You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Apfel Holger <ho...@evosoft.com> on 2006/03/21 10:13:44 UTC

SVN authentification at Active Directory won't work

Hi Mailinglist,
 
i have SubVersion 1.2.3 running with an Apache 2 Webserver on a Windows 2003 Server.
 
Everything works fine, Tortoise is my Client, i can create Repositorys, and so on.
 
But now, i want to get it more secure.
Users who want to access a repository must authentificate with their domainaccount, so my apache has to ask teh active directory on the domain controll for the accountdata.
 
i have the following configuration:
------------------------------------------------- 

<Location "/svn">
  DAV svn
  SVNParentPath F:/
  
  # Set the svnindex.xlt as the stylesheet
  SVNIndexXSLT "/svnindex.xsl"
 
  # our access control policy
  AuthzSVNAccessFile "E:/Bouncer/conf/svn_access"
 
  AuthLDAPEnabled on
  AuthLDAPAuthoritative on
  AuthType Basic
  AuthName "Authentication for svn repository"
 
  AuthLDAPUrl ldap://1.2.3.4:389/OU=users,DC=domain,DC=com?sAMAccountName?sub?(objectClass=user)
  AuthLDAPBindDN "cn=subversion_ldap,ou=35_administration,dc=domain,dc=com"
  AuthLDAPBindPassword abcdef
  <LimitExcept MERGE>
        Require valid-user
  </LimitExcept>
</Location>
------------------------------------------------- 
 
I can start my apache without any problems, but as soon as i will access the repository, i enter my account data and then the apache dies.
The error.log tell me "Parent: child process exited with status 3221225477 -- Restarting." After a little bit googling i found out that this seems to be an accessviolation, but nothing more.
 
Does anyone knows where exactly this AV is? Or maybe how to fix it?
 
Thanx a lot
 

Viele Grüße / Best regards
------------------------------------------------- 
Holger Apfel
Auszubildender 

evosoft GmbH 
Hugo-Junkers-Strasse 11, D-90411 Nürnberg 
Phone: +49 911 53991 155 
Fax:     +49 911 53991 390 
eMail: Holger.Apfel@evosoft.com 

http://www.evosoft.com <http://www.evosoft.com/>  
-------------------------------------------------

Re: SVN authentification at Active Directory won't work

Posted by Lieven Govaerts <lg...@mobsol.be>.

Hi Holger,

I had a similar problem, but that was on Linux. That problem was caused by using
OpenLDAP 2.2.6. It was solved by upgrading to OpenLDAP 2.2.27.

Maybe you can give some more information on your configuration, apache version,
ldap sdk version etc?

If you're only working on Windows, you can use mod_auth_sspi as well:
http://www.subversionary.org/sspidomainauth

regards,

Lieven.



Quoting Apfel Holger <ho...@evosoft.com>:

> Hi Mailinglist,
>
> i have SubVersion 1.2.3 running with an Apache 2 Webserver on a Windows 2003
> Server.
>
> Everything works fine, Tortoise is my Client, i can create Repositorys, and
> so on.
>
> But now, i want to get it more secure.
> Users who want to access a repository must authentificate with their
> domainaccount, so my apache has to ask teh active directory on the domain
> controll for the accountdata.
>
> i have the following configuration:
> -------------------------------------------------
>
> <Location "/svn">
>   DAV svn
>   SVNParentPath F:/
>
>   # Set the svnindex.xlt as the stylesheet
>   SVNIndexXSLT "/svnindex.xsl"
>
>   # our access control policy
>   AuthzSVNAccessFile "E:/Bouncer/conf/svn_access"
>
>   AuthLDAPEnabled on
>   AuthLDAPAuthoritative on
>   AuthType Basic
>   AuthName "Authentication for svn repository"
>
>   AuthLDAPUrl
>
ldap://1.2.3.4:389/OU=users,DC=domain,DC=com?sAMAccountName?sub?(objectClass=user)
>   AuthLDAPBindDN "cn=subversion_ldap,ou=35_administration,dc=domain,dc=com"
>   AuthLDAPBindPassword abcdef
>   <LimitExcept MERGE>
>         Require valid-user
>   </LimitExcept>
> </Location>
> -------------------------------------------------
>
> I can start my apache without any problems, but as soon as i will access the
> repository, i enter my account data and then the apache dies.
> The error.log tell me "Parent: child process exited with status 3221225477 --
> Restarting." After a little bit googling i found out that this seems to be an
> accessviolation, but nothing more.
>
> Does anyone knows where exactly this AV is? Or maybe how to fix it?
>
> Thanx a lot
>
>
> Viele Grüße / Best regards
> -------------------------------------------------
> Holger Apfel
> Auszubildender
>
> evosoft GmbH
> Hugo-Junkers-Strasse 11, D-90411 Nürnberg
> Phone: +49 911 53991 155
> Fax:     +49 911 53991 390
> eMail: Holger.Apfel@evosoft.com
>
> http://www.evosoft.com <http://www.evosoft.com/>
> -------------------------------------------------
>
>




----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org