You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Mehrdad Sadri <me...@mscsoftware.com> on 2009/01/17 00:04:21 UTC
Subversion 1.5.5 LDAP Authentication
I have Installed Subversion 1.5.5 and Apache 2.2.11 with OpenSSL. I am
able to login and access Subversion repositories fine.
However, I like to change my authentication method now and used our
Windows 2003 AD (LDAP) for authentication.
I have spend several days and googled it, but still not able to get it
to work.
I have tried it with SSL and without, but no luck.
Attached is my httpd.conf and httpd-ssl.conf.
I would appreciate any help.
Regards!
************************************************************************
*******************
Mehrdad Sadri <ma...@mscsoftware.com> , Process
Consulting -Support, Tel: (714)445-3136, Fax: (714)784-4420, Mobile:
(949)306-7575
MSC Software Corporation <http://www.mscsoftware.com/> , 2 MacArthur
Place, Santa Ana, CA 92707
************************************************************************
*******************
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1029727
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Subversion 1.5.5 LDAP Authentication
Posted by Stephen Connolly-2 <st...@gmail.com>.
Have a look at my blog post...
http://javaadventure.blogspot.com/2008/11/apache-22-authentication-with-active.html
-Stephen
Mehrdad Sadri wrote:
>
> I have Installed Subversion 1.5.5 and Apache 2.2.11 with OpenSSL. I am
> able to login and access Subversion repositories fine.
>
> However, I like to change my authentication method now and used our
> Windows 2003 AD (LDAP) for authentication.
>
> I have spend several days and googled it, but still not able to get it
> to work.
>
> I have tried it with SSL and without, but no luck.
>
>
>
> Attached is my httpd.conf and httpd-ssl.conf.
>
>
>
> I would appreciate any help.
>
>
>
> Regards!
>
>
>
> ************************************************************************
> *******************
>
> Mehrdad Sadri <ma...@mscsoftware.com> , Process
> Consulting -Support, Tel: (714)445-3136, Fax: (714)784-4420, Mobile:
> (949)306-7575
>
> MSC Software Corporation <http://www.mscsoftware.com/> , 2 MacArthur
> Place, Santa Ana, CA 92707
>
> ************************************************************************
> *******************
>
> ------------------------------------------------------
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1029727
>
> To unsubscribe from this discussion, e-mail:
> [users-unsubscribe@subversion.tigris.org].
>
>
>
--
View this message in context: http://www.nabble.com/Subversion-1.5.5-LDAP-Authentication-tp21695244p21815002.html
Sent from the Subversion Users mailing list archive at Nabble.com.
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1097754
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
RE: Antwort: Subversion 1.5.5 LDAP Authentication
Posted by "Bolstridge, Andrew" <an...@intergraph.com>.
Are you sure that
AuthzLDAPAuthoritative off
is correct - this means that a failure in LDAP authentication will still try alternative login mechanisms, and its possible you're being authenticated against them instead.
AuthLDAPBindDN "CN=Users,dc=orbit,dc=com"
And is this correct? You need a CN to bind to, but "Users" doesn't sound right.
Lastly, I authenticate against the standard ldap port in my search url, not the global catalog. You might want to change the port number.
Andy
-----Original Message-----
From: Mehrdad Sadri [mailto:mehrdad.sadri@mscsoftware.com]
Sent: Thursday, January 29, 2009 7:53 PM
To: Robin.Gueldenpfennig@enercon.de
Cc: users@subversion.tigris.org
Subject: RE: Antwort: Subversion 1.5.5 LDAP Authentication
Hi Robin,
This method is using SSPI, and I set it up the way you asked me to. I put in all the directives in the httpd.conf and I am able to log-in and see the repositories in svn. However, I am not sure if is doing any authentication at all. I commented out the line " # AuthzSVNAccessFile "C:/Apache2.2/conf/svn-authz.conf"" and I am still AVABLE to login. For that matter I think anyone can login. Seems like there is no authorization required even though I have " Require valid-user"?????
