Re: Issues Implementing ldap authentication.

["david@xxxxxxxxxxxxxxxxx" <david@xxxxxxxxxxxxxxxxx>]

Hi,

 

the documentation for AuthzLDAPAuthoritative :

 <snip>Prevent other authentication modules from authenticating the user if this one fails</snip>

 

Default is on but you did set it to off, why? If ldap fails another authorization will be tried.

 

The main problems should be the line <snip> AuthType Digest</snip>. As far as I know you can use digest/MD5 password encryption with file authentification but not with LDAP. LDAP requires basic authentification. But beware that without any other security meachanism like VPN or SSL a simple network sniffer will be able to get the passwords from the network stream.

 

bye,

David 

"Smith, Mitchell" <mitchell.smith@xxxxxxx> hat am 1. Mai 2013 um 15:52 geschrieben:

Hi,

 

I am trying to implement ldap authentication into my configuration for svn running under apache2.2 (httpd2.2.24) running on Linux.

 

I have the following configuration, but it appears that it always fails to call the ldap server.

 

        <IfModule dav_svn_module>

                <Location />

                        DAV svn

                        SVNParentPath /opt/subversion/repos

                        SVNListParentPath On

                        AuthzSVNAccessFile /opt/subversion/svnaccess

                        AuthzLDAPAuthoritative off

                        AuthBasicProvider ldap

                        AuthType Digest

                        AuthName " DOMAIN.COM "

                        AuthLDAPBindDN "CN=TestSVN,OU=Users - Users,OU=Accounts,DC=CWIHQ,DC=CWIGINTRA,DC=COM"

                        AuthLDAPBindPassword "Password"

                        AuthLDAPURL "ldap://LDAP.DOMAIN.COM:389/DC=DOMAIN,DC=COM?sAMAccountName?sub?(objectClass=*)"

                        Require valid-user

                        # AuthUserFile /usr/subversion/apache2/conf.d/svnAuthBlank

                </Location>

        </IfModule>

 

It appears that ldap is never called, and the authentication attempts to fall back to the AuthUserFile, which I do not want.

 

I have checked multiple tutorials online and cannot see where I am going wrong. If I un-comment the AuthUserFile it fails to authenticate as the user does not exist in the file. 

 

Can anyone assist with this.

 

Thanks

 

--
Mitchell Smith

 

The information contained in this email (and any attachments) is confidential and may be privileged. If you are not the intended recipient
and have received this email in error, please notify the sender immediately by reply email and delete the message and any attachments.
If you are not the named addressee, you must not copy, disclose, forward or otherwise use the information contained in this email.
Cable & Wireless Communications Plc and its affiliates reserve the right to monitor all email communications through their networks to
ensure regulatory compliance.
 
Cable & Wireless Communications Plc is a company registered in England & Wales with number:
07130199 and offices located at 3rd Floor, 26 Red Lion Square, London WC1R 4HQ