Hi , i am facing a strange problem.
I have centos , i wan to access svn trought apache using mod auth ldap.
This is what i have configured
AuthLDAPBindDN cn=svn,ou=Operators,o=Organization AuthLDAPBindPassword Pass1 AuthLDAPURL "ldap://ldap/ou=Users,o=Organization?uid" AuthLDAPGroupAttribute member AuthLDAPGroupAttributeIsDN on Require group cn=tester2,ou=Groups,o=Organization
What is strange?
According to doc it will accept only users which DN is in group cn=teste2,ou=Groups,o=Organization.
How come, for me it will accept every one user from LDAP?
Thanks in advance!
On Thu, Apr 10, 2008 at 1:35 PM, David Hláčik david@hlacik.eu wrote:
Hi , i am facing a strange problem.
I have centos , i wan to access svn trought apache using mod auth ldap.
This is what i have configured
AuthLDAPBindDN cn=svn,ou=Operators,o=Organization AuthLDAPBindPassword Pass1 AuthLDAPURL "ldap://ldap/ou=Users,o=Organization?uid" AuthLDAPGroupAttribute member AuthLDAPGroupAttributeIsDN on Require group cn=tester2,ou=Groups,o=OrganizationWhat is strange?
According to doc it will accept only users which DN is in group cn=teste2,ou=Groups,o=Organization.
How come, for me it will accept every one user from LDAP?
Your config looks correct, if it is in the correct context element in your .conf file. Is it within a <Location> element that references your svn repository path? Please show more of your config.
Are you sure Apache is querying the LDAP server? Are you prompted for a login. Are you denied if a bad password or username is given?
-- Jeff
On Thu, Apr 10, 2008 at 2:35 PM, David Hláčik david@hlacik.eu wrote:
Hi , i am facing a strange problem.
I have centos , i wan to access svn trought apache using mod auth ldap.
This is what i have configured
AuthLDAPBindDN cn=svn,ou=Operators,o=Organization AuthLDAPBindPassword Pass1 AuthLDAPURL "ldap://ldap/ou=Users,o=Organization?uid" AuthLDAPGroupAttribute member AuthLDAPGroupAttributeIsDN on Require group cn=tester2,ou=Groups,o=OrganizationWhat is strange?
According to doc it will accept only users which DN is in group cn=teste2,ou=Groups,o=Organization.
How come, for me it will accept every one user from LDAP?
Thanks in advance!
Is this for centos 4 or centos5?
Hi, all,
1) it is CentOs 5.1 2) i am sure that LDAP is working according to error and access logs (when i will type bad user it will fail, when i will type bad password it will inform me about password mismath) 3) yes it is in correct <Location> directory I am sending whole config file :
LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule authz_svn_module modules/mod_authz_svn.so LoadModule authnz_ldap_module modules/mod_authnz_ldap.
<IfModule mod_dav_svn.c>
# - uncomment location section below and modify it according to your situation.
# You will need to change at least the AuthLDAPURL parameter.
#
# Documentation of the LDAP module used, and its parameters, is available at
# http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html
# http://httpd.apache.org/docs/2.2/mod/mod_ldap.html
#
<Location /repo>
# # enable Web DAV HTTP access methods DAV svn # # # repository location
SVNPath "/srv/polarion/svn/repo"
# # # write requests from WebDAV clients result in automatic commits SVNAutoversioning on
#
AuthName "Subversion repository"
# # # per-directory access control AuthzSVNAccessFile "/srv/polarion/svn/access"
#
AuthType Basic
AuthBasicProvider ldap
# # # allow mod_authnz_ldap to decline group authentication so that Apache # # will fall back to file authentication for checking group membership
AuthzLDAPAuthoritative On #
# AuthLDAPURL " ldap://yourExampleServer.com:389/ou=People,o=organization.org?uid"
#
# Require valid-user #
AuthLDAPURL "ldap://server/ou=Users,o=Organization?uid" Require ldap-group "cn=tester2,ou=Groups,o=Organization" #Require ldap-dn cn=Hlacik David,ou=Users,o=Organization AuthLDAPBindDN cn=svn,ou=Operators,o=Organization AuthLDAPBindPassword svn1 </Location>
</IfModule>
2008/4/10 Jim Perrin jperrin@gmail.com:
On Thu, Apr 10, 2008 at 2:35 PM, David Hláčik david@hlacik.eu wrote:
Hi , i am facing a strange problem.
I have centos , i wan to access svn trought apache using mod auth ldap.
This is what i have configured
AuthLDAPBindDN cn=svn,ou=Operators,o=Organization AuthLDAPBindPassword Pass1 AuthLDAPURL "ldap://ldap/ou=Users,o=Organization?uid" AuthLDAPGroupAttribute member AuthLDAPGroupAttributeIsDN on Require group cn=tester2,ou=Groups,o=OrganizationWhat is strange?
According to doc it will accept only users which DN is in group cn=teste2,ou=Groups,o=Organization.
How come, for me it will accept every one user from LDAP?
Thanks in advance!
Is this for centos 4 or centos5?
-- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
David Hláčik -
Jeff Larsen -
Jim Perrin