Secondly, I am not so much interested in getting the SSPI method to work. I am interested in getting The following method to work with SSL; see below.
<Location /svn/>
DAV svn
SVNListParentPath on
SVNParentPath D:/svnrepos/
AuthName "Subversion Repository"
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://ldapserver.orbit.com:3268/DC=orbit,DC=com?sAMAccountName?sub?(objectClass=*)" NONE
AuthLDAPBindDN "CN=Users,dc=orbit,dc=com"
AuthLDAPBindPassword ldapasswd
require valid-user
</Location>
Also, in the attached files you send me you have method described and but in your email you have another.
Which is a preferred method? Which method works?
I have searched all over the documentation for Apache, still not able to get the LDAP work properly.
Any help would be greatly appreciated.
Thanks in advance!
Mehrdad Sadri
MSC.Software Corp.
M:(949)306-7575
W:(714)445-3136
>-----Original Message-----
>From: Robin.Gueldenpfennig@enercon.de
>[mailto:Robin.Gueldenpfennig@enercon.de]
>Sent: Tuesday, January 27, 2009 11:51 PM
>To: Mehrdad Sadri
>Cc: users@subversion.tigris.org
>Subject: Antwort: Subversion 1.5.5 LDAP Authentication
>
>
>Hi!
>
>Please exclude httpd-ssl.conf and put this into your httpd.conf:
>
>Listen 443
>
><Location /SVN_ROOT>
> DAV svn
> SVNParentPath D:\svnrepos\
> SVNListParentPath on
>
> SSLRequireSSL
>
> AuthName "Subversion Repositories"
>
>##Authentication via ENERCON Windows Domain
> AuthType SSPI
> SSPIAuth On
> SSPIAuthoritative On
> SSPIDomain orbit
> SSPIOmitDomain on
> SSPIUsernameCase lower
> SSPIPerRequestAuth off
> SSPIOfferBasic On
>
>##Authorization file which handles access rights
> AuthzSVNAccessFile conf/svnaccessfile.conf ## in this file you can
>insert the Windows Domain user names and their rights for the
>repositories
>
>
> Require valid-user
></Location>
>
>
>
>##SSL Authentication module
><IfModule ssl_module>
> SSLMutex default
> SSLRandomSeed startup builtin
> SSLSessionCache none
>
>##The following creates an SSL server which speaks only the SSLv3
>protocol and its ciphers
> SSLProtocol -all +SSLv3
> SSLCipherSuite SSLv3:+HIGH:+MEDIUM:+LOW:+EXP </IfModule>
>
>CustomLog logs/ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\"
>%b"
>CustomLog logs/svn_logfile.log "%t %u %U %{SVN-ACTION}e" env=SVN-ACTION
>
><VirtualHost *:443>
> SSLEngine On
> SSLCertificateFile conf/ssl/sslcert.crt
> SSLCertificateKeyFile conf/ssl/sslkey.key </VirtualHost>
>
>If this works you can modify it for matching your needs...
>
>Mit freundlichen Grüßen
>Robin Güldenpfennig
>
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>Robin Güldenpfennig
>Service IT / SCADA Department
>
>ENERCON Service Center
>Dornumer Straße 20
>26607 Aurich / Germany
>
>mailto:Robin.Gueldenpfennig@enercon.de
>http://www.enercon.de
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>Diese E-Mail und mögliche Anhänge enthalten vertrauliche Informationen,
>die rechtlich besonders geschützt sein können. Wenn Sie nicht der
>beabsichtigte Empfänger bzw. Adressat dieser E-mail sind und diese
>E-Mail etwa aufgrund eines technischen Fehlers oder eines Versehens
>erhalten haben, informieren Sie uns bitte sofort und löschen Sie
>anschließend die E-Mail. Das unbefugte Kopieren dieser E-Mail, etwaiger
>Anhänge sowie die unbefugte Weitergabe der enthaltenen Informationen an Dritte ist nicht gestattet.
