You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Irfan Sayed <ir...@gmail.com> on 2009/04/24 09:08:31 UTC
ldap authentication in subversion
Hi All,
We are using subversion I just waneted to check can we use windows domain
controller for authentication. what i need is they should login
to subversion using their windows username and password.
After some investigation, i found that we can use ldap authentication
mechanism so i did following configuration in apache's http.conf file.
*<Location "/svn">*
*DAV svn*
*AuthBasicProvider ldap*
*AuthType Basic*
*AuthzLDAPAuthoritative off*
*AuthName "My svn server "*
*AuthLDAPURL "ldap://
exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?(objectClass=*)" NONE*
*AuthLDAPBindDN "irfan.sayed@exfo.com"*
*AuthLDAPBindDN "CN=apache,CN=Users,DC=exfo,DC=com"*
*AuthLDAPBindPassword hi*
*require ldap-user irfsay1*
*</Location>*
but still it is not getting through.
please please suggest/help
Regards
Irf
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1888664
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: ldap authentication in subversion
Posted by Andrey Repin <an...@freemail.ru>.
Greetings, Irfan Sayed!
>> We are using subversion I just waneted to check can we use windows domain
>> controller for authentication. what i need is they should login
>> to subversion using their windows username and password.
> Try mod_auth_sspi
Sorry, disregard my post. It only works if you're hosting your repository from
windows station.
--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 24.04.2009, <19:56>
Sorry for my terrible english...
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1894382
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: ldap authentication in subversion
Posted by Andrey Repin <an...@freemail.ru>.
Greetings, Irfan Sayed!
> We are using subversion I just waneted to check can we use windows domain
> controller for authentication. what i need is they should login
> to subversion using their windows username and password.
Try mod_auth_sspi
http://www.nosq.com/blog/2008/06/fixing-mod_auth_sspi-and-ie-losing-post-data/
Not that svn works transparently with SSPI, like CVSNT does, but it works.
I have it set to authenticate against local user database, but setting it to
auth against domain, even couple of domains, isn't hard.
Here's my config, you could use it as starting point:
<VirtualHost *>
ServerName svn.mydomain.local
DocumentRoot "C:/home/svn"
AddDefaultCharset utf-8
ErrorLog "C:/home/svn/.log/error_log"
CustomLog "C:/home/svn/.log/access_log" common env=!SVN-ACTION
CustomLog "C:/home/svn/.log/svn_access_log" svn env=SVN-ACTION
<IfModule rewrite_module>
RewriteLog "C:/home/svn/.log/rewrite_log"
RewriteLogLevel 0
RewriteEngine On
# Necessary precaution
RewriteRule "^/\..*" - [forbidden,last]
# Important fix for http://host/repos redirect bug
RewriteCond "%{REQUEST_METHOD}" !"^(GET|POST|HEAD)$"
RewriteCond "%{REQUEST_FILENAME}" "^/([^/\.]+)$"
RewriteCond "C:/home/svn/%1" -d
RewriteRule "^/([^/\.]+)$" "/$1/" [passthrough]
</IfModule>
<Location "/">
Order allow,deny
Allow from 192.168.1.10
<IfModule dav_svn_module>
DAV svn
SVNParentPath "C:/home/svn"
</IfModule>
<IfModule sspi_auth_module>
Allow from all
AuthName "Subversion repository"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOfferBasic On
SSPIOmitDomain On
SSPIUsernameCase lower
SSPIBasicPreferred On
# only developers may access the repository
Require group "HOSTNAME\CVS"
# And they should obey to SVN user permissions file
<IfModule authz_svn_module>
AuthzSVNAccessFile "C:/home/svn/.registry"
</IfModule>
</IfModule>
</Location>
</VirtualHost>
--
WBR,
Andrey Repin (anrdaemon@freemail.ru) 24.04.2009, <19:42>
Sorry for my terrible english...
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1894350
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Re: ldap authentication in subversion
Posted by Irfan Sayed <ir...@gmail.com>.
i tried with space and without space but still it is not working...
i verified with the IT dept. and they said that we have disabled the ldap
based authentication
so now, i think i need to use NTLM based apache unix authentication
did somebody use that?? any feedback???
Regards
Irf
On Mon, Apr 27, 2009 at 6:06 PM, Carlos Alberto Costa Beppler <
beppler@gmail.com> wrote:
> Just for check.
>
> Is there a space between "jaba_1234" and
> "(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=irfsay1)"
> in your command line?
>
> On Mon, Apr 27, 2009 at 06:27, Irfan Sayed <ir...@gmail.com> wrote:
> > Hi,
> > Thanks for correcting me. Now i am getting "invalid credential error"
> > though i have the correct username and password
> > here it is
> >
> > [root@svntest svn]# ldapsearch -c -x -h exfo.com -p 389 -b
> > dc=exfo,dc=com -D "CN=irfsay1,CN=Users,DC=exfo,DC=com" -w
> >
> "jaba_1234""(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=irfsay1)"
> > ldap_bind: Invalid credentials (49)
> > additional info: 80090308: LdapErr: DSID-0C090334, comment:
> > AcceptSecurityContext error, data 525, vece
> > [root@svntest svn]#
> >
> > please advice.
> >
> > Regards
> > Irf
> >
> >
> > On 4/27/09, Johan Corveleyn <jo...@uz.kuleuven.ac.be> wrote:
> >> Typo: your Apache config talks to "ldap://exfo.com...", the ldapsearch
> >> command to "exf0.com". Change the exf0.com after -h to exfo.com, and
> the
> >> ldapsearch command should work ... (or at least behave the same as
> through
> >> Apache)
> >>
> >> Johan
> >>
> >> -----Oorspronkelijk bericht-----
> >> Van: Irfan Sayed [mailto:irfu.sayed@gmail.com]
> >> Verzonden: maandag 27 april 2009 9:13
> >> Aan: Carlos Alberto Costa Beppler
> >> CC: Tyler Roscoe; users@subversion.tigris.org
> >> Onderwerp: Re: Re: ldap authentication in subversion
> >>
> >> Hi All,
> >>
> >> I have fired the command as follows.
> >> ldapsearch -c -x -h exf0.com -p 389 -b dc=exfo,dc=com -D
> >> "CN=irfsay1,CN=Users,DC=exfo,DC=com" -w
> >>
> "jaba_1234""(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=irfsay1)"
> >> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
> >> [root@svntest logs]#
> >>
> >> but it says "cant connect to LDAP server". but through apache i am
> >> getting pasword mismatch error
> >>
> >> Regards
> >> Irf.
> >>
> >>
> >> On 4/24/09, Carlos Alberto Costa Beppler <be...@gmail.com> wrote:
> >>> Try to run the following line on the unix machine shell:
> >>>
> >>> ldapsearch -x -h exf0.com -p 389 -b dc=exfo,dc=com -D
> >>> "CN=irfsay1,CN=Users,DC=exfo,DC=com" -w "jaba_1234"
> >>>
> "(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=irfsay1)"
> >>>
> >>> It will do the binding using the same credentials passed on your
> >>> configuration and search for the user the same way of apache is doing.
> >>>
> >>> It will not verify the user password. It only will test the bind to
> >>> ldap server and the search for user being authenticated.
> >>>
> >>> On Fri, Apr 24, 2009 at 14:01, Irfan Sayed <ir...@gmail.com>
> wrote:
> >>>> Hi,
> >>>>
> >>>> now i have updated httpd.conf file and it looks as follows
> >>>>
> >>>> <Location "/svn">
> >>>> DAV svn
> >>>> SVNParentPath /usr/local/svn
> >>>> SVNListParentPath On
> >>>> SVNAutoversioning On
> >>>> AuthBasicProvider ldap
> >>>> AuthType Basic
> >>>> AuthzLDAPAuthoritative off
> >>>> AuthName "My"
> >>>> AuthLDAPURL
> >>>> "ldap://
> exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?(&(objectClass=user)(objectCategory=person))
> "
> >>>> AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo,DC=com"
> >>>> AuthLDAPBindPassword jaba_1234
> >>>> AuthzSVNAccessFile /etc/subversion/acl
> >>>> require valid-user
> >>>> # require ldap-user
> >>>>
> >>>> </Location>
> >>>>
> >>>> but still the error is "password mismatch"
> >>>>
> >>>> please advice
> >>>>
> >>>> Regards
> >>>> Irf
> >>>>
> >>>> On 4/24/09, Tyler Roscoe <ty...@cryptio.net> wrote:
> >>>>> On Fri, Apr 24, 2009 at 09:42:24PM +0530, Irfan Sayed wrote:
> >>>>>> Please please advice
> >>>>>
> >>>>> I think bumping your own posts like this, especially after less than
> 1
> >>>>> hour, and double especially when a whole boatload of people are
> already
> >>>>> trying to help you, is pretty rude.
> >>>>>
> >>>>> I don't know anything about ldap auth so maybe you don't care about
> me,
> >>>>> but you might want to be aware of the impression you are making in
> the
> >>>>> community.
> >>>>>
> >>>>> tyler
> >>>>>
> >>>>
> >>>> ------------------------------------------------------
> >>>>
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1895182
> >>>>
> >>>> To unsubscribe from this discussion, e-mail:
> >>>> [users-unsubscribe@subversion.tigris.org].
> >>>>
> >>>
> >>
> >> ------------------------------------------------------
> >>
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1941501
> >>
> >> To unsubscribe from this discussion, e-mail:
> >> [users-unsubscribe@subversion.tigris.org].
> >>
> >
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1979174
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Re: ldap authentication in subversion
Posted by Carlos Beppler <be...@gmail.com>.
Just for check.
Is there a space between "jaba_1234" and
"(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=irfsay1)"
in your command line?
On Mon, Apr 27, 2009 at 06:27, Irfan Sayed <ir...@gmail.com> wrote:
> Hi,
> Thanks for correcting me. Now i am getting "invalid credential error"
> though i have the correct username and password
> here it is
>
> [root@svntest svn]# ldapsearch -c -x -h exfo.com -p 389 -b
> dc=exfo,dc=com -D "CN=irfsay1,CN=Users,DC=exfo,DC=com" -w
> "jaba_1234""(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=irfsay1)"
> ldap_bind: Invalid credentials (49)
> additional info: 80090308: LdapErr: DSID-0C090334, comment:
> AcceptSecurityContext error, data 525, vece
> [root@svntest svn]#
>
> please advice.
>
> Regards
> Irf
>
>
> On 4/27/09, Johan Corveleyn <jo...@uz.kuleuven.ac.be> wrote:
>> Typo: your Apache config talks to "ldap://exfo.com...", the ldapsearch
>> command to "exf0.com". Change the exf0.com after -h to exfo.com, and the
>> ldapsearch command should work ... (or at least behave the same as through
>> Apache)
>>
>> Johan
>>
>> -----Oorspronkelijk bericht-----
>> Van: Irfan Sayed [mailto:irfu.sayed@gmail.com]
>> Verzonden: maandag 27 april 2009 9:13
>> Aan: Carlos Alberto Costa Beppler
>> CC: Tyler Roscoe; users@subversion.tigris.org
>> Onderwerp: Re: Re: ldap authentication in subversion
>>
>> Hi All,
>>
>> I have fired the command as follows.
>> ldapsearch -c -x -h exf0.com -p 389 -b dc=exfo,dc=com -D
>> "CN=irfsay1,CN=Users,DC=exfo,DC=com" -w
>> "jaba_1234""(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=irfsay1)"
>> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>> [root@svntest logs]#
>>
>> but it says "cant connect to LDAP server". but through apache i am
>> getting pasword mismatch error
>>
>> Regards
>> Irf.
>>
>>
>> On 4/24/09, Carlos Alberto Costa Beppler <be...@gmail.com> wrote:
>>> Try to run the following line on the unix machine shell:
>>>
>>> ldapsearch -x -h exf0.com -p 389 -b dc=exfo,dc=com -D
>>> "CN=irfsay1,CN=Users,DC=exfo,DC=com" -w "jaba_1234"
>>> "(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=irfsay1)"
>>>
>>> It will do the binding using the same credentials passed on your
>>> configuration and search for the user the same way of apache is doing.
>>>
>>> It will not verify the user password. It only will test the bind to
>>> ldap server and the search for user being authenticated.
