svnserve: could not find auxprop plugin, was searching for 'ldap' (1.8.1, linux, from source)

From: Klaus Thorn <Klaus.Thorn_at_noumenastudios.com>
Date: Wed, 14 Aug 2013 10:21:26 +0000

The error:

svnserve: could not find auxprop plugin, was searching for 'ldap'

is appearing in /var/log/auth.log
whenever I try to log in. It always fails.

Test setup: I am opening Tortoise-SVN repo-browser on a Windows client machine
with a svn:// URL pointing to my new subversion server and try to log in.
The login does not work, the login dialog gets displayed again.

Instead I expect svnserve to use the ldap lib and saslauthd
to auth against our local Windows domain's Active Directory.

Which perfectly works on my older subversion server running Ubuntu 11.04 with ubuntu's binary SVN packages.

How do I get that to work on the new server, too?

__Why does it not work on the ("new") Ubuntu 12.04 server with Subversion 1.8.1 built from source?

I think I ruled out a lot of usual suspects:

- Saslauthd is not a suspect, because by using testsaslauthd on the same 12.04 server, I AM able to auth against our Active Directory. Also, The error (above) says "svnserve..." not "sasl...".

- All the configuration files are identical to my working installation on my old Ubuntu 11.04 server, so I have no reason to doubt them.

Currently, in my view, only the svnserve binary is left as the main suspect.
But other opinions are welcome (but not: "use apache instead of svnserve" :-).

On that "svnserve is the problem" road I found my only current hint to a cause:

The working svnserve on the ("old") 11.04 server has the following linking (as seen with ldd):

libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2

I guess that I did not manage to get that linking included in my source build.
(and by the way: Ubuntu 12.04 did not, either,
because the svnserve binary of Ubuntu 12.04 is missing this linking, too, and does not work for me.)

__Details (on the not working setup):

Subversion 1.8.1 is built from source, on Ubuntu 12.04 64bit, with sqlite amalgamation.

uname -a @12.04 server:
Linux zeus 3.2.0-34-generic #53-Ubuntu SMP Thu Nov 15 10:48:16 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux

Ubuntu Packages installed with "ldap" in their name:

Installed: ldap-utils 2.4.28-1.1ubuntu4.3
Installed: libaprutil1-ldap 1.3.12+dfsg-3
Installed: libldap-2.4-2 2.4.28-1.1ubuntu4.3
Installed: libldap2-dev 2.4.28-1.1ubuntu4.3
Installed: libsasl2-modules-ldap 2.1.25.dfsg1-3ubuntu0.1

Config files (as I said, I have no reason to doubt them):

/etc/sasl2/svn.conf
pwcheck_method: saslauthd
log_level: 5
auxprop_plugin: ldap
allow_plaintext: true
mech_list: PLAIN
ldapdb_mech: PLAIN

.../conf/svnserve.conf
[general]
anon-access = none
auth-access = write
authz-db = permissions
realm = noumena.de
[sasl]
use-sasl = true
min-encryption = 0
max-encryption = 0

/etc/default/saslauthd
START=yes
MECHANISMS="ldap"
MECH_OPTIONS=""
OPTIONS="-c -m /var/run/saslauthd"

/etc/saslauthd.conf
ldap_servers: ldap://**SERVERNAME**.noumena.de
ldap_default_domain: noumena.de
ldap_search_base: DC=noumena,DC=de
ldap_bind_dn: CN=**username**,CN=Users,DC=noumena,DC=de
ldap_bind_pw: **PW**
ldap_password: **PW**
ldap_mech: PLAIN
ldap_deref: never
ldap_restart: yes
ldap_scope: sub
ldap_use_sasl: no
ldap_start_tls: no
ldap_version: 3
ldap_auth_method: bind
ldap_filter: sAMAccountName=%U
ldap_password_attr: userPassword
ldap_timeout: 10
ldap_cache_ttl: 30
ldap_cache_mem: 32768

__Details on the working ("old") setup:

Although I do not want to make this an Ubuntu discussion,
(because I already tried and failed to get support from the Ubuntu community
and because building from source gives me access to SVN 1.8; in contrast to 1.6!
) I nevertheless include more details just in case they might somehow help:

uname -a @11.04 server: (the old working setup)
Linux rogue 2.6.38-8-server #42-Ubuntu SMP Mon Apr 11 03:49:04 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux

SVN 1.6.12dfsg-4ubuntu2.1

Config: as above with the not working setup.

There are a lot more libraries that are linked into svnserve
of Ubuntu 11.04 (binary package SVN 1.6.12dfsg-4ubuntu2.1)
but not into 12.04 (binary package SVN 1.6.17dfsg-3ubuntu3):

libldap_r-2.4.so.2 => /usr/lib/libldap_r-2.4.so.2 (0x00007f22fb596000)
liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0x00007f22fb387000)
libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007f22f9ed7000)
libgssapi_krb5.so.2 => /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2 (0x00007f22f9ca2000)
libgnutls.so.26 => /usr/lib/x86_64-linux-gnu/libgnutls.so.26 (0x00007f22f9a00000)
libgcrypt.so.11 => /lib/x86_64-linux-gnu/libgcrypt.so.11 (0x00007f22f9786000)
libkrb5.so.3 => /usr/lib/x86_64-linux-gnu/libkrb5.so.3 (0x00007f22f94c1000)
libk5crypto.so.3 => /usr/lib/x86_64-linux-gnu/libk5crypto.so.3 (0x00007f22f929a000)
libcom_err.so.2 => /lib/x86_64-linux-gnu/libcom_err.so.2 (0x00007f22f9096000)
libkrb5support.so.0 => /usr/lib/x86_64-linux-gnu/libkrb5support.so.0 (0x00007f22f8e8d000)
libkeyutils.so.1 => /lib/x86_64-linux-gnu/libkeyutils.so.1 (0x00007f22f8c8a000)
libtasn1.so.3 => /usr/lib/x86_64-linux-gnu/libtasn1.so.3 (0x00007f22f8a79000)
libgpg-error.so.0 => /lib/x86_64-linux-gnu/libgpg-error.so.0 (0x00007f22f8874000)
librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f8f32ea6000)

I DO have installed all those library packages on both systems.

thanks in advance,

-- 
::::::::::::::::::::
Klaus Thorn
IT Administrator
klaus.thorn_at_noumenastudios.com
::::::::::::::::::::
Noumena Studios GmbH
part of kalypso media group
Lützowstraße 33
10785 Berlin
Germany
http://www.noumenastudios.com
http://www.kalypsomedia.com
CEO/Geschäftsführer:
Stefan Marcinek
Commercial register of the local court / Registergericht:
HRB 129507 B
VAT identification number / Ust-Id.Nr.:
DE274058087
::::::::::::::::::::
This e-mail is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. Noumena Studios is unable to control the content transmitted via the Internet. Noumena Studios hereby excludes any written or implied warranty as to the accuracy of any information contained in this message and any liability of any kind for the information contained, therein, or for its transmission, reception, storage or usage in any way

Received on 2013-08-14 12:22:26 CEST

This message: [ Message body ]
Next message: Mat Booth: "(no subject)"
Previous message: Piontek Mark: "svn status --show-updates does not mark file externals with '*' when there is a new revision available on the server"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]