Hello,
I'm like floating helpless in the water. Scenario: I'd like to
authenticate some useres having write access to specific repositories on
the subversion server via OpenLDAP and already set up things, which
are decribed below in further detail. But trying to check out or import
or check in things never worked due to svnserve never contacts the LDAP.
I think I have already every prerequisite software installed. Here it is:
cyrus-sasl-2.1.22_1 RFC 2222 SASL (Simple Authentication and Security Layer)
cyrus-sasl-ldapdb-2.1.22 SASL LDAPDB auxprop plugin
openldap-sasl-client-2.4.11 Open source LDAP client implementation with
SASL2 support
openldap-sasl-server-2.4.11 Open source LDAP server implementation
Subversion 1.5.1
OpenLDAP is running fine, subversiona is also running fine.
Out of the most recent documentations I took several 'cook-book'
examples to perform successfully access to repositories by LDAP
authenticated users.
In LDAP I created
olcAuthzRegEx with uid
0}"uid=(^[^,].*),cn=realm.de,cn=external,cn=auth"
"cn=svnserve,dc=dc=realm,dc=de"
The DIT contains this entity:
dn: cn=svnproxy,dc=realm,dc=de
objcetClass: top
objectClass: organizationalPerson
cn: svnproxy
sn: svnproxy
authzTo: ldap:///dc=realm,dc=de??base?(objectClass=posixAccount)
I created a file in /usr/local/etc/sasl2/svn.conf which conatins
following things:
pwcheck_method: auxprop
auxprop_plugin: ldap
ldapdb_uri: ldap://ldap.realm.de/
#ldapdb_id: svnproxy
dapdb_mech: EXTERNAL
ldapdb_rc: /usr/local/etc/sasl2/svn_ldaprc
ldapdb_startls: yes
log_level: 7
The autheticating client machine is already part of an LDAP backed up
network and authenticates users successfully.
A server.pem and server.key SSL certificate and key-file are present and
have been approved working.
After installing cyrus-sasl2-ldap port I recompiled everything (LDAP,
subversion and fellows ...) making sure I did not forget anything.
Subversion's repository has been configured out of the handbook, very
simple and is already using SASL. But whatever I do, svn complains about
non-existent users in the database:
svn: Authentication error from server: SASL(-13): user not found: no
secret in database
svn: Your commit message was left in a temporary file:
On the LDAP-server side, I never see a contact-attempt (server runs with
logging ACL and stats), nor do I see any reasonable logging messages on
the client side although I configured loglevel 7, but this seems to be a
simple bogus fake option.
I can't tell how many different ways I tried (but with that crap of
documentation in SASL it is hard to come along with some clues).
I also tried the different ways of user mapping described in the
OpenLDAP 2.4 docu, but without success - I can't see any logging when
the attempt to access a mapped user is performed. Even worser, it is
impossible to make 'authzTo' visible in ldapvi or LUMA, so I fly blind
when creating/adding this attribute.
Well, I'm not capable of getting any LDAP contact so I guess there is
something special with the port or I'm to stupid reading the documentation.
If there is someone out here running a similar scenario, you are welcome
to give me some hints.
Thanks in advance,
Oliver
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