>>>
>>> On Fri, Apr 24, 2009 at 14:01, Irfan Sayed <ir...@gmail.com> wrote:
>>>> Hi,
>>>>
>>>> now i have updated httpd.conf file and it looks as follows
>>>>
>>>> <Location "/svn">
>>>> DAV svn
>>>> SVNParentPath /usr/local/svn
>>>> SVNListParentPath On
>>>> SVNAutoversioning On
>>>> AuthBasicProvider ldap
>>>> AuthType Basic
>>>> AuthzLDAPAuthoritative off
>>>> AuthName "My"
>>>> AuthLDAPURL
>>>> "ldap://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?(&(objectClass=user)(objectCategory=person))"
>>>> AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo,DC=com"
>>>> AuthLDAPBindPassword jaba_1234
>>>> AuthzSVNAccessFile /etc/subversion/acl
>>>> require valid-user
>>>> # require ldap-user
>>>>
>>>> </Location>
>>>>
>>>> but still the error is "password mismatch"
>>>>
>>>> please advice
>>>>
>>>> Regards
>>>> Irf
>>>>
>>>> On 4/24/09, Tyler Roscoe <ty...@cryptio.net> wrote:
>>>>> On Fri, Apr 24, 2009 at 09:42:24PM +0530, Irfan Sayed wrote:
>>>>>> Please please advice
>>>>>
>>>>> I think bumping your own posts like this, especially after less than 1
>>>>> hour, and double especially when a whole boatload of people are already
>>>>> trying to help you, is pretty rude.
>>>>>
>>>>> I don't know anything about ldap auth so maybe you don't care about me,
>>>>> but you might want to be aware of the impression you are making in the
>>>>> community.
>>>>>
>>>>> tyler
>>>>>
>>>>
>>>> ------------------------------------------------------
>>>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1895182
>>>>
>>>> To unsubscribe from this discussion, e-mail:
>>>> [users-unsubscribe@subversion.tigris.org].
>>>>
>>>
>>
>> ------------------------------------------------------
>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1941501
>>
>> To unsubscribe from this discussion, e-mail:
>> [users-unsubscribe@subversion.tigris.org].
>>
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1945279
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Re: ldap authentication in subversion
Posted by Irfan Sayed <ir...@gmail.com>.
I really thankful to all for such a nice help.
really appreciate.
i will investigate further and let you know result
Regards
Irf
On 4/27/09, Johan Corveleyn <jo...@uz.kuleuven.ac.be> wrote:
> Ok, so far we've established that:
> A. The current problem is not related to SVN
> B. The current problem is not even related to Apache or mod_authzn_ldap
>
> Currently, I think it's just that you cannot login into your LDAP server
> with the credentials "CN=irfsay1,CN=Users,DC=exfo,DC=com" and password
> "jaba_1234" (I'm guessing either wrong user CN, wrong password
> (case-sensitive of course), or something with the password being locked for
> some reason). So I think it's best that you try to solve this with your
> local sysadmin/ldap administrator/ldap guru/... (or try googling for ldap
> related problems with the error message you've got).
>
> I don't know whether there is much more we can do on the svn-users list to
> help you.
>
> Regards,
> Johan
>
> -----Oorspronkelijk bericht-----
> Van: Irfan Sayed [mailto:irfu.sayed@gmail.com]
> Verzonden: maandag 27 april 2009 11:27
> Aan: Johan Corveleyn
> CC: Carlos Alberto Costa Beppler; Tyler Roscoe; users@subversion.tigris.org
> Onderwerp: Re: Re: ldap authentication in subversion
>
> Hi,
> Thanks for correcting me. Now i am getting "invalid credential error"
> though i have the correct username and password
> here it is
>
> [root@svntest svn]# ldapsearch -c -x -h exfo.com -p 389 -b
> dc=exfo,dc=com -D "CN=irfsay1,CN=Users,DC=exfo,DC=com" -w
> "jaba_1234""(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=irfsay1)"
> ldap_bind: Invalid credentials (49)
> additional info: 80090308: LdapErr: DSID-0C090334, comment:
> AcceptSecurityContext error, data 525, vece
> [root@svntest svn]#
>
> please advice.
>
> Regards
> Irf
>
>
> On 4/27/09, Johan Corveleyn <jo...@uz.kuleuven.ac.be> wrote:
>> Typo: your Apache config talks to "ldap://exfo.com...", the ldapsearch
>> command to "exf0.com". Change the exf0.com after -h to exfo.com, and the
>> ldapsearch command should work ... (or at least behave the same as through
>> Apache)
>>
>> Johan
>>
>> -----Oorspronkelijk bericht-----
>> Van: Irfan Sayed [mailto:irfu.sayed@gmail.com]
>> Verzonden: maandag 27 april 2009 9:13
>> Aan: Carlos Alberto Costa Beppler
>> CC: Tyler Roscoe; users@subversion.tigris.org
>> Onderwerp: Re: Re: ldap authentication in subversion
>>
>> Hi All,
>>
>> I have fired the command as follows.
>> ldapsearch -c -x -h exf0.com -p 389 -b dc=exfo,dc=com -D
>> "CN=irfsay1,CN=Users,DC=exfo,DC=com" -w
>> "jaba_1234""(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=irfsay1)"
>> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>> [root@svntest logs]#
>>
>> but it says "cant connect to LDAP server". but through apache i am
>> getting pasword mismatch error
>>
>> Regards
>> Irf.
>>
>>
>> On 4/24/09, Carlos Alberto Costa Beppler <be...@gmail.com> wrote:
>>> Try to run the following line on the unix machine shell:
>>>
>>> ldapsearch -x -h exf0.com -p 389 -b dc=exfo,dc=com -D
>>> "CN=irfsay1,CN=Users,DC=exfo,DC=com" -w "jaba_1234"
>>> "(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=irfsay1)"
>>>
>>> It will do the binding using the same credentials passed on your
>>> configuration and search for the user the same way of apache is doing.
>>>
>>> It will not verify the user password. It only will test the bind to
>>> ldap server and the search for user being authenticated.
>>>
>>> On Fri, Apr 24, 2009 at 14:01, Irfan Sayed <ir...@gmail.com> wrote:
>>>> Hi,
>>>>
>>>> now i have updated httpd.conf file and it looks as follows
>>>>
>>>> <Location "/svn">
>>>> DAV svn
>>>> SVNParentPath /usr/local/svn
>>>> SVNListParentPath On
>>>> SVNAutoversioning On
>>>> AuthBasicProvider ldap
>>>> AuthType Basic
>>>> AuthzLDAPAuthoritative off
>>>> AuthName "My"
>>>> AuthLDAPURL
>>>> "ldap://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?(&(objectClass=user)(objectCategory=person))"
>>>> AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo,DC=com"
>>>> AuthLDAPBindPassword jaba_1234
>>>> AuthzSVNAccessFile /etc/subversion/acl
>>>> require valid-user
>>>> # require ldap-user
>>>>
>>>> </Location>
>>>>
>>>> but still the error is "password mismatch"
>>>>
>>>> please advice
>>>>
>>>> Regards
>>>> Irf
>>>>
>>>> On 4/24/09, Tyler Roscoe <ty...@cryptio.net> wrote:
>>>>> On Fri, Apr 24, 2009 at 09:42:24PM +0530, Irfan Sayed wrote:
>>>>>> Please please advice
>>>>>
>>>>> I think bumping your own posts like this, especially after less than 1
>>>>> hour, and double especially when a whole boatload of people are already
>>>>> trying to help you, is pretty rude.
>>>>>
>>>>> I don't know anything about ldap auth so maybe you don't care about me,
>>>>> but you might want to be aware of the impression you are making in the
>>>>> community.
>>>>>
>>>>> tyler
>>>>>
>>>>
>>>> ------------------------------------------------------
>>>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1895182
>>>>
>>>> To unsubscribe from this discussion, e-mail:
>>>> [users-unsubscribe@subversion.tigris.org].
>>>>
>>>
>>
>> ------------------------------------------------------
>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1941501
>>
>> To unsubscribe from this discussion, e-mail:
>> [users-unsubscribe@subversion.tigris.org].
>>
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1944379
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
RE: Re: ldap authentication in subversion
Posted by Johan Corveleyn <jo...@uz.kuleuven.ac.be>.
Ok, so far we've established that:
A. The current problem is not related to SVN
B. The current problem is not even related to Apache or mod_authzn_ldap
Currently, I think it's just that you cannot login into your LDAP server with the credentials "CN=irfsay1,CN=Users,DC=exfo,DC=com" and password "jaba_1234" (I'm guessing either wrong user CN, wrong password (case-sensitive of course), or something with the password being locked for some reason). So I think it's best that you try to solve this with your local sysadmin/ldap administrator/ldap guru/... (or try googling for ldap related problems with the error message you've got).
I don't know whether there is much more we can do on the svn-users list to help you.
Regards,
Johan
-----Oorspronkelijk bericht-----
Van: Irfan Sayed [mailto:irfu.sayed@gmail.com]
Verzonden: maandag 27 april 2009 11:27
Aan: Johan Corveleyn
CC: Carlos Alberto Costa Beppler; Tyler Roscoe; users@subversion.tigris.org
Onderwerp: Re: Re: ldap authentication in subversion
Hi,
Thanks for correcting me. Now i am getting "invalid credential error"
though i have the correct username and password
here it is
[root@svntest svn]# ldapsearch -c -x -h exfo.com -p 389 -b
dc=exfo,dc=com -D "CN=irfsay1,CN=Users,DC=exfo,DC=com" -w
"jaba_1234""(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=irfsay1)"
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C090334, comment:
AcceptSecurityContext error, data 525, vece
[root@svntest svn]#
please advice.
Regards
Irf
On 4/27/09, Johan Corveleyn <jo...@uz.kuleuven.ac.be> wrote:
> Typo: your Apache config talks to "ldap://exfo.com...", the ldapsearch
> command to "exf0.com". Change the exf0.com after -h to exfo.com, and the
> ldapsearch command should work ... (or at least behave the same as through
> Apache)
>
> Johan
>
> -----Oorspronkelijk bericht-----
> Van: Irfan Sayed [mailto:irfu.sayed@gmail.com]
> Verzonden: maandag 27 april 2009 9:13
> Aan: Carlos Alberto Costa Beppler
> CC: Tyler Roscoe; users@subversion.tigris.org
> Onderwerp: Re: Re: ldap authentication in subversion
>
> Hi All,
>
> I have fired the command as follows.
> ldapsearch -c -x -h exf0.com -p 389 -b dc=exfo,dc=com -D
> "CN=irfsay1,CN=Users,DC=exfo,DC=com" -w
> "jaba_1234""(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=irfsay1)"
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
> [root@svntest logs]#
>
> but it says "cant connect to LDAP server". but through apache i am
> getting pasword mismatch error
>
> Regards
> Irf.
>
>
> On 4/24/09, Carlos Alberto Costa Beppler <be...@gmail.com> wrote:
>> Try to run the following line on the unix machine shell:
>>
>> ldapsearch -x -h exf0.com -p 389 -b dc=exfo,dc=com -D
>> "CN=irfsay1,CN=Users,DC=exfo,DC=com" -w "jaba_1234"
>> "(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=irfsay1)"
>>
>> It will do the binding using the same credentials passed on your
>> configuration and search for the user the same way of apache is doing.
>>
>> It will not verify the user password. It only will test the bind to
>> ldap server and the search for user being authenticated.
>>
>> On Fri, Apr 24, 2009 at 14:01, Irfan Sayed <ir...@gmail.com> wrote:
>>> Hi,
>>>
>>> now i have updated httpd.conf file and it looks as follows
>>>
>>> <Location "/svn">
>>> DAV svn
>>> SVNParentPath /usr/local/svn
>>> SVNListParentPath On
>>> SVNAutoversioning On
>>> AuthBasicProvider ldap
>>> AuthType Basic
>>> AuthzLDAPAuthoritative off
>>> AuthName "My"
>>> AuthLDAPURL
>>> "ldap://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?(&(objectClass=user)(objectCategory=person))"
>>> AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo,DC=com"
>>> AuthLDAPBindPassword jaba_1234
>>> AuthzSVNAccessFile /etc/subversion/acl
>>> require valid-user
>>> # require ldap-user
>>>
>>> </Location>
>>>
>>> but still the error is "password mismatch"
>>>
>>> please advice
>>>
>>> Regards
>>> Irf
>>>
>>> On 4/24/09, Tyler Roscoe <ty...@cryptio.net> wrote:
>>>> On Fri, Apr 24, 2009 at 09:42:24PM +0530, Irfan Sayed wrote:
>>>>> Please please advice
>>>>
>>>> I think bumping your own posts like this, especially after less than 1
>>>> hour, and double especially when a whole boatload of people are already
>>>> trying to help you, is pretty rude.
>>>>
>>>> I don't know anything about ldap auth so maybe you don't care about me,
>>>> but you might want to be aware of the impression you are making in the
>>>> community.
>>>>
>>>> tyler
>>>>
>>>
>>> ------------------------------------------------------
>>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1895182
>>>
>>> To unsubscribe from this discussion, e-mail:
>>> [users-unsubscribe@subversion.tigris.org].
>>>
>>
>
> ------------------------------------------------------
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1941501
>
> To unsubscribe from this discussion, e-mail:
> [users-unsubscribe@subversion.tigris.org].
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1943106
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Re: ldap authentication in subversion
Posted by Irfan Sayed <ir...@gmail.com>.
Hi,
Thanks for correcting me. Now i am getting "invalid credential error"
though i have the correct username and password
here it is
[root@svntest svn]# ldapsearch -c -x -h exfo.com -p 389 -b
dc=exfo,dc=com -D "CN=irfsay1,CN=Users,DC=exfo,DC=com" -w
"jaba_1234""(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=irfsay1)"
ldap_bind: Invalid credentials (49)
additional info: 80090308: LdapErr: DSID-0C090334, comment:
AcceptSecurityContext error, data 525, vece
[root@svntest svn]#
please advice.
Regards
Irf
On 4/27/09, Johan Corveleyn <jo...@uz.kuleuven.ac.be> wrote:
> Typo: your Apache config talks to "ldap://exfo.com...", the ldapsearch
> command to "exf0.com". Change the exf0.com after -h to exfo.com, and the
> ldapsearch command should work ... (or at least behave the same as through
> Apache)
>
> Johan
>
> -----Oorspronkelijk bericht-----
> Van: Irfan Sayed [mailto:irfu.sayed@gmail.com]
> Verzonden: maandag 27 april 2009 9:13
> Aan: Carlos Alberto Costa Beppler
> CC: Tyler Roscoe; users@subversion.tigris.org
> Onderwerp: Re: Re: ldap authentication in subversion
>
> Hi All,
>
> I have fired the command as follows.
> ldapsearch -c -x -h exf0.com -p 389 -b dc=exfo,dc=com -D
> "CN=irfsay1,CN=Users,DC=exfo,DC=com" -w
> "jaba_1234""(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=irfsay1)"
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
> [root@svntest logs]#
>
> but it says "cant connect to LDAP server". but through apache i am
> getting pasword mismatch error
>
> Regards
> Irf.
>
>
> On 4/24/09, Carlos Alberto Costa Beppler <be...@gmail.com> wrote:
>> Try to run the following line on the unix machine shell:
>>
>> ldapsearch -x -h exf0.com -p 389 -b dc=exfo,dc=com -D
>> "CN=irfsay1,CN=Users,DC=exfo,DC=com" -w "jaba_1234"
>> "(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=irfsay1)"
>>
>> It will do the binding using the same credentials passed on your
>> configuration and search for the user the same way of apache is doing.
>>
>> It will not verify the user password. It only will test the bind to
>> ldap server and the search for user being authenticated.
>>
>> On Fri, Apr 24, 2009 at 14:01, Irfan Sayed <ir...@gmail.com> wrote:
>>> Hi,
>>>
>>> now i have updated httpd.conf file and it looks as follows
>>>
>>> <Location "/svn">
>>> DAV svn
>>> SVNParentPath /usr/local/svn
>>> SVNListParentPath On
>>> SVNAutoversioning On
>>> AuthBasicProvider ldap
>>> AuthType Basic
>>> AuthzLDAPAuthoritative off
>>> AuthName "My"
>>> AuthLDAPURL
>>> "ldap://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?(&(objectClass=user)(objectCategory=person))"
>>> AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo,DC=com"
>>> AuthLDAPBindPassword jaba_1234
>>> AuthzSVNAccessFile /etc/subversion/acl
>>> require valid-user
>>> # require ldap-user
>>>
>>> </Location>
>>>
>>> but still the error is "password mismatch"
>>>
>>> please advice
>>>
>>> Regards
>>> Irf
>>>
>>> On 4/24/09, Tyler Roscoe <ty...@cryptio.net> wrote:
>>>> On Fri, Apr 24, 2009 at 09:42:24PM +0530, Irfan Sayed wrote:
>>>>> Please please advice
>>>>
>>>> I think bumping your own posts like this, especially after less than 1
>>>> hour, and double especially when a whole boatload of people are already
>>>> trying to help you, is pretty rude.
>>>>
>>>> I don't know anything about ldap auth so maybe you don't care about me,
>>>> but you might want to be aware of the impression you are making in the
>>>> community.
>>>>
>>>> tyler
>>>>
>>>
>>> ------------------------------------------------------
>>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1895182
>>>
>>> To unsubscribe from this discussion, e-mail:
>>> [users-unsubscribe@subversion.tigris.org].
>>>
>>
>
> ------------------------------------------------------
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1941501
>
> To unsubscribe from this discussion, e-mail:
> [users-unsubscribe@subversion.tigris.org].
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1942756
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
RE: Re: ldap authentication in subversion
Posted by Johan Corveleyn <jo...@uz.kuleuven.ac.be>.
Typo: your Apache config talks to "ldap://exfo.com...", the ldapsearch command to "exf0.com". Change the exf0.com after -h to exfo.com, and the ldapsearch command should work ... (or at least behave the same as through Apache)
Johan
-----Oorspronkelijk bericht-----
Van: Irfan Sayed [mailto:irfu.sayed@gmail.com]
Verzonden: maandag 27 april 2009 9:13
Aan: Carlos Alberto Costa Beppler
CC: Tyler Roscoe; users@subversion.tigris.org
Onderwerp: Re: Re: ldap authentication in subversion
Hi All,
I have fired the command as follows.
ldapsearch -c -x -h exf0.com -p 389 -b dc=exfo,dc=com -D
"CN=irfsay1,CN=Users,DC=exfo,DC=com" -w
"jaba_1234""(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=irfsay1)"
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
[root@svntest logs]#
but it says "cant connect to LDAP server". but through apache i am
getting pasword mismatch error
Regards
Irf.
On 4/24/09, Carlos Alberto Costa Beppler <be...@gmail.com> wrote:
> Try to run the following line on the unix machine shell:
>
> ldapsearch -x -h exf0.com -p 389 -b dc=exfo,dc=com -D
> "CN=irfsay1,CN=Users,DC=exfo,DC=com" -w "jaba_1234"
> "(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=irfsay1)"
>
> It will do the binding using the same credentials passed on your
> configuration and search for the user the same way of apache is doing.
>
> It will not verify the user password. It only will test the bind to
> ldap server and the search for user being authenticated.
>
> On Fri, Apr 24, 2009 at 14:01, Irfan Sayed <ir...@gmail.com> wrote:
>> Hi,
>>
>> now i have updated httpd.conf file and it looks as follows
>>
>> <Location "/svn">
>> DAV svn
>> SVNParentPath /usr/local/svn
>> SVNListParentPath On
>> SVNAutoversioning On
>> AuthBasicProvider ldap
>> AuthType Basic
>> AuthzLDAPAuthoritative off
>> AuthName "My"
>> AuthLDAPURL
>> "ldap://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?(&(objectClass=user)(objectCategory=person))"
>> AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo,DC=com"
>> AuthLDAPBindPassword jaba_1234
>> AuthzSVNAccessFile /etc/subversion/acl
>> require valid-user
>> # require ldap-user
>>
>> </Location>
>>
>> but still the error is "password mismatch"
>>
>> please advice
>>
>> Regards
>> Irf
>>
>> On 4/24/09, Tyler Roscoe <ty...@cryptio.net> wrote:
>>> On Fri, Apr 24, 2009 at 09:42:24PM +0530, Irfan Sayed wrote:
>>>> Please please advice
>>>
>>> I think bumping your own posts like this, especially after less than 1
>>> hour, and double especially when a whole boatload of people are already
>>> trying to help you, is pretty rude.
>>>
>>> I don't know anything about ldap auth so maybe you don't care about me,
>>> but you might want to be aware of the impression you are making in the
>>> community.
>>>
>>> tyler
>>>
>>
>> ------------------------------------------------------
>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1895182
>>
>> To unsubscribe from this discussion, e-mail:
>> [users-unsubscribe@subversion.tigris.org].
>>
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1941501
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1942101
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Re: ldap authentication in subversion
Posted by Irfan Sayed <ir...@gmail.com>.
Hi All,
I have fired the command as follows.
ldapsearch -c -x -h exf0.com -p 389 -b dc=exfo,dc=com -D
"CN=irfsay1,CN=Users,DC=exfo,DC=com" -w
"jaba_1234""(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=irfsay1)"
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
[root@svntest logs]#
but it says "cant connect to LDAP server". but through apache i am
getting pasword mismatch error
Regards
Irf.
On 4/24/09, Carlos Alberto Costa Beppler <be...@gmail.com> wrote:
> Try to run the following line on the unix machine shell:
>
> ldapsearch -x -h exf0.com -p 389 -b dc=exfo,dc=com -D
> "CN=irfsay1,CN=Users,DC=exfo,DC=com" -w "jaba_1234"
> "(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=irfsay1)"
>
> It will do the binding using the same credentials passed on your
> configuration and search for the user the same way of apache is doing.
>
> It will not verify the user password. It only will test the bind to
> ldap server and the search for user being authenticated.
>
> On Fri, Apr 24, 2009 at 14:01, Irfan Sayed <ir...@gmail.com> wrote:
>> Hi,
>>
>> now i have updated httpd.conf file and it looks as follows
>>
>> <Location "/svn">
>> DAV svn
>> SVNParentPath /usr/local/svn
>> SVNListParentPath On
>> SVNAutoversioning On
>> AuthBasicProvider ldap
>> AuthType Basic
>> AuthzLDAPAuthoritative off
>> AuthName "My"
>> AuthLDAPURL
>> "ldap://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?(&(objectClass=user)(objectCategory=person))"
>> AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo,DC=com"
>> AuthLDAPBindPassword jaba_1234
>> AuthzSVNAccessFile /etc/subversion/acl
>> require valid-user
>> # require ldap-user
>>
>> </Location>
>>
>> but still the error is "password mismatch"
>>
>> please advice
>>
>> Regards
>> Irf
>>
>> On 4/24/09, Tyler Roscoe <ty...@cryptio.net> wrote:
>>> On Fri, Apr 24, 2009 at 09:42:24PM +0530, Irfan Sayed wrote:
>>>> Please please advice
>>>
>>> I think bumping your own posts like this, especially after less than 1
>>> hour, and double especially when a whole boatload of people are already
>>> trying to help you, is pretty rude.
>>>
>>> I don't know anything about ldap auth so maybe you don't care about me,
>>> but you might want to be aware of the impression you are making in the
>>> community.
>>>
>>> tyler
>>>
>>
>> ------------------------------------------------------
>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1895182
>>
>> To unsubscribe from this discussion, e-mail:
>> [users-unsubscribe@subversion.tigris.org].
>>
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1941501
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Re: ldap authentication in subversion
Posted by Carlos Beppler <be...@gmail.com>.
Try to run the following line on the unix machine shell:
ldapsearch -x -h exf0.com -p 389 -b dc=exfo,dc=com -D
"CN=irfsay1,CN=Users,DC=exfo,DC=com" -w "jaba_1234"
"(&(&(objectClass=user)(objectCategory=person))(sAMAccountName=irfsay1)"
It will do the binding using the same credentials passed on your
configuration and search for the user the same way of apache is doing.
It will not verify the user password. It only will test the bind to
ldap server and the search for user being authenticated.
On Fri, Apr 24, 2009 at 14:01, Irfan Sayed <ir...@gmail.com> wrote:
> Hi,
>
> now i have updated httpd.conf file and it looks as follows
>
> <Location "/svn">
> DAV svn
> SVNParentPath /usr/local/svn
> SVNListParentPath On
> SVNAutoversioning On
> AuthBasicProvider ldap
> AuthType Basic
> AuthzLDAPAuthoritative off
> AuthName "My"
> AuthLDAPURL
> "ldap://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?(&(objectClass=user)(objectCategory=person))"
> AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo,DC=com"
> AuthLDAPBindPassword jaba_1234
> AuthzSVNAccessFile /etc/subversion/acl
> require valid-user
> # require ldap-user
>
> </Location>
>
> but still the error is "password mismatch"
>
> please advice
>
> Regards
> Irf
>
> On 4/24/09, Tyler Roscoe <ty...@cryptio.net> wrote:
>> On Fri, Apr 24, 2009 at 09:42:24PM +0530, Irfan Sayed wrote:
>>> Please please advice
>>
>> I think bumping your own posts like this, especially after less than 1
>> hour, and double especially when a whole boatload of people are already
>> trying to help you, is pretty rude.
>>
>> I don't know anything about ldap auth so maybe you don't care about me,
>> but you might want to be aware of the impression you are making in the
>> community.
