FAQ
Hi , i am facing a strange problem.

I have centos , i wan to access svn trought apache using mod auth ldap.

This is what i have configured

AuthLDAPBindDN cn=svn,ou=Operators,o=Organization
AuthLDAPBindPassword Pass1
AuthLDAPURL "ldap://ldap/ou=Users,o=Organization?uid"
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN on
Require group cn=tester2,ou=Groups,o=Organization

What is strange?

According to doc it will accept only users which DN is in group
cn=teste2,ou=Groups,o=Organization.

How come, for me it will accept every one user from LDAP?

Thanks in advance!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.centos.org/pipermail/centos/attachments/20080410/89a47ebe/attachment.htm

Search Discussions

  • Jeff Larsen at Apr 10, 2008 at 6:54 pm

    On Thu, Apr 10, 2008 at 1:35 PM, David Hl??ik wrote:
    Hi , i am facing a strange problem.

    I have centos , i wan to access svn trought apache using mod auth ldap.

    This is what i have configured

    AuthLDAPBindDN cn=svn,ou=Operators,o=Organization
    AuthLDAPBindPassword Pass1
    AuthLDAPURL "ldap://ldap/ou=Users,o=Organization?uid"
    AuthLDAPGroupAttribute member
    AuthLDAPGroupAttributeIsDN on
    Require group cn=tester2,ou=Groups,o=Organization

    What is strange?

    According to doc it will accept only users which DN is in group
    cn=teste2,ou=Groups,o=Organization.

    How come, for me it will accept every one user from LDAP?
    Your config looks correct, if it is in the correct context element in
    your .conf file. Is it within a <Location> element that references
    your svn repository path? Please show more of your config.

    Are you sure Apache is querying the LDAP server? Are you prompted for
    a login. Are you denied if a bad password or username is given?

    --
    Jeff
  • Jim Perrin at Apr 10, 2008 at 7:03 pm

    On Thu, Apr 10, 2008 at 2:35 PM, David Hl??ik wrote:
    Hi , i am facing a strange problem.

    I have centos , i wan to access svn trought apache using mod auth ldap.

    This is what i have configured

    AuthLDAPBindDN cn=svn,ou=Operators,o=Organization
    AuthLDAPBindPassword Pass1
    AuthLDAPURL "ldap://ldap/ou=Users,o=Organization?uid"
    AuthLDAPGroupAttribute member
    AuthLDAPGroupAttributeIsDN on
    Require group cn=tester2,ou=Groups,o=Organization

    What is strange?

    According to doc it will accept only users which DN is in group
    cn=teste2,ou=Groups,o=Organization.

    How come, for me it will accept every one user from LDAP?

    Thanks in advance!
    Is this for centos 4 or centos5?


    --
    During times of universal deceit, telling the truth becomes a revolutionary act.
    George Orwell
  • David Hláčik at Apr 10, 2008 at 9:01 pm
    Hi, all,

    1) it is CentOs 5.1
    2) i am sure that LDAP is working according to error and access logs (when i
    will type bad user it will fail, when i will type bad password it will
    inform me about password mismath)
    3) yes it is in correct <Location> directory
    I am sending whole config file :

    LoadModule dav_svn_module modules/mod_dav_svn.so
    LoadModule authz_svn_module modules/mod_authz_svn.so
    LoadModule authnz_ldap_module modules/mod_authnz_ldap.

    <IfModule mod_dav_svn.c>




    # - uncomment location section below and modify it according to your
    situation.

    # You will need to change at least the AuthLDAPURL
    parameter.

    #


    # Documentation of the LDAP module used, and its parameters, is available
    at

    # http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html


    # http://httpd.apache.org/docs/2.2/mod/mod_ldap.html


    #


    <Location
    /repo>


    # # enable Web DAV HTTP access methods
    DAV svn
    #
    # # repository
    location

    SVNPath
    "/srv/polarion/svn/repo"


    #
    # # write requests from WebDAV clients result in automatic commits
    SVNAutoversioning
    on


    #


    AuthName "Subversion
    repository"


    #
    # # per-directory access control
    AuthzSVNAccessFile
    "/srv/polarion/svn/access"


    #


    AuthType
    Basic


    AuthBasicProvider
    ldap


    #
    # # allow mod_authnz_ldap to decline group authentication so that
    Apache
    # # will fall back to file authentication for checking group
    membership

    AuthzLDAPAuthoritative On
    #

    # AuthLDAPURL "
    ldap://yourExampleServer.com:389/ou=People,o=organization.org?uid"


    #


    # Require valid-user
    #

    AuthLDAPURL "ldap://server/ou=Users,o=Organization?uid"
    Require ldap-group "cn=tester2,ou=Groups,o=Organization"
    #Require ldap-dn cn=Hlacik David,ou=Users,o=Organization
    AuthLDAPBindDN cn=svn,ou=Operators,o=Organization
    AuthLDAPBindPassword svn1
    </Location>





    </IfModule>

    2008/4/10 Jim Perrin <jperrin@gmail.com>:
    On Thu, Apr 10, 2008 at 2:35 PM, David Hl??ik wrote:
    Hi , i am facing a strange problem.

    I have centos , i wan to access svn trought apache using mod auth ldap.

    This is what i have configured

    AuthLDAPBindDN cn=svn,ou=Operators,o=Organization
    AuthLDAPBindPassword Pass1
    AuthLDAPURL "ldap://ldap/ou=Users,o=Organization?uid"
    AuthLDAPGroupAttribute member
    AuthLDAPGroupAttributeIsDN on
    Require group cn=tester2,ou=Groups,o=Organization

    What is strange?

    According to doc it will accept only users which DN is in group
    cn=teste2,ou=Groups,o=Organization.

    How come, for me it will accept every one user from LDAP?

    Thanks in advance!
    Is this for centos 4 or centos5?


    --
    During times of universal deceit, telling the truth becomes a
    revolutionary act.
    George Orwell

    _______________________________________________
    CentOS mailing list
    CentOS@centos.org
    http://lists.centos.org/mailman/listinfo/centos
    -------------- next part --------------
    An HTML attachment was scrubbed...
    URL: http://lists.centos.org/pipermail/centos/attachments/20080410/fc68ef18/attachment.htm

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcentos @
categoriescentos
postedApr 10, '08 at 6:35p
activeApr 10, '08 at 9:01p
posts4
users3
websitecentos.org
irc#centos

People

Translate

site design / logo © 2022 Grokbase