Active Directory LDAP and user issues (using apache2 for svn access)

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by CaCl on Server Fault See other posts from Server Fault or by CaCl
Published on 2010-04-06T18:36:55Z Indexed on 2010/04/06 18:43 UTC
Read the original article Hit count: 474

Filed under:
|
|

I currently have a setup where I work that lets users use their active directory domain logins and passwords to authenticate and authorize access to Subversion. Currently I need to allow application accounts the same access. So our IT group creates application accounts in the active directory for us to use. But they want to be "secure" so they set the "Workstations Allowed" to be only a limited number of workstations. So when an application account hits the apache2 server for authentication they can't login for some reason and I'm having a heck of a time trying to debug. The error logs only show me:

[Tue Apr 06 11:24:25 2010] [warn] [client 24.24.24.24] [3469] auth_ldap authenticate: user appuser13 authentication failed; URI /svn [ldap_simple_bind_s() to check user credentials failed][Invalid credentials]
[Tue Apr 06 11:24:25 2010] [error] [client 24.24.24.24] user appuser13: authentication failure for "/svn": Password Mismatch

I've checked the password numerous times and it appears to be correct but I can't seem to get the user to authenticate properly. Below is a snippet of the apache configuration for ldap:

# Auth providers
# Active Directory
<AuthnProviderAlias ldap ldap1>
    AuthBasicProvider ldap
    AuthLDAPURL "ldap://dmain.company.com:389/dc=dmain,dc=company,dc=com?sAMAccountName?sub?(objectClass=*)"
    AuthLDAPBindDN "CN=svnuser13,OU=Application Accounts,dc=dmain,dc=teradata,dc=com"
    AuthLDAPBindPassword secret3
</AuthnProviderAlias>

# Another set of users from a different group
<AuthnProviderAlias ldap ldap2>
    AuthBasicProvider ldap
    AuthLDAPURL ldap://diffldapserver:389/dc=specialusers,dc=com?uid
</AuthnProviderAlias>

# Another set of users from a different group
<AuthnProviderAlias file file1>
        AuthUserFile /var/svn/auth/htpasswd
</AuthnProviderAlias>

<Location /svn>
    DAV svn
    SVNPath /var/svn

    Satisfy Any
    Require valid-user

    AuthType Basic
    AuthName "SVN Repository"
    AuthBasicProvider ldap1 file1 ldap2
    AuthzSVNAccessFile /var/svn/auth/access
    AuthzLDAPAuthoritative  on
    Require valid-user
</Location>

Any help, like tips for debugging is appreciated!

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about apache2

Related posts about ldap

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle