Unable to authenticate Subversion user using Apache and LDAP

Question

Unable to authenticate Subversion user using Apache and LDAP

I am trying to use LDAP authentication for a Subversion repository accessed through Apache HTTP Server. No matter what I try, Apache generates the following error message:

authentication failed; URI /repos/branches/my-branch [ldap_search_ext_s() for user failed][Operations Error]

I used the AD explorer from Sysinternals to connect to my AD server and can see the data there, so I assume this is a problem with my LDAP URL search string. I tried several options, but always get the above error. Here is what I have in my httpd.conf. Any suggestions or ideas for diagnosing this will be appreciated.

<Location /repos>
    DAV svn
    SVNPath C:\repos
    AuthType Basic
    AuthzLDAPAuthoritative off
    AuthBasicProvider ldap
    AuthName "IT Subversion repository"
    AuthLDAPURL "ldap://x.y.z.com:389/DC=y,DC=z,DC=com?sAMAccountName?sub?(objectClass=user)" NONE    
    Require valid-user
</Location>

+3

authentication svn apache ldap

Andrew Fielden Jul 05 '10 at 8:32

source share

6

jgnagy · Answer 1 · 2010-07-13T04:42:54+0000

, Active Directory, . :

# Active Directory requires an authenticating DN to access records
# This is the DN used to bind to the directory service
# This is an Active Directory user account.
AuthLDAPBindDN "CN=someuser,CN=Users,DC=y,DC=z,DC=com"

# This is the password for the AuthLDAPBindDN user in Active Directory
AuthLDAPBindPassword some_secret_password

Bart M. · Answer 2 · 2013-11-14T17:57:06+0000

- , . , Apache .

, , 389 3268. "[ldap_search_ext_s() ] [ ] - . , , , .

Thomas · Answer 3 · 2013-11-28T10:55:14+0000

, /etc/ldap/ldap.conf:

REFERRALS off

.

user3257667 · Answer 4 · 2015-11-02T10:01:54+0000

389 3268. 389 Direcotry, 3268 Global Directory. , LDAP (, JXplorer) .

J. Visser · Answer 5 · 2011-01-03T22:20:23+0000

, 3

AuthLDAPBindDN "CN=someuser,CN=Users,DC=y,DC=z,DC=com"
AuthLDAPBindPassword some_secret_password

jgnagy, ,

Satisfy Any

RichardLynch · Answer 6 · 2012-03-21T15:39:55+0000

LDAPReferrals , , ...

, LDAP/Apache, LDAP , AD, .

- , : telnet YOUR_AD_SERVER 389

Connect, - Escape, /IP AD, AD 389.

Then install the openldap command line tools, openldap clients, and see if you can use ldapsearch (read the man page) to search directly on your AD server, without Apache in the middle.

Unable to authenticate Subversion user using Apache and LDAP

More articles: