You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Eric Eickhoff <ej...@sigma-micro.com> on 2005/07/05 18:46:12 UTC
AuthzSVNAccessFile and branching
I am currently having an issue with doing a 'svn copy' command (attempting
to create a branch) and the way my access permissions are set up in the
AuthzSVNAccessFile.
I am doing LDAP authentication without a problem, and can do commits to the
repository with no problem -- it is just when doing a svn copy, I keep
getting prompted for username and password and eventually fails.
Here are the details:
Subversion 1.1.2 on RHEL v3
Authenticating against W2K Active Directory via mod_authz_ldap
Apache 2.0
httpd.conf
-----------
<Location /svn>
DAV svn
SVNParentPath /svn
SVNIndexXSLT "/svnindex.xsl"
Options Indexes FollowSymLinks
AllowOverride None
order allow,deny
allow from all
AuthzLDAPMethod ldap
AuthzLDAPServer ldap1.xyz.com:389
AuthzLDAPBindDN "CN=subv,OU=XXX,DC=xyz, DC=com"
AuthzLDAPBindPassword "*******"
AuthzLDAPUserBase "ou=XXX,dc=xyz,dc=com"
AuthzLDAPUserKey sAMAccountName
AuthzLDAPUserScope subtree
AuthzSVNAccessFile /opt/subversion/svn-access-file
AuthType basic
AuthName "Subversion Access"
require valid-user
</Location>
svn-access-file
--------------------
[groups]
developers = user1
#to allow everyone read access
[/]
* = r
[landfill:/]
#allow all developers complete access
@developers = rw
Now, with this config, I can commit changes to the landfill repository with
no problem. However, if I try to create a branch (via svn copy), it will
fail after prompting for the username and password several times (on the
commit, it prompts once for the username/password and them performs the
commit). The apache error_log displays Access Denied entries.
If, I modify the following section of the svn-access-file as such:
[/]
* = rw
OR
[landfill:/]
* = rw
everything works without a hitch.
Based on what I have read in the manual and online, the original
configurations above should work to allow everyone read access and the
developers group read/write access (including copies). Am I way off base?
Thanks for the help!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: AuthzSVNAccessFile and branching
Posted by Eric Eickhoff <ej...@sigma-micro.com>.
Well, unfortunately, I found no solution to this.
I ended up wiping my box--reinstalling RH and reloading everything and now
it is working as expected.
Thanks Lieven for your help.
-Eric
"Lieven Govaerts" <lg...@mobsol.be> wrote in message
news:20050707215513.B6ED03808C@apate.telenet-ops.be...
> Eric,
>
>
> I'm out of the useful things to test, maybe someone else on this list
> can help? This should be and probably is a trivial thing, but I don't
> see it.
> I'm still not sure about the (null) part in the error logs, it doesn't
> seem to be right.
>
> In such a situation, I'd try to find the root cause of the problem by
> trying other setups.
>
> Maybe you can:
>
> 1) see if it is the repository
> - make a new empty repository, and add trunk & branches folders
> - add this new repository in you svn-access-file like:
> [newrepo:/]
> @developers = rw
> - do an svn copy http://xyz.com/repos/newrepo/trunk
> http://xyz.com/repos/newrepo/branches/1 -m "test branch"
>
> 2) check the ldap part
> - make a new location in your apache config file, but without ldap
> <Location /svn>
> DAV svn
> SVNPath /svn/newrepo
> AuthzSVNAccessFile /svn/svn-newrepo-access-file
> AuthType Basic
> AuthName "Subversion repository"
> AuthUserFile /svn/svn-newrepo-auth-file
> Require valid-user
> </Location>
> - make a new svn-access-file with only this:
> [groups]
> developers = user1
>
> [newrepo:/]
> @developers = rw
> - you have to create a user in the /etc/svn-auth-file also
>>htpasswd -c /svn/svn-newrepo-auth-file user1 password
>
> 3) btw, what's the version of your svn client?
> what's the version of your mod_dav_svn?
>
> 4) try to install SVN on another machine,
> try putting the repositories in another folder
> check that the apache user has full rights on the svn folder
> try running svnserve instead of apache
> ...
> ( I know these don't seem to be relevant, you never know )
>
> Hope some of this helps before your forehead explodes :))
>
> Lieven.
