You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Helmut Mucker <he...@frequentis.com> on 2005/10/13 11:36:53 UTC

Using "Require group" in mod_dav_svn and Active Directory?

Hi!

Im trying to set up a repository using Apache,
mod_dav_svn and authentication against Active
Directory via LDAP. 

Per-user authentication  using the "Require valid user"
directive works well, but I'm not able to use the
"Require group" directive, the svn-client says:

  svn: Commit failed (details follow):
  svn: MKACTIVITY of /projects/svntest/!svn/act/77248e0e-0103-0410-8b28-e97d89f45485: 500 Internal Server Error (http://frqwol31ux:90)

and in apache2/error.log there is

  [Thu Oct 13 13:29:44 2005] [crit] [client 172.17.2.1] configuration error:  couldn't check access. No groups file?: /projects/svntest/!svn/act/77248e0e-0103-0410-8b28-e97d89f45485

This is my dav_svn.conf:

<Location /projects/svntest>
  DAV svn
  SVNPath /usr/local/svn/svntest
  AuthType Basic
  AuthName "Subversion Repository"
  AuthLDAPEnabled on
  AuthLDAPAuthoritative off
  AuthLDAPURL "removed"
  AuthLDAPBindDN "removed"
  AuthLDAPBindPassword XXXXXX
  AuthLDAPGroupAttribute member
  AuthLDAPGroupAttributeIsDN on
  #AuthzSVNAccessFile /etc/apache2/dav_svn.authz
  <LimitExcept GET PROPFIND OPTIONS REPORT>
     Require group CN=ITM,OU=Groups,OU=ORG,DC=frequentis,DC=frq
     #Require valid-user
   </LimitExcept>
</Location>

Any suggestions anyone?
Thanks in advance
Helmut
-- 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Using "Require group" in mod_dav_svn and Active Directory?

Posted by Graham Leggett <mi...@sharp.fm>.

Helmut Mucker wrote:

> Per-user authentication  using the "Require valid user"
> directive works well, but I'm not able to use the
> "Require group" directive, the svn-client says:
> 
>   svn: Commit failed (details follow):
>   svn: MKACTIVITY of /projects/svntest/!svn/act/77248e0e-0103-0410-8b28-e97d89f45485: 500 Internal Server Error (http://frqwol31ux:90)
> 
> and in apache2/error.log there is
> 
>   [Thu Oct 13 13:29:44 2005] [crit] [client 172.17.2.1] configuration error:  couldn't check access. No groups file?: /projects/svntest/!svn/act/77248e0e-0103-0410-8b28-e97d89f45485

The problem lies in the message "couldn't check access. No groups 
file?". mod_auth_ldap isn't processing the require group directive, 
another one of the authentication modules (mod_auth) is trying to parse 
the "require group" directive, and because mod_auth isn't set up with a 
group file (which you shouldn't have, you're using LDAP), you get the 
error message.

I am not sure what the fix is though - go through the examples in the 
docs to double check you have included everything you need to include.

httpd v2.1/v2.2 fixes this problem by using "require ldap-group".

Regards,
Graham
--