I'm trying to get Apache to authenticate Via LDAP in Active Directory (sigh). I'm getting the following error when someone attempts to commit a change in Subversion using an Eclipse client:

[emerg] [client xxx.xx.xx.xx] cannot bind to [13929] LDAP Server as CN=user name,CN=Users,DC=mydomain,DC=com/password: 49

[Wed Feb 20 10:49:19 2008] [crit] [client xxx.xx.xx.xx] [13929] no ldap connection

I've verified the username and password in Active directory. I have also verified that the combination can log in on the domain.


Any suggestions?

Well this is a very complex problem. There are many things that could be effecting this. Let's start from the top.

1. Is your SVN server joined to the domain and are you able to send and receive tickets, users, and groups?

2. Is you Apache Configured Correctly?
3. Does your SVN config look something like this?
4.Is there any more information in the logs?

-weisso

Yes=the system is on the domain and authenticates users against the domain for logins and SMB.

httpd version= 2.0.52

subversion = 1.1-4.2

(I neglected to provide the versions)

I'm configuring this on a RHEL4 system and the subversion configuration is being configured in /etc/httpd/conf.d/subversion.conf.

I reviewed your svn config and noted that there were a few items that I did not have in the configuration file. The URL and a few and the following lines:
Options Indexes FollowSymLinks
AllowOverride None
order allow,deny
allow from all

I'll add those suggestions and try again. As a side note we have another system using the same setup and it works without any problems. (The httpd version is the same, but the Subversion is 1.1-2.1.

Thanks for the quick reply.

can you post your httpd.conf file?

Also do you have a special permission schemes?
Example:
Location "/useraccess">
AuthName "user permissions"
require user larry bill sam
</Location>

I don't have the special permission. Here is what I have in the subversion.conf file:

LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so

#
# Example configuration to enable HTTP access for a directory
# containing Subversion repositories, "/var/www/svn". Each repository
# must be readable and writable by the 'apache' user. Note that if
# SELinux is enabled, the repositories must be labelled with a context
# which httpd can write to; this will happen by default for
# directories created in /var/www. Use "restorecon -R /var/www/svn"
# to label the repositories if upgrading from a previous release.
#

#
# To create a new repository "http://localhost/repos/stuff" using
# this configuration, run as root:
#
# # cd /var/www/svn
# # svnadmin create stuff
# # chown -R apache.apache stuff
#

<Location /svn>
DAV svn
SVNPath /work10/svn

AllowOverride None
order allow,deny
allow from all



# Limit write permission to list of valid users.
<LimitExcept GET PROPFIND OPTIONS REPORT>

Require valid-user
# Require SSL connection for password protection.
# SSLRequireSSL

AuthType Basic


AuthzLDAPServer domaincntrlrname.mydomain.com
AuthzLDAPBindDN "CN=adldapsvn ,CN=Users,DC=mydomain,DC=com"
AuthzLDAPBindPassword password

AuthzLDAPUserScope subtree
AuthzLDAPUserBase CN=Users,DC=mydomain,DC=com
AuthzLDAPUserKey sAMAccountName

AuthType basic
AuthName "Subversion Repository"

</LimitExcept>



This subversion.conf file is essentially the same (except for the 3 lines added at the left margin at your suggestion) as the config file on the system that works.

Well a fews things:

1. you don't close out Location.
2. let's try an IFDefine.
3. Did you compile httpd with -mpm-worker mpm-prefork?

Try this config:

The <IfDefine> caused the repository to disappear from view when using the SVN client. httpd was compiled as follows:
Compiled in modules:
core.c
prefork.c
http_core.c
mod_so.c

Try removing the IfDefine and see what happens.

The repository returned after I removed the <IfDefine>.

Can they Checkout?

Yes. They can browse and checkout. We're getting this error:

[Thu Feb 21 12:27:55 2008] [crit] [client xxx.xxx.xxx.xxx] configuration error: couldn't check user. No user file?: /svn/!svn/act/b96572f8-7620-4345-a7e4-2e43e831776a

The subversion.conf contains the following at this point:

LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so


<Location /svn>
DAV svn
SVNPath /work10/svn
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
AuthType Basic

AuthzLDAPServer domaincntrlrname.mydomain.com
AuthzLDAPBindDN "CN=adldapsvn,CN=Users,DC=mydomain,DC=com"
AuthzLDAPBindPassword password

AuthzLDAPUserScope subtree
AuthzLDAPUserBase CN=Users,DC=mydomain,DC=com
AuthzLDAPUserKey sAMAccountName
AuthName "Subversion Repository"

</LimitExcept>
</Location>

Interesting lets try something,

1. confirm that apache is the owner/user recursively throughout the repo:
in your case: chown -R apache:apache /work10/svn/

2. Try and commit

3. If you are still getting that error let's try this:
A. Add this line of code to config file
AuthzSVNAccessFile /var/svn/conf/svnpolicy
B. mkdir /var/svn/conf (if you don't have one already)
c. vim or nano /var/svn/conf/svnpolicy
d. Example File:
Please post back any results.

-weisso

The config file check barked at the AuthzSVNAccessFile directive. All of the files in /work10/svn are owned by the apache and group.

Just to confirm:

1. Every user can browse, commit, and checkout?

2. If so, then can you commit in Eclipse?

Browsing and checkout works without a problem. It's the commit that is the problem.