>
>
>
> -----Original Message-----
> From: news [mailto:news@sea.gmane.org] On Behalf Of Eric Eickhoff
> Sent: donderdag 7 juli 2005 18:49
> To: users@subversion.tigris.org
> Subject: Re: AuthzSVNAccessFile and branching
>
> Thanks Lieven!
>
> I am definitely at a loss here. I don't know what I am missing. A flat
> spot is forming on my forehead from beating it against my desk!
>
> To answer your questions: (inline)
>
>
> "Lieven Govaerts" <lg...@mobsol.be> wrote in message
> news:20050706175115.ADE3219819D@europa.telenet-ops.be...
>> Eric,
>>
>> I don't have answers, just some remarks:
>>
>> 1. in the log:
>>
>> [Wed Jul 06 09:41:21 2005] [error] [client 10.31.1.21] Access denied:
>> '(null)' COPY landfill:/branches/1.0/trunk
>> landfill:/branches/1.0/trunk
>>
>> there is (null) where the username should be filled in, did you do
>> this manually or was it the original error log? If this is like it
>> appeared in the log it sure is a problem.
>>
>
> No, I didn't do this manually. It appears that the username is being
> 'dropped' during the COPY command. For example, when I issue the svn copy
> command, here is the access_log entries:
>
> -------------------------
> 10.31.1.21 - - [07/Jul/2005:11:25:28 -0500] "PROPFIND /repos/landfill
> HTTP/1.1" 401 543
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND /repos/landfill
> HTTP/1.1" 207 659
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
> /repos/landfill/!svn/vcc/default HTTP/1.1" 207 411
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
> /repos/landfill/!svn/bln/25 HTTP/1.1" 207 464
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
> /repos/landfill/trunk HTTP/1.1" 207 698
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
> /repos/landfill/!svn/vcc/default HTTP/1.1" 207 464
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
> /repos/landfill/!svn/bc/25/trunk HTTP/1.1" 207 709
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
> /repos/landfill/branches/3.0 HTTP/1.1" 404 367
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
> /repos/landfill/branches HTTP/1.1" 207 704
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
> /repos/landfill/!svn/vcc/default HTTP/1.1" 207 464
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
> /repos/landfill/!svn/bc/25/branches/3.0 HTTP/1.1" 404 378
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "OPTIONS /repos/landfill
> HTTP/1.1" 200 194
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "MKACTIVITY
> /repos/landfill/!svn/act/3cf0eec3-51fb-0310-a5ca-c8092b0b7386 HTTP/1.1"
> 201
> 377
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND /repos/landfill
> HTTP/1.1" 207 444
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
> /repos/landfill/!svn/vcc/default HTTP/1.1" 207 411
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "CHECKOUT
> /repos/landfill/!svn/bln/25 HTTP/1.1" 201 392
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPPATCH
> /repos/landfill/!svn/wbl/3cf0eec3-51fb-0310-a5ca-c8092b0b7386/25 HTTP/1.1"
> 207 360
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND /repos/landfill
> HTTP/1.1" 207 396
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
> /repos/landfill/branches HTTP/1.1" 207 704
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
> /repos/landfill/!svn/vcc/default HTTP/1.1" 207 464
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
> /repos/landfill/!svn/bc/25/branches HTTP/1.1" 207 424
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "CHECKOUT
> /repos/landfill/!svn/ver/25/branches HTTP/1.1" 201 398
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
> /repos/landfill/trunk HTTP/1.1" 207 698
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
> /repos/landfill/!svn/vcc/default HTTP/1.1" 207 464
> 10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "COPY
> /repos/landfill/!svn/bc/25/trunk HTTP/1.1" 401 348
> ------------------------------
>
> There error_log contains the same a posted before:
>
> [Thu Jul 07 11:25:28 2005] [error] [client 10.31.1.21] Access denied:
> '(null)' COPY landfill:/branches/3.0 landfill:/branches/3.0 [Thu Jul 07
> 11:25:28 2005] [error] [client 10.31.1.21] Access denied:
> '(null)' COPY landfill:/branches/3.0 landfill:/branches/3.0 [Thu Jul 07
> 11:25:28 2005] [error] [client 10.31.1.21] Access denied:
> '(null)' COPY landfill:/branches/3.0 landfill:/branches/3.0
>
> -------------------------
>
> From the access_log, it appears that it has the username (user1) during
> the
> COPY, but it receives the 401 response and then I get the entries in the
> error_log indicating the 'null' for username. Is it getting dropped
> somewhere??
