[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Path-based authorization buggy when using SASL-LDAP

From: Markus Karg <karg_at_quipsy.de>
Date: Sat, 24 Nov 2012 00:12:08 +0100

I wonder why this should produce this effect? I mean, why is it working with 99% of all paths, but not with some others?

BTW, it seems 1.6.12 does not know an options named force-username-case.

 

Thanks

-Markus

 

From: Jan Keirse [mailto:jan.keirse_at_tvh.com]
Sent: Freitag, 23. November 2012 17:46
To: Markus Karg
Cc: users_at_subversion.apache.org
Subject: Re: Path-based authorization buggy when using SASL-LDAP

 

 

Just a wild guess: does your username (in AD or as you entered it in the svn client) have the same case as the authz file? Windows doesn't care but the authz file does.

My apache configuration has this setting to accomodate for this:

  AuthzForceUsernameCase lower

I _think_ svnserve can do the same thing with

force-username-case = lower





Kind Regards,

JAN KEIRSE
CORPORATE SERVICES • Specialist Software Developer
T +32 56 43 42 45 • F +32 56 43 44 46 • jan.keirse_at_tvh.com <mailto:jan.keirse_at_tvh.com>

TVH GROUP NV
Brabantstraat 15 • BE-8790 WAREGEM
T +32 56 43 42 11 • F +32 56 43 44 88 • www.tvh.com <http://www.tvh.com>





On Fri, Nov 23, 2012 at 4:50 PM, Markus Karg <karg_at_quipsy.de> wrote:

Hello Subversion Community,

 

do you know any relationship between LDAP and paths in svn?

 

I am running svnserve 1.6.12 on Debian 6.0.6 „squeeze“ and it works really well, but now I wanted to switch from plain passwd file to SASL-LDAP (ActiveDirectory) based authentication and trapped into a really, really weird problem: On *some* paths and files in my repo I cannot write anymore („Access Denied“), while I still can read them and write all others!

 

This is strange since:

- It happens only with *some* paths and files and I do not see any common pattern!

- I have *not* set up any special treatment oft that paths or files in my authzfile!

- All aliases are in one group that has *„rw“* access declared in the authzfile, and there is *no* separated „r-only“ rule declared on *any* path or file for this group!

- It works *perfectly* with use-sasl=false, i. e. with plain passwd file – the problem *only* occurs when I do use-sasl=true!

 

It is totally weird, as I do neither see any relationship between that paths and my authzfile configuration, nor do I see any relationship between LDAP and that paths!

 

For me it simply looks like a bug in svnserve 1.6.12! L

 

It would be great if anybody could tell me some ideas what I can do, as I want to switch from plain passwd file to SASL-LDAP ASAP. J

 

Thanks!

-Markus

 

Received on 2012-11-24 00:12:52 CET

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.