Topic: Need to restart machine where apache server is configured.

[megha_kolombkar]

Hello

I have configured the SVN setup using the apache server (LDAP +SSL configuration). When i try to login thru the Tortoise SVN client i face issues in logging in with the following error in logs "auth_ldap authenticate: user abc authentication failed; URI /test [ldap_search_ext_s() for user failed][Operations Error]"

Wen i restart my machine i am able to login successfully.

LDAP configuration below.
##################
#Subversion configuration - Enable LDAP
<Location /test>
DAV svn
SVNPath C:/svnroot/test

#Do basic password authentication in the clear
AuthType Basic

AuthName "Subversion Repository"

#Make LDAP the authentication mechanism
AuthBasicProvider "ldap"

#Options FollowSymLinks
Order allow,deny
Allow from all


#The LDAP query URL
AuthLDAPURL "ldap://server.example.com:389/DC=example,DC=com?sAMAccountName?sub?(objectClass=user)"


#Make LDAP authentication is final
AuthzLDAPAuthoritative off

#Active Directory requires an authenticating DN to access records
AuthLDAPBindDN "abc@example.com"


#This is the password for the AuthLDAPBindDN user in Active Directory
AuthLDAPBindPassword "mypasswd123"

AuthzSVNAccessFile C:/etc/svn-acl_intel

Require valid-user

</Location>
##################

Please let me know if I have been missing on any of the configurations. I have the IIS service disabled on boot up and then start the APACHE service.

Using Apache 2.2.14. Please let me know if there is any other information that you would need to know.

Thanks
-M

[James Blond]

I googled a bit. Maybe this links helps you

http://blogs.open.collab.net/svn/2009/03/subversion-with-apache-and-ldap-updated.html

[megha_kolombkar]

Hi,

I have used the same link to setup my configuration , but I do not find the reason/solution to restart m/c time and again when I face the error "auth_ldap authenticate: user abc authentication failed; URI /test [ldap_search_ext_s() for user failed][Operations Error]"

Is there any thing else that I may be missing or is this a standard behaviour?

Thanks
-Megha

[megha_kolombkar]

Hello All,

Currently, I am moving with the restart. I have another issue. Can we have "AuthLDAPBindPassword "mypasswd123"" removed from the file as the password should not be displayed in the file. Instead, there may be methods to have some pop -up or some encrypted passwords. I still want to use LDAP and not use htpasswd for any encryprion. I want the username and password that goes into the flat file be picked at runtime.

Can someone suggest me if there is any know way to do this?

Thanks
-Megha

[James Blond]

mod_sspi can also work with a domain, but I think it is easier to manage.

Something like

[megha_kolombkar]

Hello James,

I have a query as to, if both SSPI and LDAP can be configured together?
As per my finding looks like either one can be used for authentication.
Please correct me if I am wrong .

Thanks
-Megha

[James Blond]

I haven't tried it out. But I think it should work together. Since the other auth methods work together.

Trial and error