>
>> 2. Your log and the error show that svn is trying to create a trunk
>> folder inside the branches/1.0 folder, so I guess the branches/1.0
>> folder was already created? Try deleting it first, or create another
> branch.
>> ( probably was part of the example? )
>>
>
> attempted to create several unique branches -- same result for all
>
>
>> 3. I'm not sure about the:
>> Options Indexes FollowSymLinks
>> AllowOverride None
>> order allow,deny
>> allow from all
>> part, but I copied this in my own apache conf, without problems. Why
>> do you need this?
>>
>
> These entries were part of a sample config I found (I had to teach myself
> Linux in order to implement Subversion -- Linux was required by my boss --
> anyway, I am not sure about those entries) I commented them out and still
> received the same results
>
>> 4. I do all my testing and production with Subversion 1.2, my logs
>> show some differences in comparison to yours:
>> C:\temp>svn copy http://mobsol.be/svn/public/trunk
>> http://mobsol.be/svn/public/b ranches/1.0 -m "branch 1.0" --username
>> lgo [Wed Jul 06 19:39:48 2005] [error] [client 84.195.197.106] Access
>> denied:
>> 'lgo' CHECKOUT public:/branches
>> [Wed Jul 06 19:39:51 2005] [error] [client 84.195.197.106] Access denied:
>> 'lgo' CHECKOUT public:/branches
>>
>> It shows the CHECKOUT command instead of COPY. I'm not sure what this
>> means.
>> Maybe you can upgrade your testenvironment to 1.2 ( or 1.2.1 ) to see
>> what happens there?
>>
>
> I performed the upgrade to 1.2.1 and still receive the same results. The
> access and error_logs in response #1 are from 1.2.1
>
>
>> 5. And maybe the obvious question: try to specify --username & --password
>> with your
>> svn copy command, so you're really sure which account you're using. And
>> check if
>> this account is truly in the developers group.
>>
>
> Tried specifying the username and password and no change. I am pretty
> confident that it is picking up the username correctly as it is reflected
> in
>
> the access_logs.
>
>
>> Lieven.
>
>
>
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.323 / Virus Database: 267.8.9/42 - Release Date: 6/07/2005
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: AuthzSVNAccessFile and branching
Posted by Lieven Govaerts <lg...@mobsol.be>.
Eric,
I'm out of the useful things to test, maybe someone else on this list
can help? This should be and probably is a trivial thing, but I don't
see it.
I'm still not sure about the (null) part in the error logs, it doesn't
seem to be right.
In such a situation, I'd try to find the root cause of the problem by
trying other setups.
Maybe you can:
1) see if it is the repository
- make a new empty repository, and add trunk & branches folders
- add this new repository in you svn-access-file like:
[newrepo:/]
@developers = rw
- do an svn copy http://xyz.com/repos/newrepo/trunk
http://xyz.com/repos/newrepo/branches/1 -m "test branch"
2) check the ldap part
- make a new location in your apache config file, but without ldap
<Location /svn>
DAV svn
SVNPath /svn/newrepo
AuthzSVNAccessFile /svn/svn-newrepo-access-file
AuthType Basic
AuthName "Subversion repository"
AuthUserFile /svn/svn-newrepo-auth-file
Require valid-user
</Location>
- make a new svn-access-file with only this:
[groups]
developers = user1
[newrepo:/]
@developers = rw
- you have to create a user in the /etc/svn-auth-file also
>htpasswd -c /svn/svn-newrepo-auth-file user1 password
3) btw, what's the version of your svn client?
what's the version of your mod_dav_svn?
4) try to install SVN on another machine,
try putting the repositories in another folder
check that the apache user has full rights on the svn folder
try running svnserve instead of apache
...
( I know these don't seem to be relevant, you never know )
Hope some of this helps before your forehead explodes :))
Lieven.
-----Original Message-----
From: news [mailto:news@sea.gmane.org] On Behalf Of Eric Eickhoff
Sent: donderdag 7 juli 2005 18:49
To: users@subversion.tigris.org
Subject: Re: AuthzSVNAccessFile and branching
Thanks Lieven!
I am definitely at a loss here. I don't know what I am missing. A flat
spot is forming on my forehead from beating it against my desk!