>>
>> tyler
>>
>
> ------------------------------------------------------
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1895182
>
> To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1895880
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Re: ldap authentication in subversion
Posted by Irfan Sayed <ir...@gmail.com>.
Hi,
now i have updated httpd.conf file and it looks as follows
<Location "/svn">
DAV svn
SVNParentPath /usr/local/svn
SVNListParentPath On
SVNAutoversioning On
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative off
AuthName "My"
AuthLDAPURL
"ldap://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?(&(objectClass=user)(objectCategory=person))"
AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo,DC=com"
AuthLDAPBindPassword jaba_1234
AuthzSVNAccessFile /etc/subversion/acl
require valid-user
# require ldap-user
</Location>
but still the error is "password mismatch"
please advice
Regards
Irf
On 4/24/09, Tyler Roscoe <ty...@cryptio.net> wrote:
> On Fri, Apr 24, 2009 at 09:42:24PM +0530, Irfan Sayed wrote:
>> Please please advice
>
> I think bumping your own posts like this, especially after less than 1
> hour, and double especially when a whole boatload of people are already
> trying to help you, is pretty rude.
>
> I don't know anything about ldap auth so maybe you don't care about me,
> but you might want to be aware of the impression you are making in the
> community.
>
> tyler
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1895182
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Re: ldap authentication in subversion
Posted by Tyler Roscoe <ty...@cryptio.net>.
On Fri, Apr 24, 2009 at 09:42:24PM +0530, Irfan Sayed wrote:
> Please please advice
I think bumping your own posts like this, especially after less than 1
hour, and double especially when a whole boatload of people are already
trying to help you, is pretty rude.
I don't know anything about ldap auth so maybe you don't care about me,
but you might want to be aware of the impression you are making in the
community.
tyler
Re: Re: ldap authentication in subversion
Posted by Irfan Sayed <ir...@gmail.com>.
Please please advice
Regards
Irf
On 4/24/09, Irfan Sayed <ir...@gmail.com> wrote:
> Hi All,
> it seems that some issues are resolved. here is the update.
> now my httpd.conf file looks as
> <Location "/svn">
> DAV svn
> SVNParentPath /usr/local/svn
> SVNListParentPath On
> SVNAutoversioning On
> AuthBasicProvider ldap
> AuthType Basic
> AuthzLDAPAuthoritative off
> AuthName "My "
> AuthLDAPURL
> "ldap://exfo.com:389/DC=exfo.com?sAMAccountName?sub?(objectClass=*)"
> AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo.com"
> AuthLDAPBindPassword jaba_1234
> AuthzSVNAccessFile /etc/subversion/acl
> # require ldap-group CN=irfsay1,CN=Users,DC=exfo.com
> require valid-user
> </location>
>
> and now i am getting error like "password mismatch"
> here are some error lines in log file.
>
> [Fri Apr 24 21:14:34 2009] [notice] Apache/2.2.11 (Unix) DAV/2
> SVN/1.5.4 configured -- resuming normal operations
> [Fri Apr 24 21:14:49 2009] [warn] [client 10.192.3.58] [8432]
> auth_ldap authenticate: user irfsay1 authentication failed; URI
> /svn/projects [LDAP: ldap_simple_bind_s() failed][Invalid credentials]
> [Fri Apr 24 21:14:49 2009] [error] [client 10.192.3.58] user irfsay1:
> authentication failure for "/svn/projects": Password Mismatch
> [Fri Apr 24 21:14:58 2009] [error] [client 10.192.3.58] File does not
> exist: /var/www/html/favicon.ico
> [root@svntest1 conf]#
>
> but i am typing correct password
> please please advice
>
> Regards
> irf
>
> On 4/24/09, Johan Corveleyn <jo...@uz.kuleuven.ac.be> wrote:
>> Well, since you specified the AuthLDAPURL as
>> "ldap://sppufls01.exfo.com:389/...", your Apache (or more specifically
>> the
>> mod_authnz_ldap module) will have to make connections to this url. This
>> means that, yes, your LDAP server must be accessible from the Apache
>> (SVN)
>> server through port 389.
>>
>> To troubleshoot this, try executing a "telnet sppufls01.exfo.com 389" on
>> the
>> command line of your Apache (SVN) server. If the connection is refused,
>> you
>> know you've got a network problem to solve first (either make the LDAP
>> server listen on that port, or check any firewalls that are in between
>> the
>> svn server and the LDAP server).
>>
>> Regards,
>> Johan
>>
>> Van: Irfan Sayed [mailto:irfu.sayed@gmail.com]
>> Verzonden: vrijdag 24 april 2009 17:17
>> Aan: Johan Corveleyn; webpost@tigris.org; users@subversion.tigris.org
>> Onderwerp: Re: Re: ldap authentication in subversion
>>
>> Hi All,
>> Thanks for helping me.
>> Here is the update
>>
>> first of all i dont have any directory as /usr/local/apache2. everything
>> is
>> present in /etc/httpd
>>
>> after doing some search for any latest patches for apache , yum utility
>> installed apr-util-ldap module.
>>
>> after installation when i tried again to see whether it is working or not
>> then it throws me an error like "internal server error"
>>
>> now in the error log i am getting some error like "unable to connect LDAP
>> server"
>>
>> is it neccessary that port 389 should be opened ??
>>
>> I have attached error log . please have a look
>> please please advice
>>
>> Regards
>> Irf
>> On Fri, Apr 24, 2009 at 6:38 PM, Johan Corveleyn
>> <jo...@uz.kuleuven.ac.be>>
>> wrote:
>> We had exactly the same problem (on Solaris 10 though): segfaults from
>> the
>> child processes of apache when it tries to authenticate via LDAP.
>>
>> The reason was that we had our Apache installed in a different location
>> than
>> the standard one (which is /usr/local/apache2). Could that be the case
>> with
>> your installation? Where does your Apache reside?
>>
>> After some truss'ing we found that it failed when trying to access
>> /usr/local/apache2/lib/apr-util-1/apr_ldap.so, which obviously didn't
>> exist
>> in our case. So, although the Solaris package we used to install Apache
>> supported specifying a custom installation directory, the installation
>> was
>> not exactly correct (some paths were hardcoded/compiled/linked/... to be
>> in
>> /usr/local/apache2).
>>
>> As a workaround we made a symlink from /usr/local/apache2/lib/apr-util-1
>> to
>> <location of apach2 lib>/apr-util-1. That solved the problem.
>>
>> Regards,
>> Johan
>>
>> -----Oorspronkelijk bericht-----
>> Van: Carlos Beppler [mailto:beppler@gmail.com<ma...@gmail.com>]
>> Verzonden: vrijdag 24 april 2009 14:55
>> Aan: Irfan Sayed
>> CC: webpost@tigris.org<ma...@tigris.org>;
>> users@subversion.tigris.org<ma...@subversion.tigris.org>
>> Onderwerp: Re: Re: ldap authentication in subversion
>>
>> It appears that your LDAP module is causing segmentation faults on the
>> child process.
>>
>> I do not have experience with Fedora (we use Debian here).
>>
>> You are loading the mod_authnz_ldap. Are you loading the mod_ldap too?
>> Look for this entries on your configuration files.
>>
>> LoadModule ldap_module /usr/lib/apache2/modules/mod_ldap.so
>>
>> LoadModule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so
>>
>>
>> [Fri Apr 24 11:00:12 2009] [debug] mod_authnz_ldap.c(377): [client
>> 10.192.2.195] [12733] auth_ldap authenticate: using URL
>> ldap://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?(objectClass=*)<http://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?%28objectClass=*%29>
>> [Fri Apr 24 11:00:13 2009] [notice] child pid 12733 exit signal
>> Segmentation fault (11)
>>
>>
>> On Fri, Apr 24, 2009 at 09:41, Irfan Sayed
>> <ir...@gmail.com>> wrote:
>>> Hi,
>>>
>>> Apache is running on Fedora 10 (Linux).
>>> I have attached error.log for your reference.
>>>
>>> Please please advice/help
>>>
>>> Regards
>>> Irf
>>>
>>>
>>> On 4/24/09, Carlos Alberto Costa Beppler
>>> <be...@gmail.com>> wrote:
>>>> If you are using Windows 2000 or later the port 389 is probably already
>>>> open.
>>>>
>>>> Is this apache on Windows or Linux? Can you send the contents of the
>>>> error log file from Apache?
>>>>
>>>> On Fri, Apr 24, 2009 at 09:10, Irfan Sayed
>>>> <ir...@gmail.com>> wrote:
>>>>> Sorry.
>>>>> Here is the updated one.
>>>>>
>>>>> <Location "/svn">
>>>>> DAV svn
>>>>> SVNParentPath /usr/local/svn
>>>>> SVNListParentPath On
>>>>> SVNAutoversioning On
>>>>> AuthBasicProvider ldap
>>>>> AuthType Basic
>>>>> AuthzLDAPAuthoritative off
>>>>> AuthName "My "
>>>>> AuthLDAPURL
>>>>> "ldap://sppufls01.exfo.com:389/DC=exfo.com?sAMAccountName?sub?(objectClass=*)<http://sppufls01.exfo.com:389/DC=exfo.com?sAMAccountName?sub?%28objectClass=*%29>"
>>>>> AuthLDAPBindDN
>>>>> "CN=irfsay1,CN=Users,DC=exfo.com<http://exfo.com>"
>>>>> AuthLDAPBindPassword jaba_1234
>>>>> AuthzSVNAccessFile /etc/subversion/acl
>>>>> # require ldap-group
>>>>> CN=irfsay1,CN=Users,DC=exfo.com<http://exfo.com>
>>>>> require valid-user
>>>>> </Location>
>>>>>
>>>>> Still it is not working. i think the problem is that 389 port might
>>>>> not be opened on the windows domain controller. Is it neccessary that
>>>>> it should be opened??
>>>>>
>>>>> Please advice
>>>>> Regards
>>>>> Irf
>>>>>
>>>>>
>>>>>
>>>>> On 4/24/09, webpost@tigris.org<ma...@tigris.org>
>>>>> <we...@tigris.org>> wrote:
>>>>>> Apparently from what you write here, you have two AuthLDAPBindDN
>>>>>> directives
>>>>>> in your httpd.conf.
>>>>>>
>>>>>> ------------------------------------------------------
>>>>>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1890469
>>>>>>
>>>>>> To unsubscribe from this discussion, e-mail:
>>>>>> [users-unsubscribe@subversion.tigris.org<ma...@subversion.tigris.org>].
>>>>>>
>>>>>
>>>>> ------------------------------------------------------
>>>>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891212
>>>>>
>>>>> To unsubscribe from this discussion, e-mail:
>>>>> [users-unsubscribe@subversion.tigris.org<ma...@subversion.tigris.org>].
>>>>>
>>>>
>>>
>>
>> ------------------------------------------------------
>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891762
>>
>> To unsubscribe from this discussion, e-mail:
>> [users-unsubscribe@subversion.tigris.org<ma...@subversion.tigris.org>].
>>
>>
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1894431
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Re: ldap authentication in subversion
Posted by Carlos Beppler <be...@gmail.com>.
Your AuthLDAPBindDN is wrong. It could be:
AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo,DC=com"
Or
AuthLDAPBindDN "irfsay1@exfo.com"
On Fri, Apr 24, 2009 at 12:51, Irfan Sayed <ir...@gmail.com> wrote:
> Hi All,
> it seems that some issues are resolved. here is the update.
> now my httpd.conf file looks as
> <Location "/svn">
> DAV svn
> SVNParentPath /usr/local/svn
> SVNListParentPath On
> SVNAutoversioning On
> AuthBasicProvider ldap
> AuthType Basic
> AuthzLDAPAuthoritative off
> AuthName "My "
> AuthLDAPURL
> "ldap://exfo.com:389/DC=exfo.com?sAMAccountName?sub?(objectClass=*)"
> AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo.com"
> AuthLDAPBindPassword jaba_1234
> AuthzSVNAccessFile /etc/subversion/acl
> # require ldap-group CN=irfsay1,CN=Users,DC=exfo.com
> require valid-user
> </location>
>
> and now i am getting error like "password mismatch"
> here are some error lines in log file.
>
> [Fri Apr 24 21:14:34 2009] [notice] Apache/2.2.11 (Unix) DAV/2
> SVN/1.5.4 configured -- resuming normal operations
> [Fri Apr 24 21:14:49 2009] [warn] [client 10.192.3.58] [8432]
> auth_ldap authenticate: user irfsay1 authentication failed; URI
> /svn/projects [LDAP: ldap_simple_bind_s() failed][Invalid credentials]
> [Fri Apr 24 21:14:49 2009] [error] [client 10.192.3.58] user irfsay1:
> authentication failure for "/svn/projects": Password Mismatch
> [Fri Apr 24 21:14:58 2009] [error] [client 10.192.3.58] File does not
> exist: /var/www/html/favicon.ico
> [root@svntest1 conf]#
>
> but i am typing correct password
> please please advice
>
> Regards
> irf
>
> On 4/24/09, Johan Corveleyn <jo...@uz.kuleuven.ac.be> wrote:
>> Well, since you specified the AuthLDAPURL as
>> "ldap://sppufls01.exfo.com:389/...", your Apache (or more specifically the
>> mod_authnz_ldap module) will have to make connections to this url. This
>> means that, yes, your LDAP server must be accessible from the Apache (SVN)
>> server through port 389.
>>
>> To troubleshoot this, try executing a "telnet sppufls01.exfo.com 389" on the
>> command line of your Apache (SVN) server. If the connection is refused, you
>> know you've got a network problem to solve first (either make the LDAP
>> server listen on that port, or check any firewalls that are in between the
>> svn server and the LDAP server).
>>
>> Regards,
>> Johan
>>
>> Van: Irfan Sayed [mailto:irfu.sayed@gmail.com]
>> Verzonden: vrijdag 24 april 2009 17:17
>> Aan: Johan Corveleyn; webpost@tigris.org; users@subversion.tigris.org
>> Onderwerp: Re: Re: ldap authentication in subversion
>>
>> Hi All,
>> Thanks for helping me.
>> Here is the update
>>
>> first of all i dont have any directory as /usr/local/apache2. everything is
>> present in /etc/httpd
>>
>> after doing some search for any latest patches for apache , yum utility
>> installed apr-util-ldap module.
>>
>> after installation when i tried again to see whether it is working or not
>> then it throws me an error like "internal server error"
>>
>> now in the error log i am getting some error like "unable to connect LDAP
>> server"
>>
>> is it neccessary that port 389 should be opened ??
>>
>> I have attached error log . please have a look
>> please please advice
>>
>> Regards
>> Irf
>> On Fri, Apr 24, 2009 at 6:38 PM, Johan Corveleyn
>> <jo...@uz.kuleuven.ac.be>>
>> wrote:
>> We had exactly the same problem (on Solaris 10 though): segfaults from the
>> child processes of apache when it tries to authenticate via LDAP.
>>
>> The reason was that we had our Apache installed in a different location than
>> the standard one (which is /usr/local/apache2). Could that be the case with
>> your installation? Where does your Apache reside?
>>
>> After some truss'ing we found that it failed when trying to access
>> /usr/local/apache2/lib/apr-util-1/apr_ldap.so, which obviously didn't exist
>> in our case. So, although the Solaris package we used to install Apache
>> supported specifying a custom installation directory, the installation was
>> not exactly correct (some paths were hardcoded/compiled/linked/... to be in
>> /usr/local/apache2).
>>
>> As a workaround we made a symlink from /usr/local/apache2/lib/apr-util-1 to
>> <location of apach2 lib>/apr-util-1. That solved the problem.
>>
>> Regards,
>> Johan
>>
>> -----Oorspronkelijk bericht-----
>> Van: Carlos Beppler [mailto:beppler@gmail.com<ma...@gmail.com>]
>> Verzonden: vrijdag 24 april 2009 14:55
>> Aan: Irfan Sayed
>> CC: webpost@tigris.org<ma...@tigris.org>;
>> users@subversion.tigris.org<ma...@subversion.tigris.org>
>> Onderwerp: Re: Re: ldap authentication in subversion
>>
>> It appears that your LDAP module is causing segmentation faults on the
>> child process.
>>
>> I do not have experience with Fedora (we use Debian here).
>>
>> You are loading the mod_authnz_ldap. Are you loading the mod_ldap too?
>> Look for this entries on your configuration files.
>>
>> LoadModule ldap_module /usr/lib/apache2/modules/mod_ldap.so
>>
>> LoadModule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so
>>
>>
>> [Fri Apr 24 11:00:12 2009] [debug] mod_authnz_ldap.c(377): [client
>> 10.192.2.195] [12733] auth_ldap authenticate: using URL
>> ldap://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?(objectClass=*)<http://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?%28objectClass=*%29>
>> [Fri Apr 24 11:00:13 2009] [notice] child pid 12733 exit signal
>> Segmentation fault (11)
>>
>>
>> On Fri, Apr 24, 2009 at 09:41, Irfan Sayed
>> <ir...@gmail.com>> wrote:
>>> Hi,
>>>
>>> Apache is running on Fedora 10 (Linux).
>>> I have attached error.log for your reference.
>>>
>>> Please please advice/help
>>>
>>> Regards
>>> Irf
>>>
>>>
>>> On 4/24/09, Carlos Alberto Costa Beppler
>>> <be...@gmail.com>> wrote:
>>>> If you are using Windows 2000 or later the port 389 is probably already
>>>> open.
>>>>
>>>> Is this apache on Windows or Linux? Can you send the contents of the
>>>> error log file from Apache?
>>>>
>>>> On Fri, Apr 24, 2009 at 09:10, Irfan Sayed
>>>> <ir...@gmail.com>> wrote:
>>>>> Sorry.
>>>>> Here is the updated one.
>>>>>
>>>>> <Location "/svn">
>>>>> DAV svn
>>>>> SVNParentPath /usr/local/svn
>>>>> SVNListParentPath On
>>>>> SVNAutoversioning On
>>>>> AuthBasicProvider ldap
>>>>> AuthType Basic
>>>>> AuthzLDAPAuthoritative off
>>>>> AuthName "My "
>>>>> AuthLDAPURL
>>>>> "ldap://sppufls01.exfo.com:389/DC=exfo.com?sAMAccountName?sub?(objectClass=*)<http://sppufls01.exfo.com:389/DC=exfo.com?sAMAccountName?sub?%28objectClass=*%29>"
>>>>> AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo.com<http://exfo.com>"
>>>>> AuthLDAPBindPassword jaba_1234
>>>>> AuthzSVNAccessFile /etc/subversion/acl
>>>>> # require ldap-group
>>>>> CN=irfsay1,CN=Users,DC=exfo.com<http://exfo.com>
>>>>> require valid-user
>>>>> </Location>
>>>>>
>>>>> Still it is not working. i think the problem is that 389 port might
>>>>> not be opened on the windows domain controller. Is it neccessary that
>>>>> it should be opened??
>>>>>
>>>>> Please advice
>>>>> Regards
>>>>> Irf
>>>>>
>>>>>
>>>>>
>>>>> On 4/24/09, webpost@tigris.org<ma...@tigris.org>
>>>>> <we...@tigris.org>> wrote:
>>>>>> Apparently from what you write here, you have two AuthLDAPBindDN
>>>>>> directives
>>>>>> in your httpd.conf.
>>>>>>
>>>>>> ------------------------------------------------------
>>>>>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1890469
>>>>>>
>>>>>> To unsubscribe from this discussion, e-mail:
>>>>>> [users-unsubscribe@subversion.tigris.org<ma...@subversion.tigris.org>].
>>>>>>
>>>>>
>>>>> ------------------------------------------------------
>>>>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891212
>>>>>
>>>>> To unsubscribe from this discussion, e-mail:
>>>>> [users-unsubscribe@subversion.tigris.org<ma...@subversion.tigris.org>].
>>>>>
>>>>
>>>
>>
>> ------------------------------------------------------
>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891762
>>
>> To unsubscribe from this discussion, e-mail:
>> [users-unsubscribe@subversion.tigris.org<ma...@subversion.tigris.org>].
>>
>>
>
> ------------------------------------------------------
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1894325
>
> To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1894470
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Re: ldap authentication in subversion
Posted by Carlos Beppler <be...@gmail.com>.
Another tip. If you are only using user accounts. Your AuthLDAPURL can
be rewritten to this:
AuthLDAPURL "ldap://exfo.com:389/DC=exfo.com?sAMAccountName?sub?(&(objectClass=user)(objectCategory=person))"
On Fri, Apr 24, 2009 at 12:51, Irfan Sayed <ir...@gmail.com> wrote:
> Hi All,
> it seems that some issues are resolved. here is the update.
> now my httpd.conf file looks as
> <Location "/svn">
> DAV svn
> SVNParentPath /usr/local/svn
> SVNListParentPath On
> SVNAutoversioning On
> AuthBasicProvider ldap
> AuthType Basic
> AuthzLDAPAuthoritative off
> AuthName "My "
> AuthLDAPURL
> "ldap://exfo.com:389/DC=exfo.com?sAMAccountName?sub?(objectClass=*)"
> AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo.com"
> AuthLDAPBindPassword jaba_1234
> AuthzSVNAccessFile /etc/subversion/acl
> # require ldap-group CN=irfsay1,CN=Users,DC=exfo.com
> require valid-user
> </location>
>
> and now i am getting error like "password mismatch"
> here are some error lines in log file.
>
> [Fri Apr 24 21:14:34 2009] [notice] Apache/2.2.11 (Unix) DAV/2
> SVN/1.5.4 configured -- resuming normal operations
> [Fri Apr 24 21:14:49 2009] [warn] [client 10.192.3.58] [8432]
> auth_ldap authenticate: user irfsay1 authentication failed; URI
> /svn/projects [LDAP: ldap_simple_bind_s() failed][Invalid credentials]
> [Fri Apr 24 21:14:49 2009] [error] [client 10.192.3.58] user irfsay1:
> authentication failure for "/svn/projects": Password Mismatch
> [Fri Apr 24 21:14:58 2009] [error] [client 10.192.3.58] File does not
> exist: /var/www/html/favicon.ico
> [root@svntest1 conf]#
>
> but i am typing correct password
> please please advice
>
> Regards
> irf
>
> On 4/24/09, Johan Corveleyn <jo...@uz.kuleuven.ac.be> wrote:
>> Well, since you specified the AuthLDAPURL as
>> "ldap://sppufls01.exfo.com:389/...", your Apache (or more specifically the
>> mod_authnz_ldap module) will have to make connections to this url. This
>> means that, yes, your LDAP server must be accessible from the Apache (SVN)
>> server through port 389.
>>
>> To troubleshoot this, try executing a "telnet sppufls01.exfo.com 389" on the
>> command line of your Apache (SVN) server. If the connection is refused, you
>> know you've got a network problem to solve first (either make the LDAP
>> server listen on that port, or check any firewalls that are in between the
>> svn server and the LDAP server).
>>
>> Regards,
>> Johan
>>
>> Van: Irfan Sayed [mailto:irfu.sayed@gmail.com]
>> Verzonden: vrijdag 24 april 2009 17:17
>> Aan: Johan Corveleyn; webpost@tigris.org; users@subversion.tigris.org
>> Onderwerp: Re: Re: ldap authentication in subversion
>>
>> Hi All,
>> Thanks for helping me.
>> Here is the update
>>
>> first of all i dont have any directory as /usr/local/apache2. everything is
>> present in /etc/httpd
>>
>> after doing some search for any latest patches for apache , yum utility
>> installed apr-util-ldap module.
>>
>> after installation when i tried again to see whether it is working or not
>> then it throws me an error like "internal server error"
>>
>> now in the error log i am getting some error like "unable to connect LDAP
>> server"
>>
>> is it neccessary that port 389 should be opened ??
>>
>> I have attached error log . please have a look
>> please please advice
>>
>> Regards
>> Irf
>> On Fri, Apr 24, 2009 at 6:38 PM, Johan Corveleyn
>> <jo...@uz.kuleuven.ac.be>>
>> wrote:
>> We had exactly the same problem (on Solaris 10 though): segfaults from the
>> child processes of apache when it tries to authenticate via LDAP.
>>
>> The reason was that we had our Apache installed in a different location than
>> the standard one (which is /usr/local/apache2). Could that be the case with
>> your installation? Where does your Apache reside?
>>
>> After some truss'ing we found that it failed when trying to access
>> /usr/local/apache2/lib/apr-util-1/apr_ldap.so, which obviously didn't exist
>> in our case. So, although the Solaris package we used to install Apache
>> supported specifying a custom installation directory, the installation was
>> not exactly correct (some paths were hardcoded/compiled/linked/... to be in
>> /usr/local/apache2).
>>
>> As a workaround we made a symlink from /usr/local/apache2/lib/apr-util-1 to
>> <location of apach2 lib>/apr-util-1. That solved the problem.
>>
>> Regards,
>> Johan
>>
>> -----Oorspronkelijk bericht-----
>> Van: Carlos Beppler [mailto:beppler@gmail.com<ma...@gmail.com>]
>> Verzonden: vrijdag 24 april 2009 14:55
>> Aan: Irfan Sayed
>> CC: webpost@tigris.org<ma...@tigris.org>;
>> users@subversion.tigris.org<ma...@subversion.tigris.org>
>> Onderwerp: Re: Re: ldap authentication in subversion
>>
>> It appears that your LDAP module is causing segmentation faults on the
>> child process.
