Re: Subversion integrate LDAP
Hello Wlllem, On Mon, Nov 28, 2016 at 2:58 PM, Wlllem Dalen wrote: > > ssl-access_log: > > - - [28/Nov/2016:12:40:59 +0100] "GET /svn/se/ HTTP/1.1" 401 381 > - [28/Nov/2016:12:41:12 +0100] "GET /svn/se/ HTTP/1.1" 403 209 > [28/Nov/2016:12:41:12 +0100] "GET /favicon.ico HTTP/1.1" 404 209 > > > ssl_error_log: > > Mon Nov 28 12:41:12.226892 2016] [authz_svn:error] [pid 29816] [client] > Access denied: 'user' GET se:/ Why do you name these logs "ssl_*"? As these are SVN server logs, I guess that its a typo and you intended to name them as "svn_*". > It seems that is an authorization error. When i remove > AuthzSVNAccessFile /etc/httpd/conf/dav_svn.acl > > then i have access to the repo, and that's not okay. As you see, the logged event is "Access denied: 'user' GET se:/". This event means that the user account authenticates successfully. But this account lacks permissions to "se" repository. To fix this, you should look through the authz file "/etc/httpd/conf/dav_svn.acl" and double-check the access rules it contains. Read SVNBook | Path-Based Authorization[1] section for the instructions on how to setup the access rules. [1]: http://svnbook.red-bean.com/en/1.8/svn.serverconfig.pathbasedauthz.html -- With best regards, Pavel Lyalyakin VisualSVN Team
Re: Subversion integrate LDAP
On 28.11.2016 12:58, Wlllem Dalen wrote: > It seems that is an authorization error. When i remove > *AuthzSVNAccessFile /etc/httpd/conf/dav_svn.acl* If that's the case, then this has nothing to do with LDAP — that's used of authentication, not authorization. The most likely reason is that the contents if your dav_svn.acl file are wrong, either there's a syntax error or the access rules do actually deny access to the repository. -- Brane
Subversion integrate LDAP
Hi, Everything i tried and in tried, but it won’t work. ErrorDocument 404 default DAV svn SVNParentPath /data/svn SVNListParentPath off AuthType Basic AuthBasicProvider ldap # file AuthName "SVN" AuthzSVNAccessFile /etc/httpd/conf/dav_svn.acl #ldap AuthLDAPURL "ldap://ldap-server:389/DC=dep,DC=com?sAMAccountName? sub?(&(objectClass=*)(memberOf=CN=SVN,OU=User Groups,OU=Accounts,DC=dep,DC=com))" NONE AuthLDAPBindDN "binddn of the service account" AuthLDAPBindPassword "password of the service account to search" #Require ldap-group CN=SVN,OU=ASDS,OU=User Groups,OU=Accounts,DC=dep,DC=com Require valid-user ssl-access_log: - - [28/Nov/2016:12:40:59 +0100] "GET /svn/se/ HTTP/1.1" 401 381 - [28/Nov/2016:12:41:12 +0100] "GET /svn/se/ HTTP/1.1" 403 209 [28/Nov/2016:12:41:12 +0100] "GET /favicon.ico HTTP/1.1" 404 209 ssl_error_log: Mon Nov 28 12:41:12.226892 2016] [authz_svn:error] [pid 29816] [client] Access denied: 'user' GET se:/ ssl_request_log: [28/Nov/2016:12:40:59 +0100] TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /svn/se/ HTTP/1.1" 381 [28/Nov/2016:12:41:12 +0100] TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /svn/se/ HTTP/1.1" 209 [28/Nov/2016:12:41:12 +0100] TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 "GET /favicon.ico HTTP/1.1" 209 It seems that is an authorization error. When i remove *AuthzSVNAccessFile /etc/httpd/conf/dav_svn.acl* then i have access to the repo, and that's not okay. Is there anyone who can help me? The system : RedHat 7, SVN:1.7, Apache:2.4 regards