To answer your questions: (inline)
"Lieven Govaerts" <lg...@mobsol.be> wrote in message
news:20050706175115.ADE3219819D@europa.telenet-ops.be...
> Eric,
>
> I don't have answers, just some remarks:
>
> 1. in the log:
>
> [Wed Jul 06 09:41:21 2005] [error] [client 10.31.1.21] Access denied:
> '(null)' COPY landfill:/branches/1.0/trunk
> landfill:/branches/1.0/trunk
>
> there is (null) where the username should be filled in, did you do
> this manually or was it the original error log? If this is like it
> appeared in the log it sure is a problem.
>
No, I didn't do this manually. It appears that the username is being
'dropped' during the COPY command. For example, when I issue the svn copy
command, here is the access_log entries:
-------------------------
10.31.1.21 - - [07/Jul/2005:11:25:28 -0500] "PROPFIND /repos/landfill
HTTP/1.1" 401 543
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND /repos/landfill
HTTP/1.1" 207 659
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/!svn/vcc/default HTTP/1.1" 207 411
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/!svn/bln/25 HTTP/1.1" 207 464
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/trunk HTTP/1.1" 207 698
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/!svn/vcc/default HTTP/1.1" 207 464
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/!svn/bc/25/trunk HTTP/1.1" 207 709
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/branches/3.0 HTTP/1.1" 404 367
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/branches HTTP/1.1" 207 704
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/!svn/vcc/default HTTP/1.1" 207 464
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/!svn/bc/25/branches/3.0 HTTP/1.1" 404 378
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "OPTIONS /repos/landfill
HTTP/1.1" 200 194
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "MKACTIVITY
/repos/landfill/!svn/act/3cf0eec3-51fb-0310-a5ca-c8092b0b7386 HTTP/1.1" 201
377
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND /repos/landfill
HTTP/1.1" 207 444
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/!svn/vcc/default HTTP/1.1" 207 411
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "CHECKOUT
/repos/landfill/!svn/bln/25 HTTP/1.1" 201 392
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPPATCH
/repos/landfill/!svn/wbl/3cf0eec3-51fb-0310-a5ca-c8092b0b7386/25 HTTP/1.1"
207 360
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND /repos/landfill
HTTP/1.1" 207 396
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/branches HTTP/1.1" 207 704
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/!svn/vcc/default HTTP/1.1" 207 464
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/!svn/bc/25/branches HTTP/1.1" 207 424
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "CHECKOUT
/repos/landfill/!svn/ver/25/branches HTTP/1.1" 201 398
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/trunk HTTP/1.1" 207 698
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/!svn/vcc/default HTTP/1.1" 207 464
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "COPY
/repos/landfill/!svn/bc/25/trunk HTTP/1.1" 401 348
------------------------------
There error_log contains the same a posted before:
[Thu Jul 07 11:25:28 2005] [error] [client 10.31.1.21] Access denied:
'(null)' COPY landfill:/branches/3.0 landfill:/branches/3.0 [Thu Jul 07
11:25:28 2005] [error] [client 10.31.1.21] Access denied:
'(null)' COPY landfill:/branches/3.0 landfill:/branches/3.0 [Thu Jul 07
11:25:28 2005] [error] [client 10.31.1.21] Access denied:
'(null)' COPY landfill:/branches/3.0 landfill:/branches/3.0
-------------------------
Re: AuthzSVNAccessFile and branching
Posted by Eric Eickhoff <ej...@sigma-micro.com>.
Thanks Lieven!
I am definitely at a loss here. I don't know what I am missing. A flat
spot is forming on my forehead from beating it against my desk!
To answer your questions: (inline)
"Lieven Govaerts" <lg...@mobsol.be> wrote in message
news:20050706175115.ADE3219819D@europa.telenet-ops.be...
> Eric,
>
> I don't have answers, just some remarks:
>
> 1. in the log:
>
> [Wed Jul 06 09:41:21 2005] [error] [client 10.31.1.21] Access denied:
> '(null)' COPY landfill:/branches/1.0/trunk landfill:/branches/1.0/trunk
>
> there is (null) where the username should be filled in, did you do
> this manually or was it the original error log? If this is like it
> appeared in the log it sure is a problem.
