Hi, the documentation for AuthzLDAPAuthoritative : <snip>Prevent other authentication modules from authenticating the user if this one fails</snip>
Default is on but you did set it to off, why? If ldap fails another authorization will be tried. The main problems should be the line <snip> AuthType Digest</snip>. As far as I know you can use digest/MD5 password encryption with file authentification but not with LDAP. LDAP requires basic authentification. But beware that without any other security meachanism like VPN or SSL a simple network sniffer will be able to get the passwords from the network stream. bye, David > "Smith, Mitchell" <mitchell.sm...@cwc.com> hat am 1. Mai 2013 um 15:52 > geschrieben: > > Hi, > > I am trying to implement ldap authentication into my configuration for svn > running under apache2.2 (httpd2.2.24) running on Linux. > > I have the following configuration, but it appears that it always fails to > call the ldap server. > > <IfModule dav_svn_module> > <Location /> > DAV svn > SVNParentPath /opt/subversion/repos > SVNListParentPath On > AuthzSVNAccessFile /opt/subversion/svnaccess > AuthzLDAPAuthoritative off > AuthBasicProvider ldap > AuthType Digest > AuthName "<http://DOMAIN.COM> " > AuthLDAPBindDN "CN=TestSVN,OU=Users - > Users,OU=Accounts,DC=CWIHQ,DC=CWIGINTRA,DC=COM" > AuthLDAPBindPassword "Password" > AuthLDAPURL > "ldap://<http://LDAP.DOMAIN.COM:389/DC=DOMAIN,DC=COM?sAMAccountName?sub?(objectClass=*)> > " > Require valid-user > # AuthUserFile > /usr/subversion/apache2/conf.d/svnAuthBlank > </Location> > </IfModule> > > It appears that ldap is never called, and the authentication attempts to fall > back to the AuthUserFile, which I do not want. > > I have checked multiple tutorials online and cannot see where I am going > wrong. If I un-comment the AuthUserFile it fails to authenticate as the user > does not exist in the file. > > Can anyone assist with this. > > Thanks > > -- > Mitchell Smith > > > > The information contained in this email (and any attachments) is confidential > and may be privileged. If you are not the intended recipient > and have received this email in error, please notify the sender immediately > by reply email and delete the message and any attachments. > If you are not the named addressee, you must not copy, disclose, forward or > otherwise use the information contained in this email. > Cable & Wireless Communications Plc and its affiliates reserve the right to > monitor all email communications through their networks to > ensure regulatory compliance. > > Cable & Wireless Communications Plc is a company registered in England & > Wales with number: > 07130199 and offices located at 3rd Floor, 26 Red Lion Square, London WC1R > 4HQ > >
