> On Aug 21, 2016, at 2:28 PM, Sam Ruby <[email protected]> wrote: > > On Sun, Aug 21, 2016 at 5:10 PM, Craig Russell <[email protected]> > wrote: >> >>> On Aug 21, 2016, at 11:50 AM, Sam Ruby <[email protected]> wrote: >>> >>> TL;DR: add one line to httpd.conf (LDAPVerifyServerCert Off); add back >>> in the LDAP authentication; restart the server, and you should be up >>> and running. Details: >>> >>> https://github.com/apache/whimsy/commit/89556b48642a7696e11501c1a180f9339e63b4f5 >>> >>> On Sun, Aug 21, 2016 at 1:20 PM, Craig Russell <[email protected]> >>> wrote: >>>> I reverted the change to whimsy.conf and can now get back to where I was >>>> yesterday. >>> >>> Which isn't where you want to be. >>> >>>> So, if the server is running as clr, with my local credentials, why does >>>> svn complain? >>>> >>>> Where is it that we tell sever to run as clr? >>> >>> Let me split that into three questions, and answer each in turn. >>> >>> 1) Q: I have a local checkout of an ASF SVN repository, what allows >>> whimsy applications to read and write these files? >>> >>> A: Running httpd as your local user (per whoami) does this. This >>> change was made to httpd.conf. >> >> Just to be clear, this is the change I made to httpd.conf: >> <IfModule unixd_module> >> # >> # If you wish httpd to run as a different user or group, you must run >> # httpd as root initially and it will switch. >> # >> # User/Group: The name (or #number) of the user/group to run httpd as. >> # It is usually good practice to create a dedicated user and group for >> # running httpd, as with most system services. >> # >> User clr >> Group staff >> >> </IfModule> > > That's the one. > >>> 2) Q: What enables me to run *local* svn commands against these files? >>> >>> A: This is done via shelling out to the SVN command line. For this >>> reason, it is important that SVN is in the PATH environment as defined >>> in your whimsy.conf. >> >> Right. And per above, svn commands should be run under userid clr. > > Correct. > >>> 3) Q: What enables me to run commands (like commit) that interact with >>> the Apache svn server? >> >> "Commands (like commit)" is not clear to me. Are you talking about the >> secretary/workbench commit button? >>> >>> A: This requires prompting you for you Apache user id and password. >> >> Here you must be talking about the recent change to protect www/secretary. >> >> + <Directory /Users/rubys/git/whimsy/www/secretary> >> + AuthType Basic >> + AuthName "ASF Secretarial Team" >> + AuthBasicProvider ldap >> + AuthLDAPUrl "ldaps://ldap-lb-us.apache.org:636 >> ldap1-us-west.apache.org:636/ou=people,dc=apache,dc=org?uid" >> + AuthLDAPGroupAttribute member >> + AuthLDAPGroupAttributeIsDN on >> + Require ldap-group >> cn=asf-secretary,ou=groups,ou=services,dc=apache,dc=org >> + </Directory> >> >> So you want to restrict use of the services at www/secretary to the apache >> server ldap secretary team. >> I don’t see how this affects running svn locally. :( > > That does restrict the services. This is done by prompting you for > your username and password. Those values (username and password) are > passed as parameters on certain svn commands (like svn commit) and on > various LDAP API calls.
Just so I understand, how do you pass credentials to the svn shell command? > > This is why commits on whimsy-vm3 made by you are done with your user id. > > At the moment, whimsy.local is attempting to be as close as possible > to whimsy-vm3.apache.org. Various IDEs and even the command line can > be configured to save your password(*), but no whimsy code caches > credentials. I cannot get a credential prompt any more. It asked once and now it is using the clr/local-password I gave it hours ago, which is obviously wrong for apache credentials. How can I get it to prompt me again? Craig > > - Sam Ruby > > [1] > http://svnbook.red-bean.com/en/1.6/svn.serverconfig.netmodel.html#svn.serverconfig.netmodel.creds Craig L Russell Architect [email protected] P.S. A good JDO? O, Gasp!