>
No, I didn't do this manually. It appears that the username is being
'dropped' during the COPY command. For example, when I issue the svn copy
command, here is the access_log entries:
-------------------------
10.31.1.21 - - [07/Jul/2005:11:25:28 -0500] "PROPFIND /repos/landfill
HTTP/1.1" 401 543
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND /repos/landfill
HTTP/1.1" 207 659
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/!svn/vcc/default HTTP/1.1" 207 411
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/!svn/bln/25 HTTP/1.1" 207 464
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/trunk HTTP/1.1" 207 698
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/!svn/vcc/default HTTP/1.1" 207 464
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/!svn/bc/25/trunk HTTP/1.1" 207 709
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/branches/3.0 HTTP/1.1" 404 367
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/branches HTTP/1.1" 207 704
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/!svn/vcc/default HTTP/1.1" 207 464
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/!svn/bc/25/branches/3.0 HTTP/1.1" 404 378
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "OPTIONS /repos/landfill
HTTP/1.1" 200 194
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "MKACTIVITY
/repos/landfill/!svn/act/3cf0eec3-51fb-0310-a5ca-c8092b0b7386 HTTP/1.1" 201
377
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND /repos/landfill
HTTP/1.1" 207 444
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/!svn/vcc/default HTTP/1.1" 207 411
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "CHECKOUT
/repos/landfill/!svn/bln/25 HTTP/1.1" 201 392
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPPATCH
/repos/landfill/!svn/wbl/3cf0eec3-51fb-0310-a5ca-c8092b0b7386/25 HTTP/1.1"
207 360
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND /repos/landfill
HTTP/1.1" 207 396
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/branches HTTP/1.1" 207 704
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/!svn/vcc/default HTTP/1.1" 207 464
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/!svn/bc/25/branches HTTP/1.1" 207 424
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "CHECKOUT
/repos/landfill/!svn/ver/25/branches HTTP/1.1" 201 398
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/trunk HTTP/1.1" 207 698
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "PROPFIND
/repos/landfill/!svn/vcc/default HTTP/1.1" 207 464
10.31.1.21 - user1 [07/Jul/2005:11:25:28 -0500] "COPY
/repos/landfill/!svn/bc/25/trunk HTTP/1.1" 401 348
------------------------------
There error_log contains the same a posted before:
[Thu Jul 07 11:25:28 2005] [error] [client 10.31.1.21] Access denied:
'(null)' COPY landfill:/branches/3.0 landfill:/branches/3.0
[Thu Jul 07 11:25:28 2005] [error] [client 10.31.1.21] Access denied:
'(null)' COPY landfill:/branches/3.0 landfill:/branches/3.0
[Thu Jul 07 11:25:28 2005] [error] [client 10.31.1.21] Access denied:
'(null)' COPY landfill:/branches/3.0 landfill:/branches/3.0
-------------------------
RE: AuthzSVNAccessFile and branching
Posted by Lieven Govaerts <lg...@mobsol.be>.
Eric,
I don't have answers, just some remarks:
1. in the log:
[Wed Jul 06 09:41:21 2005] [error] [client 10.31.1.21] Access denied:
'(null)' COPY landfill:/branches/1.0/trunk landfill:/branches/1.0/trunk
there is (null) where the username should be filled in, did you do
this manually or was it the original error log? If this is like it
appeared in the log it sure is a problem.
2. Your log and the error show that svn is trying to create a trunk folder
inside the branches/1.0 folder, so I guess the branches/1.0 folder was
already created? Try deleting it first, or create another branch.
( probably was part of the example? )
3. I'm not sure about the:
Options Indexes FollowSymLinks
AllowOverride None
order allow,deny
allow from all
part, but I copied this in my own apache conf, without problems. Why
do you need this?
4. I do all my testing and production with Subversion 1.2, my logs show
some differences in comparison to yours:
C:\temp>svn copy http://mobsol.be/svn/public/trunk
http://mobsol.be/svn/public/b
ranches/1.0 -m "branch 1.0" --username lgo
[Wed Jul 06 19:39:48 2005] [error] [client 84.195.197.106] Access denied:
'lgo' CHECKOUT public:/branches
[Wed Jul 06 19:39:51 2005] [error] [client 84.195.197.106] Access denied:
'lgo' CHECKOUT public:/branches
It shows the CHECKOUT command instead of COPY. I'm not sure what this means.
Maybe you can upgrade your testenvironment to 1.2 ( or 1.2.1 ) to see what
happens there?
