You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Wlllem Dalen <wi...@gmail.com> on 2016/11/28 11:58:50 UTC
Subversion integrate LDAP
Hi,
Everything i tried and in tried, but it won’t work.
<Location /svn>
ErrorDocument 404 default
DAV svn
SVNParentPath /data/svn
SVNListParentPath off
AuthType Basic
AuthBasicProvider ldap
# file
AuthName "SVN"
AuthzSVNAccessFile /etc/httpd/conf/dav_svn.acl
#ldap
AuthLDAPURL "ldap://ldap-server:389/DC=dep,DC=com?sAMAccountName?
sub?(&(objectClass=*)(memberOf=CN=SVN,OU=User
Groups,OU=Accounts,DC=dep,DC=com))"
NONE
AuthLDAPBindDN "binddn of the service account"
AuthLDAPBindPassword "password of the service account to search"
#Require ldap-group CN=SVN,OU=ASDS,OU=User
Groups,OU=Accounts,DC=dep,DC=com
Require valid-user
</Location>
ssl-access_log:
- - [28/Nov/2016:12:40:59 +0100] "GET /svn/se/ HTTP/1.1" 401 381
- [28/Nov/2016:12:41:12 +0100] "GET /svn/se/ HTTP/1.1" 403 209
[28/Nov/2016:12:41:12 +0100] "GET /favicon.ico HTTP/1.1" 404 209
ssl_error_log:
Mon Nov 28 12:41:12.226892 2016] [authz_svn:error] [pid 29816] [client]
Access denied: 'user' GET se:/
ssl_request_log:
[28/Nov/2016:12:40:59 +0100] TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET
/svn/se/ HTTP/1.1" 381
[28/Nov/2016:12:41:12 +0100] TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET
/svn/se/ HTTP/1.1" 209
[28/Nov/2016:12:41:12 +0100] TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET
/favicon.ico HTTP/1.1" 209
It seems that is an authorization error. When i remove
*AuthzSVNAccessFile /etc/httpd/conf/dav_svn.acl*
then i have access to the repo, and that's not okay.
Is there anyone who can help me?
The system : RedHat 7, SVN:1.7, Apache:2.4
regards
Re: Subversion integrate LDAP
Posted by Pavel Lyalyakin <pa...@visualsvn.com>.
Hello Wlllem,
On Mon, Nov 28, 2016 at 2:58 PM, Wlllem Dalen <wi...@gmail.com> wrote:
>
> ssl-access_log:
>
> - - [28/Nov/2016:12:40:59 +0100] "GET /svn/se/ HTTP/1.1" 401 381
> - [28/Nov/2016:12:41:12 +0100] "GET /svn/se/ HTTP/1.1" 403 209
> [28/Nov/2016:12:41:12 +0100] "GET /favicon.ico HTTP/1.1" 404 209
>
>
> ssl_error_log:
>
> Mon Nov 28 12:41:12.226892 2016] [authz_svn:error] [pid 29816] [client] Access denied: 'user' GET se:/
Why do you name these logs "ssl_*"? As these are SVN server logs, I
guess that its a typo and you intended to name them as "svn_*".
> It seems that is an authorization error. When i remove
> AuthzSVNAccessFile /etc/httpd/conf/dav_svn.acl
>
> then i have access to the repo, and that's not okay.
As you see, the logged event is "Access denied: 'user' GET se:/". This
event means that the user account authenticates successfully. But this
account lacks permissions to "se" repository. To fix this, you should
look through the authz file "/etc/httpd/conf/dav_svn.acl" and
double-check the access rules it contains.
Read SVNBook | Path-Based Authorization[1] section for the
instructions on how to setup the access rules.
[1]: http://svnbook.red-bean.com/en/1.8/svn.serverconfig.pathbasedauthz.html
--
With best regards,
Pavel Lyalyakin
VisualSVN Team
Re: Subversion integrate LDAP
Posted by Branko Čibej <br...@apache.org>.
On 28.11.2016 12:58, Wlllem Dalen wrote:
> It seems that is an authorization error. When i remove
> *AuthzSVNAccessFile /etc/httpd/conf/dav_svn.acl*
If that's the case, then this has nothing to do with LDAP \u2014 that's used
of authentication, not authorization.
The most likely reason is that the contents if your dav_svn.acl file are
wrong, either there's a syntax error or the access rules do actually
deny access to the repository.
-- Brane