>
>This e-mail message together with its attachments, if any, is
>confidential and may contain information subject to legal privilege (e.g.
>attorney-client-privilege). If you are not the intended recipient or
>have received this e-mail in error, please inform us immediately and
>delete this message. Any unauthorised copying of this message (and
>attachments) or unauthorised distribution of the information contained herein is prohibited.
>
>
>
> Mehrdad Sadri
> <mehrdad.sadri@ms
> csoftware.com> An
> users@subversion.tigris.org
> 27.01.2009 22:50 Kopie
>
> Thema
> Subversion 1.5.5 LDAP
> Authentication
>
>
>
>
>
>
>
>
>
>
>I have Installed Subversion 1.5.5 and Apache 2.2.11 with OpenSSL. I am
>able to login and access Subversion repositories fine.
>However, I like to change my authentication method now and used our
>Windows
>2003 AD (LDAP) for authentication.
>I have spend several days and googled it, but still not able to get it to work.
>I have tried it with SSL and without, but no luck.
>
>Attached is my httpd.conf and httpd-ssl.conf.
>
>I would appreciate any help.
>
>Regards!
>
>***********************************************************************
>********
>************
>Mehrdad Sadri , Process Consulting -Support, Tel: (714)445-3136, Fax:
>(714)784-4420, Mobile: (949)306-7575
>MSC Software Corporation , 2 MacArthur Place, Santa Ana, CA 92707
>***********************************************************************
>********
>************
> (See attached file: httpd.conf)(See attached file: httpd-ssl.conf)
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1069978
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1073218
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
RE: Antwort: Subversion 1.5.5 LDAP Authentication
Posted by Ro...@enercon.de.
Hi Mehrdad,
If you use the SSPI module without any SVNaccessfile everybody who has a
domain account will have full rights on all repositories. So you need an
accessfile to regular the rights.
Using the LDAP directive is a little bit harder to configure. On a Linux
server it could look like this:
<Location /SVN>
DAV svn
SVNParentPath "/var/SVN/"
SVNListParentPath on
Order allow,deny
Allow from all
SSLRequireSSL
SVNIndexXSLT "/svnindex.xsl"
# LDAP Authentication & Authorization is final; do not check other
databases
AuthzLDAPAuthoritative on
# Do basic password authentication in the clear
AuthType Basic
AuthBasicAuthoritative off
AuthBasicProvider ldap
# The name of the protected area or "realm"
AuthName "Subversion Repository"
# The LDAP query URL
# Format: scheme://host:port/basedn?attribute?scope?filter
# The URL below will search for all objects recursively below the
basedn
# and validate against the sAMAccountName attribute
AuthLDAPURL
"ldap://ldap.domain.com:389/OU=Users,DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)"
# Active Directory requires an authenticating DN to access records
# This is the DN used to bind to the directory service
# This is an Active Directory user account
AuthLDAPBindDN
"cn=SubversionLDAPUser,ou=users,ou=accounts,dc=domain,dc=com"
# This is the password for the AuthLDAPBindDN user in Active Directory
AuthLDAPBindPassword "PASSWORD"
# Authorization file which handles access rights
AuthzSVNAccessFile /etc/Subversion/svnaccessfile.conf
# Require authentication for this Location
Require valid-user
</Location>
Mit freundlichen Grüßen
Robin Güldenpfennig
"Mehrdad Sadri"
<Mehrdad.Sadri@ms
csoftware.com> An
<Ro...@enercon.de>
29.01.2009 20:53 Kopie
<us...@subversion.tigris.org>
Thema
RE: Antwort: Subversion 1.5.5
LDAP Authentication
Hi Robin,
This method is using SSPI, and I set it up the way you asked me to. I put
in all the directives in the httpd.conf and I am able to log-in and see the
repositories in svn. However, I am not sure if is doing any authentication
at all. I commented out the line
" # AuthzSVNAccessFile "C:/Apache2.2/conf/svn-authz.conf"" and I am still
AVABLE to login. For that matter I think anyone can login. Seems like there
is no authorization required even though I have " Require valid-user"?????