5. And maybe the obvious question: try to specify --username & --password
with your
svn copy command, so you're really sure which account you're using. And
check if
this account is truly in the developers group.
Lieven.
-----Original Message-----
From: news [mailto:news@sea.gmane.org] On Behalf Of Eric Eickhoff
Sent: woensdag 6 juli 2005 17:01
To: users@subversion.tigris.org
Subject: Re: AuthzSVNAccessFile and branching
Thanks Lieven for your info. Here are the log file entries:
When I issue the following command:
svn cp http://subv2.xyz.com/repos/landfill/trunk
http://subv2.xyz.com/repos/landfill/branches/1.0 -m "1.0 branch"
it will prompt me 3 times for username/password and then displays the
following:
subversion/libsvn_ra_dav/util.c:294: (apr_err=170001)
svn: COPY of branches/1.0/trunk: authorization failed (http://subv2.xyz.com)
The Apache error_log contains a series of these entries:
[Wed Jul 06 09:41:21 2005] [error] [client 10.31.1.21] Access denied:
'(null)' COPY landfill:/branches/1.0/trunk landfill:/branches/1.0/trunk [Wed
Jul 06 09:41:24 2005] [error] [client 10.31.1.21] Access denied:
'(null)' COPY landfill:/branches/1.0/trunk landfill:/branches/1.0/trunk [Wed
Jul 06 09:41:27 2005] [error] [client 10.31.1.21] Access denied:
'(null)' COPY landfill:/branches/1.0/trunk landfill:/branches/1.0/trunk
This is happening on both my production Subversion server and a test
subversion server (running subversion 1.1.3 -- all else the same).
Again, commits work without a problem, so I know that I have write access to
the repository. Any suggestions?
"Lieven Govaerts" <lg...@mobsol.be> wrote in message
news:20050706070617.683FA1980DA@europa.telenet-ops.be...
> Eric,
>
> I don't have the solution for your problem, just some info that may
> help you solve it.
>
> I have the same setup like yours in terms of components and
> configuration, only using different versions:
>
> apache 2.0.54 on Suse
> Subversion 1.2
> Authentication against AD with mod_authz_ldap
>
> Our LDAP configuration is identical to yours.
>
> Our svnaccess.conf is identical to your first version.
>
> This configuration allows us to make branches without problem.
>
> Maybe you can post some relevant extracts of apache's error.log file?
>
> Lieven.
>
>
>
>
> -----Original Message-----
> From: news [mailto:news@sea.gmane.org] On Behalf Of Eric Eickhoff
> Sent: dinsdag 5 juli 2005 20:46
> To: users@subversion.tigris.org
> Subject: AuthzSVNAccessFile and branching
>
> I am currently having an issue with doing a 'svn copy' command
> (attempting to create a branch) and the way my access permissions are
> set up in the AuthzSVNAccessFile.
>
> I am doing LDAP authentication without a problem, and can do commits
> to the repository with no problem -- it is just when doing a svn copy,
> I keep getting prompted for username and password and eventually
> fails.
>
> Here are the details:
>
> Subversion 1.1.2 on RHEL v3
> Authenticating against W2K Active Directory via mod_authz_ldap Apache
> 2.0
>
> httpd.conf
> -----------
> <Location /svn>
> DAV svn
> SVNParentPath /svn
> SVNIndexXSLT "/svnindex.xsl"
> Options Indexes FollowSymLinks
> AllowOverride None
> order allow,deny
> allow from all
> AuthzLDAPMethod ldap
> AuthzLDAPServer ldap1.xyz.com:389
> AuthzLDAPBindDN "CN=subv,OU=XXX,DC=xyz, DC=com"
> AuthzLDAPBindPassword "*******"
> AuthzLDAPUserBase "ou=XXX,dc=xyz,dc=com"
> AuthzLDAPUserKey sAMAccountName
> AuthzLDAPUserScope subtree
> AuthzSVNAccessFile /opt/subversion/svn-access-file
> AuthType basic
> AuthName "Subversion Access"
> require valid-user
> </Location>
>
> svn-access-file
> --------------------
> [groups]
> developers = user1
>
> #to allow everyone read access
> [/]
>
> * = r
>
> [landfill:/]
> #allow all developers complete access
> @developers = rw
>
>
> Now, with this config, I can commit changes to the landfill repository
> with no problem. However, if I try to create a branch (via svn copy),
> it will fail after prompting for the username and password several
> times (on the commit, it prompts once for the username/password and
> them performs the commit). The apache error_log displays Access
> Denied entries.
