SVN Authentication with LDAP and Active Directory

I am having a few problems getting SVN authentication to work with LDAP / Active Directory. My SVN installation works fine, but after enabling LDAP in my apache vhost, I just can't get my users to authenticate.

I can use a selection of LDAP browsers to successfully connect to Active Directory, but just can't seem to get this to work.

  • SVN is setup in /var/local/svn
  • Server is svn.domain.local
  • For testing, my repository is /var/local/svn/test

My vhost file is as follows:

<VirtualHost *:80>
        ServerAdmin [email protected]
        ServerAlias svn.domain.local
        ServerName svn.domain.local
        DocumentRoot /var/www/svn/

        <Location /test>
                DAV svn
                #SVNListParentPath On
                SVNPath /var/local/svn/test
                AuthzSVNAccessFile /var/local/svn/svnaccess
                AuthzLDAPAuthoritative off
                AuthType Basic
                AuthName "SVN Server"
                AuthBasicProvider ldap
                AuthLDAPBindDN "CN=adminuser,OU=SBSAdmin Users,OU=Users,OU=MyBusiness,DC=domain,DC=local"
                AuthLDAPBindPassword "admin password"
                AuthLDAPURL "ldap://192.168.1.6:389/OU=SBSUsers,OU=Users,OU=MyBusiness,DC=domain,DC=local?sAMAccountName?sub?(objectClass=*)"
                Require valid-user
        </Location>

        CustomLog /var/log/apache2/svn/access.log combined
        ErrorLog /var/log/apache2/svn/error.log
</VirtualHost>

In my error.log, I don't seem to get any bind errors (should I be looking elsewhere?), but just the following:

[Thu Jun 21 09:51:38 2012] [error] [client 192.168.1.142] user alex: authentication failure for "/test/": Password Mismatch, referer: http://svn.domain.local/test/

At the end of "AuthLDAPURL", I have seen people using TLS and NONE but neither seem to help in my case.

I have the ldap modules loaded and have checked as much as I know, so any help would be most welcome. Thanks


Set REFERRALS off in the server /etc/ldap/ldap.conf and try again.

And try adding "NONE" to the URL line:

AuthLDAPURL "ldap://192.168.1.6:389/OU=SBSUsers,OU=Users,OU=MyBusiness,DC=domain,DC=local?sAMAccountName?sub?(objectClass=*)" NONE

Try ldapsearch. Do an .ldaprc in your home directory with this:

HOST 192.168.1.6
BASE DC=domain,DC=local
BINDDN CN=adminuser,OU=SBSAdmin Users,OU=Users,OU=MyBusiness,DC=domain,DC=local

Use it:

ldapsearch -D "CN=adminuser,OU=SBSAdmin Users,OU=Users,OU=MyBusiness,DC=domain,DC=local" -W sAMAccountName=user

It will ask for the BindDN password.


Diego gets the points as it finally led me to get it working. It may have been a case of changing the order of the params in my virtualhost, but this is what worked for me. I also copied the admin user DN directly from an LDAP GUI tool to ensure I had the correct bind details:

<VirtualHost *:80>
        ServerAdmin [email protected]
        ServerAlias svn.domain.local
        ServerName svn.domain.local
        DocumentRoot /var/www/svn/

        <Location />
                DAV svn
                SVNParentPath /var/local/svn/
                SVNListParentPath On
                AuthBasicProvider ldap
                AuthType Basic
                AuthzLDAPAuthoritative off
                AuthName "SVN Server"
                AuthLDAPURL "ldap://192.168.1.6:389/DC=domain,DC=local?sAMAccountName?sub?(objectClass=*)" NONE
                AUTHLDAPBindDN "CN=admin,OU=Admin Users,OU=Users,OU=MyBusiness,DC=domain,DC=local"
                AuthLDAPBindPassword ######
                require valid-user
        </Location>
</VirtualHost>

Hope that helps someone else out!


It may not directly answer your question, but did you consider to use Subversion Edge? It is free to use (AGPLv3 license).

As you can see in this screenshot it is quite simple to setup LDAP integration. You can even install the SSPI module though this requires some manual work.