You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Patricia A Moss <pm...@csc.com> on 2009/04/16 18:16:38 UTC
Subversion and LDAP URL
I see, from the documentation that you can specify more than one LDAP URL,
for apache to try; if you use the following syntax:
AuthLDAPUrl "ldap://ldap1.example.com ldap2.example.com/dc=..."
Does anyone know the syntax for this if the 2 urls are on different
domains?
PATI MOSS
System Engineer Sr. Professional
CSC
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1752114
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Subversion and LDAP URL
Posted by Patricia A Moss <pm...@csc.com>.
>The way Jeremy said is the only way to do this on Apache, bu tyou will
>have 2 separate urls for the repositories. one for each AuthLDAPUrl.
>Like this:
><Location /repos1>
> DAV svn
> SvnParentPath /var/subversion/repositories
> SvnListParentPath On
> AuthBasicProvider ldap
> AuthType Basic
> AuthName "Subversion Server"
> AuthLDAPURL
>"ldap://server.domain1.internal/DC=domain1,DC=internal?sAMAccountName?sub?(&(objectClass=user)(objectCatego>ry=person))"
> AuthLDAPBindDN "CN=subversion,CN=Users,DC=domain1,DC=internal"
> AuthLDAPBindPassword Password
> AuthzLDAPAuthoritative Off
> Require valid-user
></Location>
><Location /repos2>
> DAV svn
> SvnParentPath /var/subversion/repositories
> SvnListParentPath On
> AuthType Basic
> AuthName "Subversion Server"
> AuthLDAPURL
>"ldap://server.domain2.internal/DC=domain,DC=internal?sAMAccountName?sub?(&(objectClass=user)(objectCategor>y=person))"
> AuthLDAPBindDN "CN=subversion,CN=Users,DC=domain2,DC=internal"
> AuthLDAPBindPassword Password
> AuthzLDAPAuthoritative Off
> Require valid-user
></Location>
My issue is that the same repository will need access to both urls, for
user authorization. I tried having 2 locations with the same name and
that did not work. Having the above configuration looks like there are 2
different locations. Will the one repository be able to authenticate
against either url?
PATI MOSS
System Engineer Sr. Professional
CSC
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1825795
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Subversion and LDAP URL
Posted by RolandB <ro...@evodion.de>.
Could you please tell me how you solved the problem?
I have to do the same task.
Patricia A Moss wrote:
>
> Finally, I got it. Thank you both, for your help.
>
>
--
View this message in context: http://www.nabble.com/Subversion-and-LDAP-URL-tp23083686p24372461.html
Sent from the Subversion Users mailing list archive at Nabble.com.
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=2368800
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Subversion and LDAP URL
Posted by Patricia A Moss <pm...@csc.com>.
Finally, I got it. Thank you both, for your help.
PATI MOSS
System Engineer Sr. Professional
CSC
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1842254
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Subversion and LDAP URL
Posted by Carlos Beppler <be...@gmail.com>.
The way Jeremy said is the only way to do this on Apache, bu tyou will
have 2 separate urls for the repositories. one for each AuthLDAPUrl.
Like this:
<Location /repos1>
DAV svn
SvnParentPath /var/subversion/repositories
SvnListParentPath On
AuthBasicProvider ldap
AuthType Basic
AuthName "Subversion Server"
AuthLDAPURL "ldap://server.domain1.internal/DC=domain1,DC=internal?sAMAccountName?sub?(&(objectClass=user)(objectCategory=person))"
AuthLDAPBindDN "CN=subversion,CN=Users,DC=domain1,DC=internal"
AuthLDAPBindPassword Password
AuthzLDAPAuthoritative Off
Require valid-user
</Location>
<Location /repos2>
DAV svn
SvnParentPath /var/subversion/repositories
SvnListParentPath On
AuthType Basic
AuthName "Subversion Server"
AuthLDAPURL "ldap://server.domain2.internal/DC=domain,DC=internal?sAMAccountName?sub?(&(objectClass=user)(objectCategory=person))"
AuthLDAPBindDN "CN=subversion,CN=Users,DC=domain2,DC=internal"
AuthLDAPBindPassword Password
AuthzLDAPAuthoritative Off
Require valid-user
</Location>
On Mon, Apr 20, 2009 at 10:45, Patricia A Moss <pm...@csc.com> wrote:
>
>>The only thing I can think of would be two Location blocks but that
>>would require two different base urls for the same Subversion
>>repositories. I don't think you can do this in one Location block.
>
> I tried this and still no luck. Does anyone else have any ideas how to
> configure 2 AuthLDAPUrl, AuthLDAPBindDN and AuthLDAPBindPassword?
>
> PATI MOSS
> System Engineer Sr. Professional
> CSC
>
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1825212
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Subversion and LDAP URL
Posted by Patricia A Moss <pm...@csc.com>.
>The only thing I can think of would be two Location blocks but that
>would require two different base urls for the same Subversion
>repositories. I don't think you can do this in one Location block.
I tried this and still no luck. Does anyone else have any ideas how to
configure 2 AuthLDAPUrl, AuthLDAPBindDN and AuthLDAPBindPassword?
PATI MOSS
System Engineer Sr. Professional
CSC
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1825103
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Subversion and LDAP URL
Posted by Jeremy Whitlock <jc...@gmail.com>.