>
> If, I modify the following section of the svn-access-file as such:
>
> [/]
>
> * = rw
>
> OR
>
> [landfill:/]
>
> * = rw
>
> everything works without a hitch.
>
> Based on what I have read in the manual and online, the original
> configurations above should work to allow everyone read access and the
> developers group read/write access (including copies). Am I way off base?
>
> Thanks for the help!
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
> --
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.0.323 / Virus Database: 267.8.9/39 - Release Date:
> 4/07/2005
>
>
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.323 / Virus Database: 267.8.9/42 - Release Date:
> 6/07/2005
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.8.9/42 - Release Date: 6/07/2005
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.8.9/42 - Release Date: 6/07/2005
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: AuthzSVNAccessFile and branching
Posted by Eric Eickhoff <ej...@sigma-micro.com>.
Thanks Lieven for your info. Here are the log file entries:
When I issue the following command:
svn cp http://subv2.xyz.com/repos/landfill/trunk
http://subv2.xyz.com/repos/landfill/branches/1.0 -m "1.0 branch"
it will prompt me 3 times for username/password and then displays the
following:
subversion/libsvn_ra_dav/util.c:294: (apr_err=170001)
svn: COPY of branches/1.0/trunk: authorization failed (http://subv2.xyz.com)
The Apache error_log contains a series of these entries:
[Wed Jul 06 09:41:21 2005] [error] [client 10.31.1.21] Access denied:
'(null)' COPY landfill:/branches/1.0/trunk landfill:/branches/1.0/trunk
[Wed Jul 06 09:41:24 2005] [error] [client 10.31.1.21] Access denied:
'(null)' COPY landfill:/branches/1.0/trunk landfill:/branches/1.0/trunk
[Wed Jul 06 09:41:27 2005] [error] [client 10.31.1.21] Access denied:
'(null)' COPY landfill:/branches/1.0/trunk landfill:/branches/1.0/trunk
This is happening on both my production Subversion server and a test
subversion server (running subversion 1.1.3 -- all else the same).
Again, commits work without a problem, so I know that I have write access to
the repository. Any suggestions?
"Lieven Govaerts" <lg...@mobsol.be> wrote in message
news:20050706070617.683FA1980DA@europa.telenet-ops.be...
> Eric,
>
> I don't have the solution for your problem, just some info that may help
> you solve it.
>
> I have the same setup like yours in terms of components and configuration,
> only using different versions:
>
> apache 2.0.54 on Suse
> Subversion 1.2
> Authentication against AD with mod_authz_ldap
>
> Our LDAP configuration is identical to yours.
>
> Our svnaccess.conf is identical to your first version.
>
> This configuration allows us to make branches without problem.
>
> Maybe you can post some relevant extracts of apache's error.log file?
>
> Lieven.
>
>
>
>
> -----Original Message-----
> From: news [mailto:news@sea.gmane.org] On Behalf Of Eric Eickhoff
> Sent: dinsdag 5 juli 2005 20:46
> To: users@subversion.tigris.org
> Subject: AuthzSVNAccessFile and branching
>
> I am currently having an issue with doing a 'svn copy' command (attempting
> to create a branch) and the way my access permissions are set up in the
> AuthzSVNAccessFile.
>
> I am doing LDAP authentication without a problem, and can do commits to
> the
> repository with no problem -- it is just when doing a svn copy, I keep
> getting prompted for username and password and eventually fails.
