How do I add LDAP users to roles in Subversion Edge's web console?

It turns out that simply connecting via SVN isn't enough to create the user account. Instead, you need to login to the web console as an LDAP user. After logging in the first time, the LDAP user will show up elsewhere in the management tool and can be added to groups.

For the curious, this is my LDAP configuration:

ldap configuration

Obviously you'll need to update "mydomain" and "domainuser" with your own info.


Note: Since Subversion Edge 1.3, users can use their LDAP credentials to log into the Subversion server as well as the console. Upon first sign-in to the console, the LDAP user is created as a console user with ROLE_USER permissions. This user cannot be edited, but a Subversion Edge administrator can assign additional roles via the Edit Role screen to allow the user to administer the server using LDAP credentials.

CollabNet Subversion Edge User Guide


I just had to tackle this issue myself with CollabNet Edge 2.2.0 and wanted to share what worked for me. I'm running RHEL 6 and trying to connect to a Windows AD server and just couldn't get anything working.

First of all, do yourself a favor and enable DEBUG logging so you can get error messages to google. Log into the CollabNet Edge Web Console: https://servername:4434/csvn. Then navigate to Administration->Server Logs->Configure. Change the field named "Subversion Server log Level:" to "DEBUG" this will give you DEBUG logging for apache which is the service which actually performs your LDAP queries. Now you can go to the "Available Files" tab right next to it and select the latest error_[DATE].log file to see the errors that apache encounters.

Now with Edge 2.2.0 users don't need to log into the web console to create a user account (although they can). Alternatively, just try to checkout a repo using your windows user name and password. I'm guessing it won't work right away, but it will generate a nice error message in your logs. As I was debugging my problem I saw error messages like this:

  • auth_ldap authenticate: user XXXXX authentication failed; URI /viewvc/ [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
  • auth_ldap authenticate: user XXXXX authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Invalid credentials]
  • auth_ldap authenticate: user XXXXX authentication failed; URI / [ldap_search_ext_s() for user failed][Operations error]

Now you can start googling your heart out or just read on. My big break was finding Michele's blog. It recommended adding the line "REFERRALS off" to your /etc/ldap/ldap.conf file (or in RHEL's case /etc/openldap/ldap.conf). That didn't work for me, but one of the comments did. It suggested further narrowing down your "LDAP Base DN" field with an OU. I did that and tried checking out again and bingo, everything worked :)

FYI Here's my configurations on the Administration->Server Settings->Authentication tab

CollabNet Authentication Screenshot

I hope this saves someone some time (I lost half a day).