> I think that is the issue too. But how do I resolve that?
> For a short period of time I need to have 2 AuthLDAPURL's listed; and these
> have different AuthLDAPBindDN/AuthLDAPBindPassword. How do I configure this
> to work? Is it possible?
The only thing I can think of would be two Location blocks but that
would require two different base urls for the same Subversion
repositories. I don't think you can do this in one Location block.
--
Take care,
Jeremy Whitlock
http://www.thoughtspark.org
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1777321
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Subversion and LDAP URL
Posted by Patricia A Moss <pm...@csc.com>.
>Well, I don't think you can specify multiple
>AuthLDAPBindDN/AuthLDAPBindPassword pairs and have Apache loop through
>them for both servers. What is happening is the
>AuthLDAPBindDN/AuthLDAPBindPassword specified last is the one being
>used, which probably isn't what you want for users only in the first
>directory server entry. Check the Apache error logs to see if it's
>something else but I think this is the problem.
I think that is the issue too. But how do I resolve that?
For a short period of time I need to have 2 AuthLDAPURL's listed; and
these have different AuthLDAPBindDN/AuthLDAPBindPassword. How do I
configure this to work? Is it possible?
PATI MOSS
System Engineer Sr. Professional
CSC
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1768479
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Subversion and LDAP URL
Posted by Jeremy Whitlock <jc...@gmail.com>.
> I figured out that I didn't have the entire line enclosed in quotes. Now I
> have another question:
> There is a different AuthLDAPBindDN and AuthLDAPBindPassword for each
> AuthLDAPURL. What is the correct syntax for those? I have them on seperate
> lines, but my accounts are still not authenticating.
Well, I don't think you can specify multiple
AuthLDAPBindDN/AuthLDAPBindPassword pairs and have Apache loop through
them for both servers. What is happening is the
AuthLDAPBindDN/AuthLDAPBindPassword specified last is the one being
used, which probably isn't what you want for users only in the first
directory server entry. Check the Apache error logs to see if it's
something else but I think this is the problem.
--
Take care,
Jeremy Whitlock
http://www.thoughtspark.org
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1768390
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Subversion and LDAP URL
Posted by Patricia A Moss <pm...@csc.com>.
> I see, from the documentation that you can specify more than one LDAP
URL,
> for apache to try; if you use the following syntax:
> AuthLDAPUrl "ldap://ldap1.example.com ldap2.example.com/dc=..."
>
> Does anyone know the syntax for this if the 2 urls are on different
domains?
The Apache docs just suggest to separate the urls by a space.
Doesn't seem to suggest that things are handled different if the
domains for the urls are different
I figured out that I didn't have the entire line enclosed in quotes. Now
I have another question:
There is a different AuthLDAPBindDN and AuthLDAPBindPassword for each
AuthLDAPURL. What is the correct syntax for those? I have them on
seperate lines, but my accounts are still not authenticating.
<Location /amertest>
dav svn
SVNPath /disk01/home/amertest
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthName "CSC Subversion Repository"
AuthLDAPBindDN FCGNET\accountname1
AuthLDAPBindPassword password1
#AuthLDAPURL ldap://servername
.com:3268/DC=fcg,DC=com?samAccountName?sub?(object
Category=person)
AuthLDAPBindDN "CN=accountname2,OU=CG Service
Accounts,OU=Cons,OU=Users,OU=Producti
on,DC=amer,DC=globalcsc,DC=net"
AuthLDAPBindPassword password2
AuthLDAPURL "ldap://servername1.com:3268/DC=fcg,DC=co ldap://servername2
.net:3268/DC=globalcsc,DC=net?samAccountName?sub?(objectCategory=person)"
Require valid-user
Options Indexes FollowSymLinks
order allow,deny
allow from all
# Allows group to have read access to the repository
<Limit GET PROPFIND OPTIONS REPORT>
Require ldap-group CN=PRJ Test Migration,OU=U.S.,OU=Groups,DC=fcg,DC=com
Require ldap-group CN=TEAM-G-Test Migration,OU=LS Projects,OU=All
Groups,OU=Con
s,OU=Users,OU=Production,DC=amer,DC=globalcsc,DC=net
</Limit>
# Allows group to have write access to the repository
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require ldap-group CN=PRJ Test Migration,OU=U.S.,OU=Groups,DC=fcg,DC=com
Require ldap-group CN=TEAM-G-Test Migration,OU=LS Projects,OU=All
Groups,OU=Con
s,OU=Users,OU=Production,DC=amer,DC=globalcsc,DC=net
</LimitExcept>
</Location>
PATI MOSS
System Engineer Sr. Professional
CSC
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1765638
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Subversion and LDAP URL
Posted by Jeremy Whitlock <jc...@gmail.com>.
> I see, from the documentation that you can specify more than one LDAP URL,
> for apache to try; if you use the following syntax:
> AuthLDAPUrl "ldap://ldap1.example.com ldap2.example.com/dc=..."
>
> Does anyone know the syntax for this if the 2 urls are on different domains?
The Apache docs just suggest to separate the urls by a space.
Doesn't seem to suggest that things are handled different if the
domains for the urls are different.
--
Take care,
Jeremy Whitlock
http://www.thoughtspark.org
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1753749
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].