>>
>> I do not have experience with Fedora (we use Debian here).
>>
>> You are loading the mod_authnz_ldap. Are you loading the mod_ldap too?
>> Look for this entries on your configuration files.
>>
>> LoadModule ldap_module /usr/lib/apache2/modules/mod_ldap.so
>>
>> LoadModule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so
>>
>>
>> [Fri Apr 24 11:00:12 2009] [debug] mod_authnz_ldap.c(377): [client
>> 10.192.2.195] [12733] auth_ldap authenticate: using URL
>> ldap://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?(objectClass=*)<http://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?%28objectClass=*%29>
>> [Fri Apr 24 11:00:13 2009] [notice] child pid 12733 exit signal
>> Segmentation fault (11)
>>
>>
>> On Fri, Apr 24, 2009 at 09:41, Irfan Sayed
>> <ir...@gmail.com>> wrote:
>>> Hi,
>>>
>>> Apache is running on Fedora 10 (Linux).
>>> I have attached error.log for your reference.
>>>
>>> Please please advice/help
>>>
>>> Regards
>>> Irf
>>>
>>>
>>> On 4/24/09, Carlos Alberto Costa Beppler
>>> <be...@gmail.com>> wrote:
>>>> If you are using Windows 2000 or later the port 389 is probably already
>>>> open.
>>>>
>>>> Is this apache on Windows or Linux? Can you send the contents of the
>>>> error log file from Apache?
>>>>
>>>> On Fri, Apr 24, 2009 at 09:10, Irfan Sayed
>>>> <ir...@gmail.com>> wrote:
>>>>> Sorry.
>>>>> Here is the updated one.
>>>>>
>>>>> <Location "/svn">
>>>>> DAV svn
>>>>> SVNParentPath /usr/local/svn
>>>>> SVNListParentPath On
>>>>> SVNAutoversioning On
>>>>> AuthBasicProvider ldap
>>>>> AuthType Basic
>>>>> AuthzLDAPAuthoritative off
>>>>> AuthName "My "
>>>>> AuthLDAPURL
>>>>> "ldap://sppufls01.exfo.com:389/DC=exfo.com?sAMAccountName?sub?(objectClass=*)<http://sppufls01.exfo.com:389/DC=exfo.com?sAMAccountName?sub?%28objectClass=*%29>"
>>>>> AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo.com<http://exfo.com>"
>>>>> AuthLDAPBindPassword jaba_1234
>>>>> AuthzSVNAccessFile /etc/subversion/acl
>>>>> # require ldap-group
>>>>> CN=irfsay1,CN=Users,DC=exfo.com<http://exfo.com>
>>>>> require valid-user
>>>>> </Location>
>>>>>
>>>>> Still it is not working. i think the problem is that 389 port might
>>>>> not be opened on the windows domain controller. Is it neccessary that
>>>>> it should be opened??
>>>>>
>>>>> Please advice
>>>>> Regards
>>>>> Irf
>>>>>
>>>>>
>>>>>
>>>>> On 4/24/09, webpost@tigris.org<ma...@tigris.org>
>>>>> <we...@tigris.org>> wrote:
>>>>>> Apparently from what you write here, you have two AuthLDAPBindDN
>>>>>> directives
>>>>>> in your httpd.conf.
>>>>>>
>>>>>> ------------------------------------------------------
>>>>>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1890469
>>>>>>
>>>>>> To unsubscribe from this discussion, e-mail:
>>>>>> [users-unsubscribe@subversion.tigris.org<ma...@subversion.tigris.org>].
>>>>>>
>>>>>
>>>>> ------------------------------------------------------
>>>>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891212
>>>>>
>>>>> To unsubscribe from this discussion, e-mail:
>>>>> [users-unsubscribe@subversion.tigris.org<ma...@subversion.tigris.org>].
>>>>>
>>>>
>>>
>>
>> ------------------------------------------------------
>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891762
>>
>> To unsubscribe from this discussion, e-mail:
>> [users-unsubscribe@subversion.tigris.org<ma...@subversion.tigris.org>].
>>
>>
>
> ------------------------------------------------------
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1894325
>
> To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1894511
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Re: ldap authentication in subversion
Posted by Irfan Sayed <ir...@gmail.com>.
Hi All,
it seems that some issues are resolved. here is the update.
now my httpd.conf file looks as
<Location "/svn">
DAV svn
SVNParentPath /usr/local/svn
SVNListParentPath On
SVNAutoversioning On
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative off
AuthName "My "
AuthLDAPURL
"ldap://exfo.com:389/DC=exfo.com?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo.com"
AuthLDAPBindPassword jaba_1234
AuthzSVNAccessFile /etc/subversion/acl
# require ldap-group CN=irfsay1,CN=Users,DC=exfo.com
require valid-user
</location>
and now i am getting error like "password mismatch"
here are some error lines in log file.
[Fri Apr 24 21:14:34 2009] [notice] Apache/2.2.11 (Unix) DAV/2
SVN/1.5.4 configured -- resuming normal operations
[Fri Apr 24 21:14:49 2009] [warn] [client 10.192.3.58] [8432]
auth_ldap authenticate: user irfsay1 authentication failed; URI
/svn/projects [LDAP: ldap_simple_bind_s() failed][Invalid credentials]
[Fri Apr 24 21:14:49 2009] [error] [client 10.192.3.58] user irfsay1:
authentication failure for "/svn/projects": Password Mismatch
[Fri Apr 24 21:14:58 2009] [error] [client 10.192.3.58] File does not
exist: /var/www/html/favicon.ico
[root@svntest1 conf]#
but i am typing correct password
please please advice
Regards
irf
On 4/24/09, Johan Corveleyn <jo...@uz.kuleuven.ac.be> wrote:
> Well, since you specified the AuthLDAPURL as
> "ldap://sppufls01.exfo.com:389/...", your Apache (or more specifically the
> mod_authnz_ldap module) will have to make connections to this url. This
> means that, yes, your LDAP server must be accessible from the Apache (SVN)
> server through port 389.
>
> To troubleshoot this, try executing a "telnet sppufls01.exfo.com 389" on the
> command line of your Apache (SVN) server. If the connection is refused, you
> know you've got a network problem to solve first (either make the LDAP
> server listen on that port, or check any firewalls that are in between the
> svn server and the LDAP server).
>
> Regards,
> Johan
>
> Van: Irfan Sayed [mailto:irfu.sayed@gmail.com]
> Verzonden: vrijdag 24 april 2009 17:17
> Aan: Johan Corveleyn; webpost@tigris.org; users@subversion.tigris.org
> Onderwerp: Re: Re: ldap authentication in subversion
>
> Hi All,
> Thanks for helping me.
> Here is the update
>
> first of all i dont have any directory as /usr/local/apache2. everything is
> present in /etc/httpd
>
> after doing some search for any latest patches for apache , yum utility
> installed apr-util-ldap module.
>
> after installation when i tried again to see whether it is working or not
> then it throws me an error like "internal server error"
>
> now in the error log i am getting some error like "unable to connect LDAP
> server"
>
> is it neccessary that port 389 should be opened ??
>
> I have attached error log . please have a look
> please please advice
>
> Regards
> Irf
> On Fri, Apr 24, 2009 at 6:38 PM, Johan Corveleyn
> <jo...@uz.kuleuven.ac.be>>
> wrote:
> We had exactly the same problem (on Solaris 10 though): segfaults from the
> child processes of apache when it tries to authenticate via LDAP.
>
> The reason was that we had our Apache installed in a different location than
> the standard one (which is /usr/local/apache2). Could that be the case with
> your installation? Where does your Apache reside?
>
> After some truss'ing we found that it failed when trying to access
> /usr/local/apache2/lib/apr-util-1/apr_ldap.so, which obviously didn't exist
> in our case. So, although the Solaris package we used to install Apache
> supported specifying a custom installation directory, the installation was
> not exactly correct (some paths were hardcoded/compiled/linked/... to be in
> /usr/local/apache2).
>
> As a workaround we made a symlink from /usr/local/apache2/lib/apr-util-1 to
> <location of apach2 lib>/apr-util-1. That solved the problem.
>
> Regards,
> Johan
>
> -----Oorspronkelijk bericht-----
> Van: Carlos Beppler [mailto:beppler@gmail.com<ma...@gmail.com>]
> Verzonden: vrijdag 24 april 2009 14:55
> Aan: Irfan Sayed
> CC: webpost@tigris.org<ma...@tigris.org>;
> users@subversion.tigris.org<ma...@subversion.tigris.org>
> Onderwerp: Re: Re: ldap authentication in subversion
>
> It appears that your LDAP module is causing segmentation faults on the
> child process.
>
> I do not have experience with Fedora (we use Debian here).
>
> You are loading the mod_authnz_ldap. Are you loading the mod_ldap too?
> Look for this entries on your configuration files.
>
> LoadModule ldap_module /usr/lib/apache2/modules/mod_ldap.so
>
> LoadModule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so
>
>
> [Fri Apr 24 11:00:12 2009] [debug] mod_authnz_ldap.c(377): [client
> 10.192.2.195] [12733] auth_ldap authenticate: using URL
> ldap://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?(objectClass=*)<http://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?%28objectClass=*%29>
> [Fri Apr 24 11:00:13 2009] [notice] child pid 12733 exit signal
> Segmentation fault (11)
>
>
> On Fri, Apr 24, 2009 at 09:41, Irfan Sayed
> <ir...@gmail.com>> wrote:
>> Hi,
>>
>> Apache is running on Fedora 10 (Linux).
>> I have attached error.log for your reference.
>>
>> Please please advice/help
>>
>> Regards
>> Irf
>>
>>
>> On 4/24/09, Carlos Alberto Costa Beppler
>> <be...@gmail.com>> wrote:
>>> If you are using Windows 2000 or later the port 389 is probably already
>>> open.
>>>
>>> Is this apache on Windows or Linux? Can you send the contents of the
>>> error log file from Apache?
>>>
>>> On Fri, Apr 24, 2009 at 09:10, Irfan Sayed
>>> <ir...@gmail.com>> wrote:
>>>> Sorry.
>>>> Here is the updated one.
>>>>
>>>> <Location "/svn">
>>>> DAV svn
>>>> SVNParentPath /usr/local/svn
>>>> SVNListParentPath On
>>>> SVNAutoversioning On
>>>> AuthBasicProvider ldap
>>>> AuthType Basic
>>>> AuthzLDAPAuthoritative off
>>>> AuthName "My "
>>>> AuthLDAPURL
>>>> "ldap://sppufls01.exfo.com:389/DC=exfo.com?sAMAccountName?sub?(objectClass=*)<http://sppufls01.exfo.com:389/DC=exfo.com?sAMAccountName?sub?%28objectClass=*%29>"
>>>> AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo.com<http://exfo.com>"
>>>> AuthLDAPBindPassword jaba_1234
>>>> AuthzSVNAccessFile /etc/subversion/acl
>>>> # require ldap-group
>>>> CN=irfsay1,CN=Users,DC=exfo.com<http://exfo.com>
>>>> require valid-user
>>>> </Location>
>>>>
>>>> Still it is not working. i think the problem is that 389 port might
>>>> not be opened on the windows domain controller. Is it neccessary that
>>>> it should be opened??
>>>>
>>>> Please advice
>>>> Regards
>>>> Irf
>>>>
>>>>
>>>>
>>>> On 4/24/09, webpost@tigris.org<ma...@tigris.org>
>>>> <we...@tigris.org>> wrote:
>>>>> Apparently from what you write here, you have two AuthLDAPBindDN
>>>>> directives
>>>>> in your httpd.conf.
>>>>>
>>>>> ------------------------------------------------------
>>>>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1890469
>>>>>
>>>>> To unsubscribe from this discussion, e-mail:
>>>>> [users-unsubscribe@subversion.tigris.org<ma...@subversion.tigris.org>].
>>>>>
>>>>
>>>> ------------------------------------------------------
>>>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891212
>>>>
>>>> To unsubscribe from this discussion, e-mail:
>>>> [users-unsubscribe@subversion.tigris.org<ma...@subversion.tigris.org>].
>>>>
>>>
>>
>
> ------------------------------------------------------
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891762
>
> To unsubscribe from this discussion, e-mail:
> [users-unsubscribe@subversion.tigris.org<ma...@subversion.tigris.org>].
>
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1894325
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
RE: Re: ldap authentication in subversion
Posted by Johan Corveleyn <jo...@uz.kuleuven.ac.be>.
Well, since you specified the AuthLDAPURL as "ldap://sppufls01.exfo.com:389/...", your Apache (or more specifically the mod_authnz_ldap module) will have to make connections to this url. This means that, yes, your LDAP server must be accessible from the Apache (SVN) server through port 389.
To troubleshoot this, try executing a "telnet sppufls01.exfo.com 389" on the command line of your Apache (SVN) server. If the connection is refused, you know you've got a network problem to solve first (either make the LDAP server listen on that port, or check any firewalls that are in between the svn server and the LDAP server).
Regards,
Johan
Van: Irfan Sayed [mailto:irfu.sayed@gmail.com]
Verzonden: vrijdag 24 april 2009 17:17
Aan: Johan Corveleyn; webpost@tigris.org; users@subversion.tigris.org
Onderwerp: Re: Re: ldap authentication in subversion
Hi All,
Thanks for helping me.
Here is the update
first of all i dont have any directory as /usr/local/apache2. everything is present in /etc/httpd
after doing some search for any latest patches for apache , yum utility installed apr-util-ldap module.
after installation when i tried again to see whether it is working or not then it throws me an error like "internal server error"
now in the error log i am getting some error like "unable to connect LDAP server"
is it neccessary that port 389 should be opened ??
I have attached error log . please have a look
please please advice
Regards
Irf
On Fri, Apr 24, 2009 at 6:38 PM, Johan Corveleyn <jo...@uz.kuleuven.ac.be>> wrote:
We had exactly the same problem (on Solaris 10 though): segfaults from the child processes of apache when it tries to authenticate via LDAP.
The reason was that we had our Apache installed in a different location than the standard one (which is /usr/local/apache2). Could that be the case with your installation? Where does your Apache reside?
After some truss'ing we found that it failed when trying to access /usr/local/apache2/lib/apr-util-1/apr_ldap.so, which obviously didn't exist in our case. So, although the Solaris package we used to install Apache supported specifying a custom installation directory, the installation was not exactly correct (some paths were hardcoded/compiled/linked/... to be in /usr/local/apache2).
As a workaround we made a symlink from /usr/local/apache2/lib/apr-util-1 to <location of apach2 lib>/apr-util-1. That solved the problem.
Regards,
Johan
-----Oorspronkelijk bericht-----
Van: Carlos Beppler [mailto:beppler@gmail.com<ma...@gmail.com>]
Verzonden: vrijdag 24 april 2009 14:55
Aan: Irfan Sayed
CC: webpost@tigris.org<ma...@tigris.org>; users@subversion.tigris.org<ma...@subversion.tigris.org>
Onderwerp: Re: Re: ldap authentication in subversion
It appears that your LDAP module is causing segmentation faults on the
child process.
I do not have experience with Fedora (we use Debian here).
You are loading the mod_authnz_ldap. Are you loading the mod_ldap too?
Look for this entries on your configuration files.
LoadModule ldap_module /usr/lib/apache2/modules/mod_ldap.so
LoadModule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so
[Fri Apr 24 11:00:12 2009] [debug] mod_authnz_ldap.c(377): [client
10.192.2.195] [12733] auth_ldap authenticate: using URL
ldap://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?(objectClass=*)<http://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?%28objectClass=*%29>
[Fri Apr 24 11:00:13 2009] [notice] child pid 12733 exit signal
Segmentation fault (11)
On Fri, Apr 24, 2009 at 09:41, Irfan Sayed <ir...@gmail.com>> wrote:
> Hi,
>
> Apache is running on Fedora 10 (Linux).
> I have attached error.log for your reference.
>
> Please please advice/help
>
> Regards
> Irf
>
>
> On 4/24/09, Carlos Alberto Costa Beppler <be...@gmail.com>> wrote:
>> If you are using Windows 2000 or later the port 389 is probably already
>> open.
>>
>> Is this apache on Windows or Linux? Can you send the contents of the
>> error log file from Apache?
>>
>> On Fri, Apr 24, 2009 at 09:10, Irfan Sayed <ir...@gmail.com>> wrote:
>>> Sorry.
>>> Here is the updated one.
>>>
>>> <Location "/svn">
>>> DAV svn
>>> SVNParentPath /usr/local/svn
>>> SVNListParentPath On
>>> SVNAutoversioning On
>>> AuthBasicProvider ldap
>>> AuthType Basic
>>> AuthzLDAPAuthoritative off
>>> AuthName "My "
>>> AuthLDAPURL
>>> "ldap://sppufls01.exfo.com:389/DC=exfo.com?sAMAccountName?sub?(objectClass=*)<http://sppufls01.exfo.com:389/DC=exfo.com?sAMAccountName?sub?%28objectClass=*%29>"
>>> AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo.com<http://exfo.com>"
>>> AuthLDAPBindPassword jaba_1234
>>> AuthzSVNAccessFile /etc/subversion/acl
>>> # require ldap-group CN=irfsay1,CN=Users,DC=exfo.com<http://exfo.com>
>>> require valid-user
>>> </Location>
>>>
>>> Still it is not working. i think the problem is that 389 port might
>>> not be opened on the windows domain controller. Is it neccessary that
>>> it should be opened??
>>>
>>> Please advice
>>> Regards
>>> Irf
>>>
>>>
>>>
>>> On 4/24/09, webpost@tigris.org<ma...@tigris.org> <we...@tigris.org>> wrote:
>>>> Apparently from what you write here, you have two AuthLDAPBindDN
>>>> directives
>>>> in your httpd.conf.
>>>>
>>>> ------------------------------------------------------
>>>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1890469
>>>>
>>>> To unsubscribe from this discussion, e-mail:
>>>> [users-unsubscribe@subversion.tigris.org<ma...@subversion.tigris.org>].
>>>>
>>>
>>> ------------------------------------------------------
>>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891212
>>>
>>> To unsubscribe from this discussion, e-mail:
>>> [users-unsubscribe@subversion.tigris.org<ma...@subversion.tigris.org>].
>>>
>>
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891762
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org<ma...@subversion.tigris.org>].
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1893844
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Re: ldap authentication in subversion
Posted by Irfan Sayed <ir...@gmail.com>.
Hi All,
Thanks for helping me.
Here is the update
first of all i dont have any directory as /usr/local/apache2. everything is
present in /etc/httpd
after doing some search for any latest patches for apache , yum utility
installed apr-util-ldap module.
after installation when i tried again to see whether it is working or not
then it throws me an error like "internal server error"
now in the error log i am getting some error like "unable to connect LDAP
server"
is it neccessary that port 389 should be opened ??
I have attached error log . please have a look
please please advice
Regards
Irf
On Fri, Apr 24, 2009 at 6:38 PM, Johan Corveleyn <
johan.corveleyn@uz.kuleuven.ac.be> wrote:
> We had exactly the same problem (on Solaris 10 though): segfaults from the
> child processes of apache when it tries to authenticate via LDAP.
>
> The reason was that we had our Apache installed in a different location
> than the standard one (which is /usr/local/apache2). Could that be the case
> with your installation? Where does your Apache reside?
>
> After some truss'ing we found that it failed when trying to access
> /usr/local/apache2/lib/apr-util-1/apr_ldap.so, which obviously didn't exist
> in our case. So, although the Solaris package we used to install Apache
> supported specifying a custom installation directory, the installation was
> not exactly correct (some paths were hardcoded/compiled/linked/... to be in
> /usr/local/apache2).
>
> As a workaround we made a symlink from /usr/local/apache2/lib/apr-util-1 to
> <location of apach2 lib>/apr-util-1. That solved the problem.
>
> Regards,
> Johan
>
> -----Oorspronkelijk bericht-----
> Van: Carlos Beppler [mailto:beppler@gmail.com]
> Verzonden: vrijdag 24 april 2009 14:55
> Aan: Irfan Sayed
> CC: webpost@tigris.org; users@subversion.tigris.org
> Onderwerp: Re: Re: ldap authentication in subversion
>
> It appears that your LDAP module is causing segmentation faults on the
> child process.
>
> I do not have experience with Fedora (we use Debian here).
>
> You are loading the mod_authnz_ldap. Are you loading the mod_ldap too?
> Look for this entries on your configuration files.
>
> LoadModule ldap_module /usr/lib/apache2/modules/mod_ldap.so
>
> LoadModule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so
>
>
> [Fri Apr 24 11:00:12 2009] [debug] mod_authnz_ldap.c(377): [client
> 10.192.2.195] [12733] auth_ldap authenticate: using URL
> ldap://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?(objectClass=*)<http://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?%28objectClass=*%29>
> [Fri Apr 24 11:00:13 2009] [notice] child pid 12733 exit signal
> Segmentation fault (11)
>
>
> On Fri, Apr 24, 2009 at 09:41, Irfan Sayed <ir...@gmail.com> wrote:
> > Hi,
> >
> > Apache is running on Fedora 10 (Linux).
> > I have attached error.log for your reference.
> >
> > Please please advice/help
> >
> > Regards
> > Irf
> >
> >
> > On 4/24/09, Carlos Alberto Costa Beppler <be...@gmail.com> wrote:
> >> If you are using Windows 2000 or later the port 389 is probably already
> >> open.
> >>
> >> Is this apache on Windows or Linux? Can you send the contents of the
> >> error log file from Apache?
> >>
> >> On Fri, Apr 24, 2009 at 09:10, Irfan Sayed <ir...@gmail.com>
> wrote:
> >>> Sorry.
> >>> Here is the updated one.
> >>>
> >>> <Location "/svn">
> >>> DAV svn
> >>> SVNParentPath /usr/local/svn
> >>> SVNListParentPath On
> >>> SVNAutoversioning On
> >>> AuthBasicProvider ldap
> >>> AuthType Basic
> >>> AuthzLDAPAuthoritative off
> >>> AuthName "My "
> >>> AuthLDAPURL
> >>> "ldap://
> sppufls01.exfo.com:389/DC=exfo.com?sAMAccountName?sub?(objectClass=*)<http://sppufls01.exfo.com:389/DC=exfo.com?sAMAccountName?sub?%28objectClass=*%29>
> "
> >>> AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo.com"
> >>> AuthLDAPBindPassword jaba_1234
> >>> AuthzSVNAccessFile /etc/subversion/acl
> >>> # require ldap-group CN=irfsay1,CN=Users,DC=exfo.com
> >>> require valid-user
> >>> </Location>
> >>>
> >>> Still it is not working. i think the problem is that 389 port might
> >>> not be opened on the windows domain controller. Is it neccessary that
> >>> it should be opened??
> >>>
> >>> Please advice
> >>> Regards
> >>> Irf
> >>>
> >>>
> >>>
> >>> On 4/24/09, webpost@tigris.org <we...@tigris.org> wrote:
> >>>> Apparently from what you write here, you have two AuthLDAPBindDN
> >>>> directives
> >>>> in your httpd.conf.
> >>>>
> >>>> ------------------------------------------------------
> >>>>
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1890469
> >>>>
> >>>> To unsubscribe from this discussion, e-mail:
> >>>> [users-unsubscribe@subversion.tigris.org].
> >>>>
> >>>
> >>> ------------------------------------------------------
> >>>
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891212
> >>>
> >>> To unsubscribe from this discussion, e-mail:
> >>> [users-unsubscribe@subversion.tigris.org].
> >>>
> >>
> >
>
> ------------------------------------------------------
>
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891762
>
> To unsubscribe from this discussion, e-mail: [
> users-unsubscribe@subversion.tigris.org].
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1893703
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
RE: Re: ldap authentication in subversion
Posted by Johan Corveleyn <jo...@uz.kuleuven.ac.be>.
We had exactly the same problem (on Solaris 10 though): segfaults from the child processes of apache when it tries to authenticate via LDAP.
The reason was that we had our Apache installed in a different location than the standard one (which is /usr/local/apache2). Could that be the case with your installation? Where does your Apache reside?
After some truss'ing we found that it failed when trying to access /usr/local/apache2/lib/apr-util-1/apr_ldap.so, which obviously didn't exist in our case. So, although the Solaris package we used to install Apache supported specifying a custom installation directory, the installation was not exactly correct (some paths were hardcoded/compiled/linked/... to be in /usr/local/apache2).
As a workaround we made a symlink from /usr/local/apache2/lib/apr-util-1 to <location of apach2 lib>/apr-util-1. That solved the problem.
Regards,
Johan
-----Oorspronkelijk bericht-----
Van: Carlos Beppler [mailto:beppler@gmail.com]
Verzonden: vrijdag 24 april 2009 14:55
Aan: Irfan Sayed
CC: webpost@tigris.org; users@subversion.tigris.org
Onderwerp: Re: Re: ldap authentication in subversion
It appears that your LDAP module is causing segmentation faults on the
child process.
