SVN Authentication with LDAP and Active Directory
I am having a few problems getting SVN authentication to work with LDAP / Active Directory. My SVN installation works fine, but after enabling LDAP in my apache vhost, I just can't get my users to authenticate.
I can use a selection of LDAP browsers to successfully connect to Active Directory, but just can't seem to get this to work.
- SVN is setup in /var/local/svn
- Server is svn.domain.local
- For testing, my repository is /var/local/svn/test
My vhost file is as follows:
<VirtualHost *:80>
ServerAdmin [email protected]
ServerAlias svn.domain.local
ServerName svn.domain.local
DocumentRoot /var/www/svn/
<Location /test>
DAV svn
#SVNListParentPath On
SVNPath /var/local/svn/test
AuthzSVNAccessFile /var/local/svn/svnaccess
AuthzLDAPAuthoritative off
AuthType Basic
AuthName "SVN Server"
AuthBasicProvider ldap
AuthLDAPBindDN "CN=adminuser,OU=SBSAdmin Users,OU=Users,OU=MyBusiness,DC=domain,DC=local"
AuthLDAPBindPassword "admin password"
AuthLDAPURL "ldap://192.168.1.6:389/OU=SBSUsers,OU=Users,OU=MyBusiness,DC=domain,DC=local?sAMAccountName?sub?(objectClass=*)"
Require valid-user
</Location>
CustomLog /var/log/apache2/svn/access.log combined
ErrorLog /var/log/apache2/svn/error.log
</VirtualHost>
In my error.log, I don't seem to get any bind errors (should I be looking elsewhere?), but just the following:
[Thu Jun 21 09:51:38 2012] [error] [client 192.168.1.142] user alex: authentication failure for "/test/": Password Mismatch, referer: http://svn.domain.local/test/
At the end of "AuthLDAPURL", I have seen people using TLS and NONE but neither seem to help in my case.
I have the ldap modules loaded and have checked as much as I know, so any help would be most welcome. Thanks
Set REFERRALS off
in the server /etc/ldap/ldap.conf
and try again.
And try adding "NONE" to the URL line:
AuthLDAPURL "ldap://192.168.1.6:389/OU=SBSUsers,OU=Users,OU=MyBusiness,DC=domain,DC=local?sAMAccountName?sub?(objectClass=*)" NONE
Try ldapsearch. Do an .ldaprc
in your home directory with this:
HOST 192.168.1.6
BASE DC=domain,DC=local
BINDDN CN=adminuser,OU=SBSAdmin Users,OU=Users,OU=MyBusiness,DC=domain,DC=local
Use it:
ldapsearch -D "CN=adminuser,OU=SBSAdmin Users,OU=Users,OU=MyBusiness,DC=domain,DC=local" -W sAMAccountName=user
It will ask for the BindDN password.
Diego gets the points as it finally led me to get it working. It may have been a case of changing the order of the params in my virtualhost, but this is what worked for me. I also copied the admin user DN directly from an LDAP GUI tool to ensure I had the correct bind details:
<VirtualHost *:80>
ServerAdmin [email protected]
ServerAlias svn.domain.local
ServerName svn.domain.local
DocumentRoot /var/www/svn/
<Location />
DAV svn
SVNParentPath /var/local/svn/
SVNListParentPath On
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative off
AuthName "SVN Server"
AuthLDAPURL "ldap://192.168.1.6:389/DC=domain,DC=local?sAMAccountName?sub?(objectClass=*)" NONE
AUTHLDAPBindDN "CN=admin,OU=Admin Users,OU=Users,OU=MyBusiness,DC=domain,DC=local"
AuthLDAPBindPassword ######
require valid-user
</Location>
</VirtualHost>
Hope that helps someone else out!
It may not directly answer your question, but did you consider to use Subversion Edge? It is free to use (AGPLv3 license).
As you can see in this screenshot it is quite simple to setup LDAP integration. You can even install the SSPI module though this requires some manual work.