Secondly, I am not so much interested in getting the SSPI method to work. I
am interested in getting
The following method to work with SSL; see below.
<Location /svn/>
DAV svn
SVNListParentPath on
SVNParentPath D:/svnrepos/
AuthName "Subversion Repository"
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative off
AuthLDAPURL
"ldap://ldapserver.orbit.com:3268/DC=orbit,DC=com?sAMAccountName?sub?(objectClass=*)"
NONE
AuthLDAPBindDN "CN=Users,dc=orbit,dc=com"
AuthLDAPBindPassword ldapasswd
require valid-user
</Location>
Also, in the attached files you send me you have method described and but
in your email you have another.
Which is a preferred method? Which method works?
I have searched all over the documentation for Apache, still not able to
get the LDAP work properly.
Any help would be greatly appreciated.
Thanks in advance!
Mehrdad Sadri
MSC.Software Corp.
M:(949)306-7575
W:(714)445-3136
>-----Original Message-----
>From: Robin.Gueldenpfennig@enercon.de
[mailto:Robin.Gueldenpfennig@enercon.de]
>Sent: Tuesday, January 27, 2009 11:51 PM
>To: Mehrdad Sadri
>Cc: users@subversion.tigris.org
>Subject: Antwort: Subversion 1.5.5 LDAP Authentication
>
>
>Hi!
>
>Please exclude httpd-ssl.conf and put this into your httpd.conf:
>
>Listen 443
>
><Location /SVN_ROOT>
> DAV svn
> SVNParentPath D:\svnrepos\
> SVNListParentPath on
>
> SSLRequireSSL
>
> AuthName "Subversion Repositories"
>
>##Authentication via ENERCON Windows Domain
> AuthType SSPI
> SSPIAuth On
> SSPIAuthoritative On
> SSPIDomain orbit
> SSPIOmitDomain on
> SSPIUsernameCase lower
> SSPIPerRequestAuth off
> SSPIOfferBasic On
>
>##Authorization file which handles access rights
> AuthzSVNAccessFile conf/svnaccessfile.conf ## in this file you can
insert the
>Windows Domain user names and their rights for the repositories
>
>
> Require valid-user
></Location>
>
>
>
>##SSL Authentication module
><IfModule ssl_module>
> SSLMutex default
> SSLRandomSeed startup builtin
> SSLSessionCache none
>
>##The following creates an SSL server which speaks only the SSLv3 protocol
and
>its ciphers
> SSLProtocol -all +SSLv3
> SSLCipherSuite SSLv3:+HIGH:+MEDIUM:+LOW:+EXP </IfModule>
>
>CustomLog logs/ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x
\"%r\"
>%b"
>CustomLog logs/svn_logfile.log "%t %u %U %{SVN-ACTION}e" env=SVN-ACTION
>
><VirtualHost *:443>
> SSLEngine On
> SSLCertificateFile conf/ssl/sslcert.crt
> SSLCertificateKeyFile conf/ssl/sslkey.key </VirtualHost>
>
>If this works you can modify it for matching your needs...
>
>Mit freundlichen Grüßen
>Robin Güldenpfennig
>
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>Robin Güldenpfennig
>Service IT / SCADA Department
>
>ENERCON Service Center
>Dornumer Straße 20
>26607 Aurich / Germany
>
>mailto:Robin.Gueldenpfennig@enercon.de
>http://www.enercon.de
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>Diese E-Mail und mögliche Anhänge enthalten vertrauliche Informationen,
die
>rechtlich besonders geschützt sein können. Wenn Sie nicht der
beabsichtigte
>Empfänger bzw. Adressat dieser E-mail sind und diese E-Mail etwa aufgrund
eines
>technischen Fehlers oder eines Versehens erhalten haben, informieren Sie
uns
>bitte sofort und löschen Sie anschließend die E-Mail. Das unbefugte
Kopieren
>dieser E-Mail, etwaiger Anhänge sowie die unbefugte Weitergabe der
enthaltenen
>Informationen an Dritte ist nicht gestattet.