>
> Here are the details:
>
> Subversion 1.1.2 on RHEL v3
> Authenticating against W2K Active Directory via mod_authz_ldap Apache 2.0
>
> httpd.conf
> -----------
> <Location /svn>
> DAV svn
> SVNParentPath /svn
> SVNIndexXSLT "/svnindex.xsl"
> Options Indexes FollowSymLinks
> AllowOverride None
> order allow,deny
> allow from all
> AuthzLDAPMethod ldap
> AuthzLDAPServer ldap1.xyz.com:389
> AuthzLDAPBindDN "CN=subv,OU=XXX,DC=xyz, DC=com"
> AuthzLDAPBindPassword "*******"
> AuthzLDAPUserBase "ou=XXX,dc=xyz,dc=com"
> AuthzLDAPUserKey sAMAccountName
> AuthzLDAPUserScope subtree
> AuthzSVNAccessFile /opt/subversion/svn-access-file
> AuthType basic
> AuthName "Subversion Access"
> require valid-user
> </Location>
>
> svn-access-file
> --------------------
> [groups]
> developers = user1
>
> #to allow everyone read access
> [/]
>
> * = r
>
> [landfill:/]
> #allow all developers complete access
> @developers = rw
>
>
> Now, with this config, I can commit changes to the landfill repository
> with
> no problem. However, if I try to create a branch (via svn copy), it will
> fail after prompting for the username and password several times (on the
> commit, it prompts once for the username/password and them performs the
> commit). The apache error_log displays Access Denied entries.
>
> If, I modify the following section of the svn-access-file as such:
>
> [/]
>
> * = rw
>
> OR
>
> [landfill:/]
>
> * = rw
>
> everything works without a hitch.
>
> Based on what I have read in the manual and online, the original
> configurations above should work to allow everyone read access and the
> developers group read/write access (including copies). Am I way off base?
>
> Thanks for the help!
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
> --
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.0.323 / Virus Database: 267.8.9/39 - Release Date: 4/07/2005
>
>
> --
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.323 / Virus Database: 267.8.9/42 - Release Date: 6/07/2005
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
RE: AuthzSVNAccessFile and branching
Posted by Lieven Govaerts <lg...@mobsol.be>.
Eric,
I don't have the solution for your problem, just some info that may help
you solve it.
I have the same setup like yours in terms of components and configuration,
only using different versions:
apache 2.0.54 on Suse
Subversion 1.2
Authentication against AD with mod_authz_ldap
Our LDAP configuration is identical to yours.
Our svnaccess.conf is identical to your first version.
This configuration allows us to make branches without problem.
Maybe you can post some relevant extracts of apache's error.log file?
Lieven.
-----Original Message-----
From: news [mailto:news@sea.gmane.org] On Behalf Of Eric Eickhoff
Sent: dinsdag 5 juli 2005 20:46
To: users@subversion.tigris.org
Subject: AuthzSVNAccessFile and branching
I am currently having an issue with doing a 'svn copy' command (attempting
to create a branch) and the way my access permissions are set up in the
AuthzSVNAccessFile.
I am doing LDAP authentication without a problem, and can do commits to the
repository with no problem -- it is just when doing a svn copy, I keep
getting prompted for username and password and eventually fails.
Here are the details:
Subversion 1.1.2 on RHEL v3
Authenticating against W2K Active Directory via mod_authz_ldap Apache 2.0
httpd.conf
-----------
<Location /svn>
DAV svn
SVNParentPath /svn
SVNIndexXSLT "/svnindex.xsl"
Options Indexes FollowSymLinks
AllowOverride None
order allow,deny
allow from all
AuthzLDAPMethod ldap
AuthzLDAPServer ldap1.xyz.com:389
AuthzLDAPBindDN "CN=subv,OU=XXX,DC=xyz, DC=com"
AuthzLDAPBindPassword "*******"
AuthzLDAPUserBase "ou=XXX,dc=xyz,dc=com"
AuthzLDAPUserKey sAMAccountName
AuthzLDAPUserScope subtree
AuthzSVNAccessFile /opt/subversion/svn-access-file
AuthType basic
AuthName "Subversion Access"
require valid-user
</Location>
svn-access-file
--------------------
[groups]
developers = user1
#to allow everyone read access
[/]
* = r
[landfill:/]
#allow all developers complete access
@developers = rw
Now, with this config, I can commit changes to the landfill repository with
no problem. However, if I try to create a branch (via svn copy), it will
fail after prompting for the username and password several times (on the
commit, it prompts once for the username/password and them performs the
commit). The apache error_log displays Access Denied entries.
If, I modify the following section of the svn-access-file as such:
[/]
* = rw
OR
[landfill:/]
* = rw
everything works without a hitch.
Based on what I have read in the manual and online, the original
configurations above should work to allow everyone read access and the
developers group read/write access (including copies). Am I way off base?
Thanks for the help!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.8.9/39 - Release Date: 4/07/2005
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.8.9/42 - Release Date: 6/07/2005
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org