You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Helmut Mucker <he...@frequentis.com> on 2005/10/13 11:36:53 UTC
Using "Require group" in mod_dav_svn and Active Directory?
Hi!
Im trying to set up a repository using Apache,
mod_dav_svn and authentication against Active
Directory via LDAP.
Per-user authentication using the "Require valid user"
directive works well, but I'm not able to use the
"Require group" directive, the svn-client says:
svn: Commit failed (details follow):
svn: MKACTIVITY of /projects/svntest/!svn/act/77248e0e-0103-0410-8b28-e97d89f45485: 500 Internal Server Error (http://frqwol31ux:90)
and in apache2/error.log there is
[Thu Oct 13 13:29:44 2005] [crit] [client 172.17.2.1] configuration error: couldn't check access. No groups file?: /projects/svntest/!svn/act/77248e0e-0103-0410-8b28-e97d89f45485
This is my dav_svn.conf:
<Location /projects/svntest>
DAV svn
SVNPath /usr/local/svn/svntest
AuthType Basic
AuthName "Subversion Repository"
AuthLDAPEnabled on
AuthLDAPAuthoritative off
AuthLDAPURL "removed"
AuthLDAPBindDN "removed"
AuthLDAPBindPassword XXXXXX
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
#AuthzSVNAccessFile /etc/apache2/dav_svn.authz
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require group CN=ITM,OU=Groups,OU=ORG,DC=frequentis,DC=frq
#Require valid-user
</LimitExcept>
</Location>
Any suggestions anyone?
Thanks in advance
Helmut
--
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: Using "Require group" in mod_dav_svn and Active Directory?
Posted by Graham Leggett <mi...@sharp.fm>.
Helmut Mucker wrote:
> Per-user authentication using the "Require valid user"
> directive works well, but I'm not able to use the
> "Require group" directive, the svn-client says:
>
> svn: Commit failed (details follow):
> svn: MKACTIVITY of /projects/svntest/!svn/act/77248e0e-0103-0410-8b28-e97d89f45485: 500 Internal Server Error (http://frqwol31ux:90)
>
> and in apache2/error.log there is
>
> [Thu Oct 13 13:29:44 2005] [crit] [client 172.17.2.1] configuration error: couldn't check access. No groups file?: /projects/svntest/!svn/act/77248e0e-0103-0410-8b28-e97d89f45485
The problem lies in the message "couldn't check access. No groups
file?". mod_auth_ldap isn't processing the require group directive,
another one of the authentication modules (mod_auth) is trying to parse
the "require group" directive, and because mod_auth isn't set up with a
group file (which you shouldn't have, you're using LDAP), you get the
error message.
I am not sure what the fix is though - go through the examples in the
docs to double check you have included everything you need to include.
httpd v2.1/v2.2 fixes this problem by using "require ldap-group".
Regards,
Graham
--