You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Alfredo De Luca <al...@gmail.com> on 2015/01/28 01:43:14 UTC

HTTP + SVN + AD

Hi all.
I have apache2 + svn 1.6. If I use SVN with local user it's all ok but
when I try to integrated with Active Directory I have weird issue.
With my account (with AD username and password) I have access with no prob.
Others can't access it at all. Below is the subversion.conf that I am using.
I have also tried to change my password on AD and still having access
with the new password. Others in the ldap-group still not having
access at all.

What am I missing? Any clue?

Thanks heaps for any info

Regards




<snip> subversion.conf
----------------------------------------------------------------------------------------------
 <Location /svn>
        DAV svn
        SVNParentPath /svn
        Require valid-user
        AuthType Basic
        AuthName "New SVN Server"
        AuthzSVNAccessFile /svn/Config/svn-auth.security
##### File/local access
#    AuthUserFile /svn/Config/svn-auth.htpasswd
#####
##### LDAP/AD access
#       AuthzLDAPAuthoritative on
        AuthBasicProvider ldap
       AuthLDAPURL
"ldap://xxxxxxxxxxxxxxxxxxxxxxx:3268/dc=xxx,dc=xxx,dc=xxx,dc=xxx?sAMAccountName"
NONE
        AuthLDAPBindDN "CN=msvndev01,OU=Unix
Servers,DC=xxx,DC=xxx,DC=xxx,DC=xxx"
        AuthLDAPBindPassword "xxxxxxxxxxxxxxxxx"
       Require ldap-group cn=RT-SVN-Administrators-DL,ou=Application
Tasks,ou=Infrastructure Access,ou=Resource Access
Groups,dc=xxx,dc=xxx,dc=xxx,dc=xxx




-- 
Alfredo

Re: HTTP + SVN + AD

Posted by Pavel Lyalyakin <pa...@visualsvn.com>.

Hello Alfredo,

On Sun, Feb 15, 2015 at 3:57 AM, Alfredo De Luca
<al...@gmail.com> wrote:
> Hi all.
> I figured that out was a filter/search on AD was getting not unique username
> so they couldn't log in.
> All ok now. Httpd and svn and AD are working together.

Have you considered installing VisualSVN Server? VisualSVN Server can
be installed in a couple of minutes and it will save you the trouble
of configuring LDAP settings manually for Active Directory
integration.

Integration with Active Directory works out of the box in VisualSVN
Server and you don't need to perform any manual configuration steps
even with free Standard Edition (it permits commercial use). Moreover,
you can configure authorization rules for AD groups, users and
computers via a graphical interface in VisualSVN Server Manger console
or VisualSVN Repository Configurator tools.

If your server machine is on Windows then I'd strongly suggest trying
VisualSVN Server: https://www.visualsvn.com/server/ See Getting
Started guide at https://www.visualsvn.com/server/getting-started/

Thanks.

--
With best regards,
Pavel Lyalyakin
VisualSVN Team

Re: HTTP + SVN + AD

Posted by Alfredo De Luca <al...@gmail.com>.

Hi all.
I figured that out was a filter/search on AD was getting not unique
username so they couldn't log in.
All ok now. Httpd and svn and AD are working together.
Thanks
On 29/01/2015 9:05 AM, "Alfredo De Luca" <al...@gmail.com> wrote:

> Thanks Nico.
> I will give it a try. Any reference/link how to do so?
> Thanks
> On 28/01/2015 3:55 PM, "Nico Kadel-Garcia" <nk...@gmail.com> wrote:
>
>> On Tue, Jan 27, 2015 at 7:43 PM, Alfredo De Luca
>> <al...@gmail.com> wrote:
>> > Hi all.
>> > I have apache2 + svn 1.6. If I use SVN with local user it's all ok but
>> > when I try to integrated with Active Directory I have weird issue.
>> > With my account (with AD username and password) I have access with no
>> prob.
>> > Others can't access it at all. Below is the subversion.conf that I am
>> using.
>> > I have also tried to change my password on AD and still having access
>> > with the new password. Others in the ldap-group still not having
>> > access at all.
>>
>> Ignore AD's LDAP, if I may suggest. Rely on just the Kerberos
>> credentials to authenticate, underlying AD, and use svnserve.conf to
>> manage user and group privileges. This completely moves away from the
>> LDAP intricacies.
>>
>> > What am I missing? Any clue?
>> >
>> > Thanks heaps for any info
>> >
>> > Regards
>>
>> Just that I've frequently found AD's LDAP to be managed by monkeys
>> trying to write Hamlet by randomly clicking buttons on the screen.
>> Debugging it for them tends to raise the hackles of the people
>> administering it: pointing them to the RFC's or walking them through
>> how the underlying technology works can be really embarassing for all
>> concerned.
>>
>

Re: HTTP + SVN + AD

Posted by Alfredo De Luca <al...@gmail.com>.

Thanks Nico.
I will give it a try. Any reference/link how to do so?
Thanks
On 28/01/2015 3:55 PM, "Nico Kadel-Garcia" <nk...@gmail.com> wrote:

> On Tue, Jan 27, 2015 at 7:43 PM, Alfredo De Luca
> <al...@gmail.com> wrote:
> > Hi all.
> > I have apache2 + svn 1.6. If I use SVN with local user it's all ok but
> > when I try to integrated with Active Directory I have weird issue.
> > With my account (with AD username and password) I have access with no
> prob.
> > Others can't access it at all. Below is the subversion.conf that I am
> using.
> > I have also tried to change my password on AD and still having access
> > with the new password. Others in the ldap-group still not having
> > access at all.
>
> Ignore AD's LDAP, if I may suggest. Rely on just the Kerberos
> credentials to authenticate, underlying AD, and use svnserve.conf to
> manage user and group privileges. This completely moves away from the
> LDAP intricacies.
>
> > What am I missing? Any clue?
> >
> > Thanks heaps for any info
> >
> > Regards
>
> Just that I've frequently found AD's LDAP to be managed by monkeys
> trying to write Hamlet by randomly clicking buttons on the screen.
> Debugging it for them tends to raise the hackles of the people
> administering it: pointing them to the RFC's or walking them through
> how the underlying technology works can be really embarassing for all
> concerned.
>

Re: HTTP + SVN + AD

Posted by Nico Kadel-Garcia <nk...@gmail.com>.

On Tue, Jan 27, 2015 at 7:43 PM, Alfredo De Luca
<al...@gmail.com> wrote:
> Hi all.
> I have apache2 + svn 1.6. If I use SVN with local user it's all ok but
> when I try to integrated with Active Directory I have weird issue.
> With my account (with AD username and password) I have access with no prob.
> Others can't access it at all. Below is the subversion.conf that I am using.
> I have also tried to change my password on AD and still having access
> with the new password. Others in the ldap-group still not having
> access at all.

Ignore AD's LDAP, if I may suggest. Rely on just the Kerberos
credentials to authenticate, underlying AD, and use svnserve.conf to
manage user and group privileges. This completely moves away from the
LDAP intricacies.

> What am I missing? Any clue?
>
> Thanks heaps for any info
>
> Regards

Just that I've frequently found AD's LDAP to be managed by monkeys
trying to write Hamlet by randomly clicking buttons on the screen.
Debugging it for them tends to raise the hackles of the people
administering it: pointing them to the RFC's or walking them through
how the underlying technology works can be really embarassing for all
concerned.