You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Apfel Holger <ho...@evosoft.com> on 2006/03/21 10:13:44 UTC
SVN authentification at Active Directory won't work
Hi Mailinglist,
i have SubVersion 1.2.3 running with an Apache 2 Webserver on a Windows 2003 Server.
Everything works fine, Tortoise is my Client, i can create Repositorys, and so on.
But now, i want to get it more secure.
Users who want to access a repository must authentificate with their domainaccount, so my apache has to ask teh active directory on the domain controll for the accountdata.
i have the following configuration:
-------------------------------------------------
<Location "/svn">
DAV svn
SVNParentPath F:/
# Set the svnindex.xlt as the stylesheet
SVNIndexXSLT "/svnindex.xsl"
# our access control policy
AuthzSVNAccessFile "E:/Bouncer/conf/svn_access"
AuthLDAPEnabled on
AuthLDAPAuthoritative on
AuthType Basic
AuthName "Authentication for svn repository"
AuthLDAPUrl ldap://1.2.3.4:389/OU=users,DC=domain,DC=com?sAMAccountName?sub?(objectClass=user)
AuthLDAPBindDN "cn=subversion_ldap,ou=35_administration,dc=domain,dc=com"
AuthLDAPBindPassword abcdef
<LimitExcept MERGE>
Require valid-user
</LimitExcept>
</Location>
-------------------------------------------------
I can start my apache without any problems, but as soon as i will access the repository, i enter my account data and then the apache dies.
The error.log tell me "Parent: child process exited with status 3221225477 -- Restarting." After a little bit googling i found out that this seems to be an accessviolation, but nothing more.
Does anyone knows where exactly this AV is? Or maybe how to fix it?
Thanx a lot
Viele Grüße / Best regards
-------------------------------------------------
Holger Apfel
Auszubildender
evosoft GmbH
Hugo-Junkers-Strasse 11, D-90411 Nürnberg
Phone: +49 911 53991 155
Fax: +49 911 53991 390
eMail: Holger.Apfel@evosoft.com
http://www.evosoft.com <http://www.evosoft.com/>
-------------------------------------------------
Re: SVN authentification at Active Directory won't work
Posted by Lieven Govaerts <lg...@mobsol.be>.
Hi Holger,
I had a similar problem, but that was on Linux. That problem was caused by using
OpenLDAP 2.2.6. It was solved by upgrading to OpenLDAP 2.2.27.
Maybe you can give some more information on your configuration, apache version,
ldap sdk version etc?
If you're only working on Windows, you can use mod_auth_sspi as well:
http://www.subversionary.org/sspidomainauth
regards,
Lieven.
Quoting Apfel Holger <ho...@evosoft.com>:
> Hi Mailinglist,
>
> i have SubVersion 1.2.3 running with an Apache 2 Webserver on a Windows 2003
> Server.
>
> Everything works fine, Tortoise is my Client, i can create Repositorys, and
> so on.
>
> But now, i want to get it more secure.
> Users who want to access a repository must authentificate with their
> domainaccount, so my apache has to ask teh active directory on the domain
> controll for the accountdata.
>
> i have the following configuration:
> -------------------------------------------------
>
> <Location "/svn">
> DAV svn
> SVNParentPath F:/
>
> # Set the svnindex.xlt as the stylesheet
> SVNIndexXSLT "/svnindex.xsl"
>
> # our access control policy
> AuthzSVNAccessFile "E:/Bouncer/conf/svn_access"
>
> AuthLDAPEnabled on
> AuthLDAPAuthoritative on
> AuthType Basic
> AuthName "Authentication for svn repository"
>
> AuthLDAPUrl
>
ldap://1.2.3.4:389/OU=users,DC=domain,DC=com?sAMAccountName?sub?(objectClass=user)
> AuthLDAPBindDN "cn=subversion_ldap,ou=35_administration,dc=domain,dc=com"
> AuthLDAPBindPassword abcdef
> <LimitExcept MERGE>
> Require valid-user
> </LimitExcept>
> </Location>
> -------------------------------------------------
>
> I can start my apache without any problems, but as soon as i will access the
> repository, i enter my account data and then the apache dies.
> The error.log tell me "Parent: child process exited with status 3221225477 --
> Restarting." After a little bit googling i found out that this seems to be an
> accessviolation, but nothing more.
>
> Does anyone knows where exactly this AV is? Or maybe how to fix it?
>
> Thanx a lot
>
>
> Viele Grüße / Best regards
> -------------------------------------------------
> Holger Apfel
> Auszubildender
>
> evosoft GmbH
> Hugo-Junkers-Strasse 11, D-90411 Nürnberg
> Phone: +49 911 53991 155
> Fax: +49 911 53991 390
> eMail: Holger.Apfel@evosoft.com
>
> http://www.evosoft.com <http://www.evosoft.com/>
> -------------------------------------------------
>
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org