------------------------------------------------------------------
If you are not the intended recipient of this transmission or a person
responsible for delivering it to the intended recipient, any disclosure,
copying, distribution, or other use of any of the information in this
transmission is strictly prohibited. If you have received this transmission
in error, please notify me immediately by reply email or by telephone at
704-687-7490. Thank you.
Received on 2010-05-26 16:56:38 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.