You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Paul Nguyen <pa...@hotmail.com> on 2018/05/21 21:41:28 UTC

LDAP authenticate problem

I’m running SVN 1.9.3 (r1718519), on Ubuntu 16-04 with Server version: Apache/2.4.18 (Ubuntu).
Problem is when a user failed 3 times with his password, the account doesn’t get locked but it keeps prompting. It looks like it authenticates against every single file in the path of the repo that user wants to access.
The apache.conf:

<VirtualHost *:80>
  ServerName <server name>
  ErrorLog /var/log/svn/docs_LDAP_error.log
  CustomLog /var/log/svn/docs_LDAP_access.log common
  <Location />
    DAV svn
    SVNPath /var/svnrepo/docs
    ##LDAP
     AuthName "docs Repo - Active Directory Authentication"
    AuthBasicProvider ldap
    AuthType Basic
    AuthLDAPGroupAttribute member
    AuthLDAPGroupAttributeIsDN On
    AuthLDAPURL "ldap://<ldap server>:389/cn=Users,dc=chp,dc=com?sAMAccountName?sub?(objectClass=*)"
    AuthLDAPBindDN "app_subversion@chp.com"
    AuthLDAPBindPassword "<password>"
    require valid-user
    ##
    RequestHeader edit Destination ^https: http: early
    AuthzSVNAccessFile /var/svnrepo/auth/docs-subdomain
    SetInputFilter DEFLATE
    SetOutputFilter DEFLATE
    SVNIndexXSLT /.chp/svnindex.xsl
  </Location>
</VirtualHost>


Is there a way to lock out an user account after 3 failed attempts as it's supposed to ?

Thanks,
Paul

Re: LDAP authenticate problem

Posted by Eric Johnson <er...@tibco.com>.

The question relates to to either Apache, or the ActiveDirectory
configuration, not Subversion, from the looks of it.

The mailing lists for httpd will probably be able to give better advice
more quickly.

Eric.


On Mon, May 21, 2018 at 2:41 PM, Paul Nguyen <pa...@hotmail.com>
wrote:

> I’m running SVN 1.9.3 (r1718519), on Ubuntu 16-04 with Server version:
> Apache/2.4.18 (Ubuntu).
>
> Problem is when a user failed 3 times with his password, the account
> doesn’t get locked but it keeps prompting. It looks like it authenticates
> against every single file in the path of the repo that user wants to access.
>
> The apache.conf:
>
>
> <VirtualHost *:80>
>
>   ServerName <server name>
>
>   ErrorLog /var/log/svn/docs_LDAP_error.log
>
>   CustomLog /var/log/svn/docs_LDAP_access.log common
>
>   <Location />
>
>     DAV svn
>
>     SVNPath /var/svnrepo/docs
>
>     ##LDAP
>
>      AuthName "docs Repo - Active Directory Authentication"
>
>     AuthBasicProvider ldap
>
>     AuthType Basic
>
>     AuthLDAPGroupAttribute member
>
>     AuthLDAPGroupAttributeIsDN On
>
>     AuthLDAPURL "ldap://<ldap server>:389/cn=Users,dc=chp,
> dc=com?sAMAccountName?sub?(objectClass=*)"
>
>     AuthLDAPBindDN "app_subversion@chp.com"
>
>     AuthLDAPBindPassword "<password>"
>
>     require valid-user
>
>     ##
>
>     RequestHeader edit Destination ^https: http: early
>
>     AuthzSVNAccessFile /var/svnrepo/auth/docs-subdomain
>
>     SetInputFilter DEFLATE
>
>     SetOutputFilter DEFLATE
>
>     SVNIndexXSLT /.chp/svnindex.xsl
>
>   </Location>
>
> </VirtualHost>
>
> Is there a way to lock out an user account after 3 failed attempts as it's
> supposed to ?
>
> Thanks,
> Paul
>