>
>This e-mail message together with its attachments, if any, is confidential
and
>may contain information subject to legal privilege (e.g.
>attorney-client-privilege). If you are not the intended recipient or have
>received this e-mail in error, please inform us immediately and delete
this
>message. Any unauthorised copying of this message (and attachments) or
>unauthorised distribution of the information contained herein is
prohibited.
>
>
>
> Mehrdad Sadri
> <mehrdad.sadri@ms
> csoftware.com> An
> users@subversion.tigris.org
> 27.01.2009 22:50 Kopie
>
> Thema
> Subversion 1.5.5 LDAP
> Authentication
>
>
>
>
>
>
>
>
>
>
>I have Installed Subversion 1.5.5 and Apache 2.2.11 with OpenSSL. I am
able to
>login and access Subversion repositories fine.
>However, I like to change my authentication method now and used our
Windows
>2003 AD (LDAP) for authentication.
>I have spend several days and googled it, but still not able to get it to
work.
>I have tried it with SSL and without, but no luck.
>
>Attached is my httpd.conf and httpd-ssl.conf.
>
>I would appreciate any help.
>
>Regards!
>
>*******************************************************************************
>************
>Mehrdad Sadri , Process Consulting -Support, Tel: (714)445-3136, Fax:
>(714)784-4420, Mobile: (949)306-7575
>MSC Software Corporation , 2 MacArthur Place, Santa Ana, CA 92707
>*******************************************************************************
>************
> (See attached file: httpd.conf)(See attached file: httpd-ssl.conf)
(See attached file: httpd.conf)(See attached file: httpd-ssl.conf)
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1096959
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
RE: Antwort: Subversion 1.5.5 LDAP Authentication
Posted by Mehrdad Sadri <me...@mscsoftware.com>.
Hi Robin,
This method is using SSPI, and I set it up the way you asked me to. I put in all the directives in the httpd.conf and I am able to log-in and see the repositories in svn. However, I am not sure if is doing any authentication at all. I commented out the line
" # AuthzSVNAccessFile "C:/Apache2.2/conf/svn-authz.conf"" and I am still AVABLE to login. For that matter I think anyone can login. Seems like there is no authorization required even though I have " Require valid-user"?????
Secondly, I am not so much interested in getting the SSPI method to work. I am interested in getting
The following method to work with SSL; see below.
<Location /svn/>
DAV svn
SVNListParentPath on
SVNParentPath D:/svnrepos/
AuthName "Subversion Repository"
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://ldapserver.orbit.com:3268/DC=orbit,DC=com?sAMAccountName?sub?(objectClass=*)" NONE
AuthLDAPBindDN "CN=Users,dc=orbit,dc=com"
AuthLDAPBindPassword ldapasswd
require valid-user
</Location>
Also, in the attached files you send me you have method described and but in your email you have another.
Which is a preferred method? Which method works?
I have searched all over the documentation for Apache, still not able to get the LDAP work properly.
Any help would be greatly appreciated.
Thanks in advance!
Mehrdad Sadri
MSC.Software Corp.
M:(949)306-7575
W:(714)445-3136
>-----Original Message-----
>From: Robin.Gueldenpfennig@enercon.de [mailto:Robin.Gueldenpfennig@enercon.de]
>Sent: Tuesday, January 27, 2009 11:51 PM
>To: Mehrdad Sadri
>Cc: users@subversion.tigris.org
>Subject: Antwort: Subversion 1.5.5 LDAP Authentication
>
>
>Hi!
