Subversion 1.5.1 authentication with OpenLDAP 2.4.11 via SASL2: trouble, svn never contacts LDAP :-(
- From: "O. Hartmann" <ohartman@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 02 Sep 2008 14:18:38 +0000
Hello,
I'm like floating helpless in the water. Scenario: I'd like to authenticate some useres having write access to specific repositories on the subversion server via OpenLDAP and already set up things, which are decribed below in further detail. But trying to check out or import or check in things never worked due to svnserve never contacts the LDAP.
I think I have already every prerequisite software installed. Here it is:
cyrus-sasl-2.1.22_1 RFC 2222 SASL (Simple Authentication and Security Layer)
cyrus-sasl-ldapdb-2.1.22 SASL LDAPDB auxprop plugin
openldap-sasl-client-2.4.11 Open source LDAP client implementation with SASL2 support
openldap-sasl-server-2.4.11 Open source LDAP server implementation
Subversion 1.5.1
OpenLDAP is running fine, subversiona is also running fine.
Out of the most recent documentations I took several 'cook-book' examples to perform successfully access to repositories by LDAP authenticated users.
In LDAP I created
olcAuthzRegEx with uid
0}"uid=(^[^,].*),cn=realm.de,cn=external,cn=auth" "cn=svnserve,dc=dc=realm,dc=de"
The DIT contains this entity:
dn: cn=svnproxy,dc=realm,dc=de
objcetClass: top
objectClass: organizationalPerson
cn: svnproxy
sn: svnproxy
authzTo: ldap:///dc=realm,dc=de??base?(objectClass=posixAccount)
I created a file in /usr/local/etc/sasl2/svn.conf which conatins following things:
pwcheck_method: auxprop
auxprop_plugin: ldap
ldapdb_uri: ldap://ldap.realm.de/
#ldapdb_id: svnproxy
dapdb_mech: EXTERNAL
ldapdb_rc: /usr/local/etc/sasl2/svn_ldaprc
ldapdb_startls: yes
log_level: 7
The autheticating client machine is already part of an LDAP backed up network and authenticates users successfully.
A server.pem and server.key SSL certificate and key-file are present and have been approved working.
After installing cyrus-sasl2-ldap port I recompiled everything (LDAP, subversion and fellows ...) making sure I did not forget anything.
Subversion's repository has been configured out of the handbook, very simple and is already using SASL. But whatever I do, svn complains about non-existent users in the database:
svn: Authentication error from server: SASL(-13): user not found: no secret in database
svn: Your commit message was left in a temporary file:
On the LDAP-server side, I never see a contact-attempt (server runs with logging ACL and stats), nor do I see any reasonable logging messages on the client side although I configured loglevel 7, but this seems to be a simple bogus fake option.
I can't tell how many different ways I tried (but with that crap of documentation in SASL it is hard to come along with some clues).
I also tried the different ways of user mapping described in the OpenLDAP 2.4 docu, but without success - I can't see any logging when the attempt to access a mapped user is performed. Even worser, it is impossible to make 'authzTo' visible in ldapvi or LUMA, so I fly blind when creating/adding this attribute.
Well, I'm not capable of getting any LDAP contact so I guess there is something special with the port or I'm to stupid reading the documentation.
If there is someone out here running a similar scenario, you are welcome to give me some hints.
Thanks in advance,
Oliver
_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"
- Prev by Date: Re: dump/restore don't work, handbook lies
- Next by Date: su: _secure_path: cannot stat /dev/null/.login_conf: Not a directory, Any help?
- Previous by thread: starting sysinstall at boot time
- Next by thread: su: _secure_path: cannot stat /dev/null/.login_conf: Not a directory, Any help?
- Index(es):
Relevant Pages
|