I do not have experience with Fedora (we use Debian here).
You are loading the mod_authnz_ldap. Are you loading the mod_ldap too?
Look for this entries on your configuration files.
LoadModule ldap_module /usr/lib/apache2/modules/mod_ldap.so
LoadModule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so
[Fri Apr 24 11:00:12 2009] [debug] mod_authnz_ldap.c(377): [client
10.192.2.195] [12733] auth_ldap authenticate: using URL
ldap://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?(objectClass=*)
[Fri Apr 24 11:00:13 2009] [notice] child pid 12733 exit signal
Segmentation fault (11)
On Fri, Apr 24, 2009 at 09:41, Irfan Sayed <ir...@gmail.com> wrote:
> Hi,
>
> Apache is running on Fedora 10 (Linux).
> I have attached error.log for your reference.
>
> Please please advice/help
>
> Regards
> Irf
>
>
> On 4/24/09, Carlos Alberto Costa Beppler <be...@gmail.com> wrote:
>> If you are using Windows 2000 or later the port 389 is probably already
>> open.
>>
>> Is this apache on Windows or Linux? Can you send the contents of the
>> error log file from Apache?
>>
>> On Fri, Apr 24, 2009 at 09:10, Irfan Sayed <ir...@gmail.com> wrote:
>>> Sorry.
>>> Here is the updated one.
>>>
>>> <Location "/svn">
>>> DAV svn
>>> SVNParentPath /usr/local/svn
>>> SVNListParentPath On
>>> SVNAutoversioning On
>>> AuthBasicProvider ldap
>>> AuthType Basic
>>> AuthzLDAPAuthoritative off
>>> AuthName "My "
>>> AuthLDAPURL
>>> "ldap://sppufls01.exfo.com:389/DC=exfo.com?sAMAccountName?sub?(objectClass=*)"
>>> AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo.com"
>>> AuthLDAPBindPassword jaba_1234
>>> AuthzSVNAccessFile /etc/subversion/acl
>>> # require ldap-group CN=irfsay1,CN=Users,DC=exfo.com
>>> require valid-user
>>> </Location>
>>>
>>> Still it is not working. i think the problem is that 389 port might
>>> not be opened on the windows domain controller. Is it neccessary that
>>> it should be opened??
>>>
>>> Please advice
>>> Regards
>>> Irf
>>>
>>>
>>>
>>> On 4/24/09, webpost@tigris.org <we...@tigris.org> wrote:
>>>> Apparently from what you write here, you have two AuthLDAPBindDN
>>>> directives
>>>> in your httpd.conf.
>>>>
>>>> ------------------------------------------------------
>>>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1890469
>>>>
>>>> To unsubscribe from this discussion, e-mail:
>>>> [users-unsubscribe@subversion.tigris.org].
>>>>
>>>
>>> ------------------------------------------------------
>>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891212
>>>
>>> To unsubscribe from this discussion, e-mail:
>>> [users-unsubscribe@subversion.tigris.org].
>>>
>>
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891762
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1892135
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Re: ldap authentication in subversion
Posted by Carlos Beppler <be...@gmail.com>.
It appears that your LDAP module is causing segmentation faults on the
child process.
I do not have experience with Fedora (we use Debian here).
You are loading the mod_authnz_ldap. Are you loading the mod_ldap too?
Look for this entries on your configuration files.
LoadModule ldap_module /usr/lib/apache2/modules/mod_ldap.so
LoadModule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so
[Fri Apr 24 11:00:12 2009] [debug] mod_authnz_ldap.c(377): [client
10.192.2.195] [12733] auth_ldap authenticate: using URL
ldap://exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?(objectClass=*)
[Fri Apr 24 11:00:13 2009] [notice] child pid 12733 exit signal
Segmentation fault (11)
On Fri, Apr 24, 2009 at 09:41, Irfan Sayed <ir...@gmail.com> wrote:
> Hi,
>
> Apache is running on Fedora 10 (Linux).
> I have attached error.log for your reference.
>
> Please please advice/help
>
> Regards
> Irf
>
>
> On 4/24/09, Carlos Alberto Costa Beppler <be...@gmail.com> wrote:
>> If you are using Windows 2000 or later the port 389 is probably already
>> open.
>>
>> Is this apache on Windows or Linux? Can you send the contents of the
>> error log file from Apache?
>>
>> On Fri, Apr 24, 2009 at 09:10, Irfan Sayed <ir...@gmail.com> wrote:
>>> Sorry.
>>> Here is the updated one.
>>>
>>> <Location "/svn">
>>> DAV svn
>>> SVNParentPath /usr/local/svn
>>> SVNListParentPath On
>>> SVNAutoversioning On
>>> AuthBasicProvider ldap
>>> AuthType Basic
>>> AuthzLDAPAuthoritative off
>>> AuthName "My "
>>> AuthLDAPURL
>>> "ldap://sppufls01.exfo.com:389/DC=exfo.com?sAMAccountName?sub?(objectClass=*)"
>>> AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo.com"
>>> AuthLDAPBindPassword jaba_1234
>>> AuthzSVNAccessFile /etc/subversion/acl
>>> # require ldap-group CN=irfsay1,CN=Users,DC=exfo.com
>>> require valid-user
>>> </Location>
>>>
>>> Still it is not working. i think the problem is that 389 port might
>>> not be opened on the windows domain controller. Is it neccessary that
>>> it should be opened??
>>>
>>> Please advice
>>> Regards
>>> Irf
>>>
>>>
>>>
>>> On 4/24/09, webpost@tigris.org <we...@tigris.org> wrote:
>>>> Apparently from what you write here, you have two AuthLDAPBindDN
>>>> directives
>>>> in your httpd.conf.
>>>>
>>>> ------------------------------------------------------
>>>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1890469
>>>>
>>>> To unsubscribe from this discussion, e-mail:
>>>> [users-unsubscribe@subversion.tigris.org].
>>>>
>>>
>>> ------------------------------------------------------
>>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891212
>>>
>>> To unsubscribe from this discussion, e-mail:
>>> [users-unsubscribe@subversion.tigris.org].
>>>
>>
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891762
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Re: ldap authentication in subversion
Posted by Irfan Sayed <ir...@gmail.com>.
Hi,
Apache is running on Fedora 10 (Linux).
I have attached error.log for your reference.
Please please advice/help
Regards
Irf
On 4/24/09, Carlos Alberto Costa Beppler <be...@gmail.com> wrote:
> If you are using Windows 2000 or later the port 389 is probably already
> open.
>
> Is this apache on Windows or Linux? Can you send the contents of the
> error log file from Apache?
>
> On Fri, Apr 24, 2009 at 09:10, Irfan Sayed <ir...@gmail.com> wrote:
>> Sorry.
>> Here is the updated one.
>>
>> <Location "/svn">
>> DAV svn
>> SVNParentPath /usr/local/svn
>> SVNListParentPath On
>> SVNAutoversioning On
>> AuthBasicProvider ldap
>> AuthType Basic
>> AuthzLDAPAuthoritative off
>> AuthName "My "
>> AuthLDAPURL
>> "ldap://sppufls01.exfo.com:389/DC=exfo.com?sAMAccountName?sub?(objectClass=*)"
>> AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo.com"
>> AuthLDAPBindPassword jaba_1234
>> AuthzSVNAccessFile /etc/subversion/acl
>> # require ldap-group CN=irfsay1,CN=Users,DC=exfo.com
>> require valid-user
>> </Location>
>>
>> Still it is not working. i think the problem is that 389 port might
>> not be opened on the windows domain controller. Is it neccessary that
>> it should be opened??
>>
>> Please advice
>> Regards
>> Irf
>>
>>
>>
>> On 4/24/09, webpost@tigris.org <we...@tigris.org> wrote:
>>> Apparently from what you write here, you have two AuthLDAPBindDN
>>> directives
>>> in your httpd.conf.
>>>
>>> ------------------------------------------------------
>>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1890469
>>>
>>> To unsubscribe from this discussion, e-mail:
>>> [users-unsubscribe@subversion.tigris.org].
>>>
>>
>> ------------------------------------------------------
>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891212
>>
>> To unsubscribe from this discussion, e-mail:
>> [users-unsubscribe@subversion.tigris.org].
>>
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891570
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Re: ldap authentication in subversion
Posted by Carlos Beppler <be...@gmail.com>.
If you are using Windows 2000 or later the port 389 is probably already open.
Is this apache on Windows or Linux? Can you send the contents of the
error log file from Apache?
On Fri, Apr 24, 2009 at 09:10, Irfan Sayed <ir...@gmail.com> wrote:
> Sorry.
> Here is the updated one.
>
> <Location "/svn">
> DAV svn
> SVNParentPath /usr/local/svn
> SVNListParentPath On
> SVNAutoversioning On
> AuthBasicProvider ldap
> AuthType Basic
> AuthzLDAPAuthoritative off
> AuthName "My "
> AuthLDAPURL
> "ldap://sppufls01.exfo.com:389/DC=exfo.com?sAMAccountName?sub?(objectClass=*)"
> AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo.com"
> AuthLDAPBindPassword jaba_1234
> AuthzSVNAccessFile /etc/subversion/acl
> # require ldap-group CN=irfsay1,CN=Users,DC=exfo.com
> require valid-user
> </Location>
>
> Still it is not working. i think the problem is that 389 port might
> not be opened on the windows domain controller. Is it neccessary that
> it should be opened??
>
> Please advice
> Regards
> Irf
>
>
>
> On 4/24/09, webpost@tigris.org <we...@tigris.org> wrote:
>> Apparently from what you write here, you have two AuthLDAPBindDN directives
>> in your httpd.conf.
>>
>> ------------------------------------------------------
>> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1890469
>>
>> To unsubscribe from this discussion, e-mail:
>> [users-unsubscribe@subversion.tigris.org].
>>
>
> ------------------------------------------------------
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891212
>
> To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891472
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: Re: ldap authentication in subversion
Posted by Irfan Sayed <ir...@gmail.com>.
Sorry.
Here is the updated one.
<Location "/svn">
DAV svn
SVNParentPath /usr/local/svn
SVNListParentPath On
SVNAutoversioning On
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative off
AuthName "My "
AuthLDAPURL
"ldap://sppufls01.exfo.com:389/DC=exfo.com?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "CN=irfsay1,CN=Users,DC=exfo.com"
AuthLDAPBindPassword jaba_1234
AuthzSVNAccessFile /etc/subversion/acl
# require ldap-group CN=irfsay1,CN=Users,DC=exfo.com
require valid-user
</Location>
Still it is not working. i think the problem is that 389 port might
not be opened on the windows domain controller. Is it neccessary that
it should be opened??
Please advice
Regards
Irf
On 4/24/09, webpost@tigris.org <we...@tigris.org> wrote:
> Apparently from what you write here, you have two AuthLDAPBindDN directives
> in your httpd.conf.
>
> ------------------------------------------------------
> http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1890469
>
> To unsubscribe from this discussion, e-mail:
> [users-unsubscribe@subversion.tigris.org].
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1891212
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
RE: Re: ldap authentication in subversion
Posted by we...@tigris.org.
Apparently from what you write here, you have two AuthLDAPBindDN directives in your httpd.conf.
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1890469
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].
Re: ldap authentication in subversion
Posted by Irfan Sayed <ir...@gmail.com>.
PLease please help/advice
Regards
Irf
On Fri, Apr 24, 2009 at 2:38 PM, Irfan Sayed <ir...@gmail.com> wrote:
> Hi All,
>
> We are using subversion I just waneted to check can we use windows domain
> controller for authentication. what i need is they should login
> to subversion using their windows username and password.
> After some investigation, i found that we can use ldap authentication
> mechanism so i did following configuration in apache's http.conf file.
>
>
> *<Location "/svn">*
>
> *DAV svn*
>
> *AuthBasicProvider ldap*
>
> *AuthType Basic*
>
> *AuthzLDAPAuthoritative off*
>
> *AuthName "My svn server "*
>
> *AuthLDAPURL "ldap://
> exfo.com:389/DC=exfo,DC=com?sAMAccountName?sub?(objectClass=*)" NONE*
>
> *AuthLDAPBindDN "irfan.sayed@exfo.com"*
>
> *AuthLDAPBindDN "CN=apache,CN=Users,DC=exfo,DC=com"*
>
> *AuthLDAPBindPassword hi*
>
> *require ldap-user irfsay1*
>
> *</Location>*
>
> but still it is not getting through.
> please please suggest/help
>
> Regards
> Irf
>
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1888852
To unsubscribe from this discussion, e-mail: [users-unsubscribe@subversion.tigris.org].