>
>Please exclude httpd-ssl.conf and put this into your httpd.conf:
>
>Listen 443
>
><Location /SVN_ROOT>
> DAV svn
> SVNParentPath D:\svnrepos\
> SVNListParentPath on
>
> SSLRequireSSL
>
> AuthName "Subversion Repositories"
>
>##Authentication via ENERCON Windows Domain
> AuthType SSPI
> SSPIAuth On
> SSPIAuthoritative On
> SSPIDomain orbit
> SSPIOmitDomain on
> SSPIUsernameCase lower
> SSPIPerRequestAuth off
> SSPIOfferBasic On
>
>##Authorization file which handles access rights
> AuthzSVNAccessFile conf/svnaccessfile.conf ## in this file you can insert the
>Windows Domain user names and their rights for the repositories
>
>
> Require valid-user
></Location>
>
>
>
>##SSL Authentication module
><IfModule ssl_module>
> SSLMutex default
> SSLRandomSeed startup builtin
> SSLSessionCache none
>
>##The following creates an SSL server which speaks only the SSLv3 protocol and
>its ciphers
> SSLProtocol -all +SSLv3
> SSLCipherSuite SSLv3:+HIGH:+MEDIUM:+LOW:+EXP </IfModule>
>
>CustomLog logs/ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\"
>%b"
>CustomLog logs/svn_logfile.log "%t %u %U %{SVN-ACTION}e" env=SVN-ACTION
>
><VirtualHost *:443>
> SSLEngine On
> SSLCertificateFile conf/ssl/sslcert.crt
> SSLCertificateKeyFile conf/ssl/sslkey.key </VirtualHost>
>
>If this works you can modify it for matching your needs...
>
>Mit freundlichen Grüßen
>Robin Güldenpfennig
>
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>Robin Güldenpfennig
>Service IT / SCADA Department
>
>ENERCON Service Center
>Dornumer Straße 20
>26607 Aurich / Germany
>
>mailto:Robin.Gueldenpfennig@enercon.de
>http://www.enercon.de
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>Diese E-Mail und mögliche Anhänge enthalten vertrauliche Informationen, die
>rechtlich besonders geschützt sein können. Wenn Sie nicht der beabsichtigte
>Empfänger bzw. Adressat dieser E-mail sind und diese E-Mail etwa aufgrund eines
>technischen Fehlers oder eines Versehens erhalten haben, informieren Sie uns
>bitte sofort und löschen Sie anschließend die E-Mail. Das unbefugte Kopieren
>dieser E-Mail, etwaiger Anhänge sowie die unbefugte Weitergabe der enthaltenen
>Informationen an Dritte ist nicht gestattet.
>
>This e-mail message together with its attachments, if any, is confidential and
>may contain information subject to legal privilege (e.g.
>attorney-client-privilege). If you are not the intended recipient or have
>received this e-mail in error, please inform us immediately and delete this
>message. Any unauthorised copying of this message (and attachments) or
>unauthorised distribution of the information contained herein is prohibited.
>
>
>
> Mehrdad Sadri
> <mehrdad.sadri@ms
> csoftware.com> An
> users@subversion.tigris.org
> 27.01.2009 22:50 Kopie
>
> Thema
> Subversion 1.5.5 LDAP
> Authentication
>
>
>
>
>
>
>
>
>
>
>I have Installed Subversion 1.5.5 and Apache 2.2.11 with OpenSSL. I am able to
>login and access Subversion repositories fine.
>However, I like to change my authentication method now and used our Windows
>2003 AD (LDAP) for authentication.
>I have spend several days and googled it, but still not able to get it to work.
>I have tried it with SSL and without, but no luck.
>
>Attached is my httpd.conf and httpd-ssl.conf.
>
>I would appreciate any help.
>
>Regards!
>
>*******************************************************************************
>************
>Mehrdad Sadri , Process Consulting -Support, Tel: (714)445-3136, Fax:
>(714)784-4420, Mobile: (949)306-7575
>MSC Software Corporation , 2 MacArthur Place, Santa Ana, CA 92707
>*******************************************************************************
>************
> (See attached file: httpd.conf)(See attached file: httpd-ssl.conf)
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1069978
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Antwort: Subversion 1.5.5 LDAP Authentication
Posted by Ro...@enercon.de.
Hi!
Please exclude httpd-ssl.conf and put this into your httpd.conf:
Listen 443
<Location /SVN_ROOT>
DAV svn
SVNParentPath D:\svnrepos\
SVNListParentPath on
SSLRequireSSL
AuthName "Subversion Repositories"
##Authentication via ENERCON Windows Domain
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain orbit
SSPIOmitDomain on
SSPIUsernameCase lower
SSPIPerRequestAuth off
SSPIOfferBasic On
##Authorization file which handles access rights
AuthzSVNAccessFile conf/svnaccessfile.conf
## in this file you can insert the Windows Domain user names and their
rights for the repositories
Require valid-user
</Location>
##SSL Authentication module
<IfModule ssl_module>
SSLMutex default
SSLRandomSeed startup builtin
SSLSessionCache none
##The following creates an SSL server which speaks only the SSLv3 protocol
and its ciphers
SSLProtocol -all +SSLv3
SSLCipherSuite SSLv3:+HIGH:+MEDIUM:+LOW:+EXP
</IfModule>
CustomLog logs/ssl_request.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x
\"%r\" %b"
CustomLog logs/svn_logfile.log "%t %u %U %{SVN-ACTION}e" env=SVN-ACTION
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile conf/ssl/sslcert.crt
SSLCertificateKeyFile conf/ssl/sslkey.key
</VirtualHost>
If this works you can modify it for matching your needs...
Mit freundlichen Grüßen
Robin Güldenpfennig
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Robin Güldenpfennig
Service IT / SCADA Department
ENERCON Service Center
Dornumer Straße 20
26607 Aurich / Germany
mailto:Robin.Gueldenpfennig@enercon.de
http://www.enercon.de
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Diese E-Mail und mögliche Anhänge enthalten vertrauliche Informationen, die
rechtlich besonders geschützt sein können. Wenn Sie nicht der beabsichtigte
Empfänger bzw. Adressat dieser E-mail sind und diese E-Mail etwa aufgrund
eines technischen Fehlers oder eines Versehens erhalten haben, informieren
Sie uns bitte sofort und löschen Sie anschließend die E-Mail. Das unbefugte
Kopieren dieser E-Mail, etwaiger Anhänge sowie die unbefugte Weitergabe der
enthaltenen Informationen an Dritte ist nicht gestattet.
This e-mail message together with its attachments, if any, is confidential
and may contain information subject to legal privilege (e.g.
attorney-client-privilege). If you are not the intended recipient or have
received this e-mail in error, please inform us immediately and delete this
message. Any unauthorised copying of this message (and attachments) or
unauthorised distribution of the information contained herein is
prohibited.
Mehrdad Sadri
<mehrdad.sadri@ms
csoftware.com> An
users@subversion.tigris.org
27.01.2009 22:50 Kopie
Thema
Subversion 1.5.5 LDAP
Authentication
I have Installed Subversion 1.5.5 and Apache 2.2.11 with OpenSSL. I am able
to login and access Subversion repositories fine.
However, I like to change my authentication method now and used our Windows
2003 AD (LDAP) for authentication.
I have spend several days and googled it, but still not able to get it to
work.
I have tried it with SSL and without, but no luck.
Attached is my httpd.conf and httpd-ssl.conf.
I would appreciate any help.
Regards!
*******************************************************************************************
Mehrdad Sadri , Process Consulting -Support, Tel: (714)445-3136, Fax:
(714)784-4420, Mobile: (949)306-7575
MSC Software Corporation , 2 MacArthur Place, Santa Ana, CA 92707
*******************************************************************************************
(See attached file: httpd.conf)(See attached file: httpd-ssl.conf)
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1062079
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].