LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 09-14-2012, 02:32 PM   #1
keith2045
Member
 
Registered: Feb 2005
Location: Missour, USA
Posts: 83

Rep: Reputation: 15
Apache SVN LDAPs


I'm having issues configuring apache svn using ldaps.

I have a RHEL 6.2 box with httpd 2.2 running. I've got it configured using ldaps and when browsing using a web browser everything works fine. Authentication works and authorization works also. Great, but when i use any client to checkout i get

svn: not authorized to open root of edit operation

After looking through the log, i noticed

auth_ldap authenticate: user *** authentication failed: URI **** [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]

If i turn off LDAPVerifyServerCert it works, but if i leave it on, it cant connect. It's not trusting the certificate, but why? I have LDAPTrustedGlobalCert CA_BASE64 /etc/pki/tls/certs/ca.crt configured.

So when using a web browser it gets the certs and verifies it's in the ca.crt file, but when using a client it doesnt want to check the ca.crt file.

Any idea why using a client ignoring it ignores the LDAPTrustedGlobalCert line?
 
Old 10-15-2012, 08:26 PM   #2
Matthew Hardin
LQ Newbie
 
Registered: Aug 2007
Posts: 11

Rep: Reputation: 5
The most common reason for something like this is that the process (in this case Apache) doesn't have read access to its copy of the CA cert or doesn't have read permissions to the configuration file where the CA Cert is being specified.

One strategy that works well is to run the server in debug mode and watch what it sees during the connection negotiation phase. Assuming you're using OpenLDAP, start the server from the command line with a fairly high debug level. I like to start with -1 (minus 1) and then back off from there. If there's too much output, redirect stderr to a file. DO NOT depend on syslog to capture debug output- it'll get flooded and drop what will likely turn out to be the most important bits.

Assuming openSSL, watch for "certificate verification" or something like that in the output. that'll very likely provide the clue you're looking for.

Hope this helps,

-Matt

Matthew Hardin
Symas - The LDAP Guys
http://www.symas.com
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache SVN Problem moman Linux - Server 2 06-28-2011 05:58 AM
Apache + NIS +SVN authentication xcoldfyrex Linux - Software 1 10-06-2010 05:45 AM
Apache + SVN Issue Phat32 Linux - Networking 2 06-29-2010 12:13 AM
anon svn read-only over apache: '.svn/entries': No such file hedpe Linux - Software 2 04-29-2009 06:31 AM
svn with apache jmkelm08 Linux - Networking 1 05-02-2006 04:05 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 05:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration