-----Original Message----- From: 金健康 [mailto:jinjiankang1...@gmail.com] Sent: Friday, February 25, 2011 12:53 AM To: users@subversion.apache.org Subject: Subversion Apache2.2 LDAPS authentication failed
Hi, OS: Redhat Linux Subversion: 1.5.0 Apache: 2.2.17 OpenLDAP: 2.3.27 httpd.conf: ... LDAPSharedCacheSize 200000 LDAPCacheEntries 1024 LDAPCacheTTL 600 LDAPOpCacheEntries 1024 LDAPOpCacheTTL 600 <Location /svn> DAV svn SVNParentPath /home/svnroot/repository AuthzSVNAccessFile /home/svnroot/repository/svn_access_file AuthType Basic AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthLDAPURL "ldaps://master.ldap.ebupt.com:636/OU=staff,DC=ebupt,DC=com?uid?sub?(objectClass=*)" SS L AuthName "Subversion.resository" Require valid-user </Location> ... Apache error_log: [Thu Feb 24 16:48:00 2011] [debug] mod_authnz_ldap.c(403): [client 10.1.85.181] [25242] auth_ldap a uthenticate: using URL ldaps://master.ldap.ebupt.com:636/OU=staff,DC=ebupt,DC=com?uid?sub?(objectCl ass=*) [Thu Feb 24 16:48:00 2011] [info] [client 10.1.85.181] [25242] auth_ldap authenticate: user jinjian kang authentication failed; URI /svn [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server] ping master.ldap.ebupt.com is OK. My FTP LDAPS authentication is OK as below: server:master.ldap.ebupt.com port:636 Enable SSL:checked Base DN:ou=staff,dc=ebupt,dc=com anonymous bind:checked Search Filter:(objectClass=*) User DN attribute:uid Search scope:subtree Thanks. Jin Jiankang ============================ I don't see any "LDAPTrustedGlobalCert" entries that tell Apache how to verify the server certificate... Have you defined any in the config file? http://httpd.apache.org/docs/2.2/mod/mod_ldap.html Otherwise, you could also try adding this directive to see if it has any affect: LDAPVerifyServerCert Off Other than checking to verify the host name matches what's in the certificate, and making sure the CAs are setup, you could also check out this message: http://subversion.open.collab.net/ds/viewMessage.do?dsForumId=3&dsMessageId=395193 FWIW! -----Message Disclaimer----- This e-mail message is intended only for the use of the individual or entity to which it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply email to conn...@principal.com and delete or destroy all copies of the original message and attachments thereto. Email sent to or from the Principal Financial Group or any of its member companies may be retained as required by law or regulation. Nothing in this message is intended to constitute an Electronic signature for purposes of the Uniform Electronic Transactions Act (UETA) or the Electronic Signatures in Global and National Commerce Act ("E-Sign") unless a specific statement to the contrary is included in this message. While this communication may be used to promote or market a transaction or an idea that is discussed in the publication, it is intended to provide general information about the subject matter covered and is provided with the understanding that The Principal is not rendering legal, accounting, or tax advice. It is not a marketed opinion and may not be used to avoid penalties under the Internal Revenue Code. You should consult with appropriate counsel or other advisors on all matters pertaining to legal, tax, or accounting obligations and requirements.