You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by Sean Russell <se...@gsk.com> on 2003/05/21 18:59:03 UTC
LDAP authentication, strange server behavior.
Hi y'all,
I'm observing some behavior that is giving me trouble; I think I have a
solution, but I'm curious about the possible causes of the problem, and think
that the issue may be of interest to SVN developers.
The problem, in a nutshell, is that I have a repository that won't allow
access to users authenticated with LDAP, but will allow authentication with
other mod_auth Apache modules. The curious thing about this situation is
that LDAP authentication /does/ work for (some) other repositories running in
the same server instance.
The repository giving me trouble is one that I've been lugging around for over
a year, and it has survived numerous DB upgrades. I didn't dump/load it for
the my most recent Subversion upgrade (0.21.0), because it didn't seem
necessary.
Attempts to use LDAP authentication against the "old" repository results in
client-side messages of:
svn ci -m "" build.xml
ser's password:
username: ser
ser's password:
svn: Authorization failed
svn: Commit failed (details follow):
svn: OPTIONS request failed on /svn/repos/rexml/branches/3.0
svn: OPTIONS of /svn/repos/rexml/branches/3.0: authorization failed
and server-side messages of:
user ser not found: /svn/repos/!svn/act/8dcaa690-2dbe-0310-bdb9-d8d87bbec96c
As I've said, if I change the Apache config to use basic htpasswd
authentication, I can access the repository normally -- that is, perform
restricted actions -- and if I create /new/ repositories, I'm able to
authenticate with LDAP for them.
I've narrowed this down to being a difference between the BerkeleyDB
repositories themselves, by process of elimination: the only difference in
the apache configurations for the new and old repositories is the SVNPath
(and the <Location>). Both repositories are running in the same server
instance. The user and group ownerships and permissions on all files and
directories in both repositories is the same.
The only thing I haven't tried (yet) is a dump/load -- which, BTW, I suspect
will solve the problem. However, I'm curious about the source of this
problem -- this looks entirely like a DB issue, and I'm surprised that
authentication issues are affecting (or being affected by) things at the DB
layer.
Thanks,
--- SER
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: LDAP authentication, strange server behavior.
Posted by Mukund <mu...@tessna.com>.
| will solve the problem. However, I'm curious about the source of this
| problem -- this looks entirely like a DB issue, and I'm surprised that
| authentication issues are affecting (or being affected by) things at the DB
| layer.
Can you add the httpd.conf file and any other .htaccess files which are
involved for the repository location to your report?
Mukund
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: LDAP authentication, strange server behavior.
Posted by Greg Stein <gs...@lyra.org>.
On Wed, May 21, 2003 at 08:22:28PM -0400, Sean E. Russell wrote:
> On Wednesday 21 May 2003 15:15, Sander Striker wrote:
> > > The only thing I haven't tried (yet) is a dump/load -- which, BTW, I
> > > suspect will solve the problem. However, I'm curious about the source of
> ...
> > Dumping and loading won't make any difference whatsoever. This sounds like
> > a misconfig of httpd.
>
> You're right. I'm still not sure why, but changing the <Location> path made
> it work, so at this point I'm assuming it is an Apache configuration issue.
> I have no idea why one authentication mechanism works while the other fails,
> when both work on other repositories on the same server.
I've seen problems where a person's docroot contains one or more of the path
elements in the repository's Location path.
For example:
<Location /repos/svn>
...
</Location>
If you have a repos/svn/ directory in your docroot, then funny things can
happen. I think just a repos/ will be fine.
But take a look. See if your old (borken) location had a mapping elsewhere
in your config or within the docroot. That may have been the problem.
Cheers,
-g
--
Greg Stein, http://www.lyra.org/
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: LDAP authentication, strange server behavior.
Posted by "Sean E. Russell" <se...@germane-software.com>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wednesday 21 May 2003 15:15, Sander Striker wrote:
> > The only thing I haven't tried (yet) is a dump/load -- which, BTW, I
> > suspect will solve the problem. However, I'm curious about the source of
...
> Dumping and loading won't make any difference whatsoever. This sounds like
> a misconfig of httpd.
You're right. I'm still not sure why, but changing the <Location> path made
it work, so at this point I'm assuming it is an Apache configuration issue.
I have no idea why one authentication mechanism works while the other fails,
when both work on other repositories on the same server.
At this point, it seems to have nothing to do with Subversion. Sorry for the
noise.
- --
### SER Deutsch|Esperanto|Francaise|Linux|Java|Ruby|Aikido|Dirigibles ###
### http://www.germane-software.com/~ser jabber.com:ser ICQ:83578737 ###
### GPG: http://www.germane-software.com/~ser/Security/ser_public.gpg ###
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+zBhFP0KxygnleI8RAvRkAKDKZG1uE7Adr/HIvYM1gCZmtriDnwCeOsHW
vT0DmskSGolQId5bra+mA/M=
=WgHO
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
RE: LDAP authentication, strange server behavior.
Posted by Sander Striker <st...@apache.org>.
> From: Sean Russell [mailto:sean.2.russell@gsk.com]
> Sent: Wednesday, May 21, 2003 8:59 PM
[...]
> The only thing I haven't tried (yet) is a dump/load -- which, BTW, I suspect
> will solve the problem. However, I'm curious about the source of this
> problem -- this looks entirely like a DB issue, and I'm surprised that
> authentication issues are affecting (or being affected by) things at the DB
> layer.
Dumping and loading won't make any difference whatsoever. This sounds like
a misconfig of httpd.
Sander
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org