On Tue, Nov 9, 2010 at 12:54 PM, Patricia A Moss <[email protected]> wrote:
> > I appreciate all of the help that I am receiving. I have still not been > successful in resolving this. > > I removed the line: > Require valid-user > > I have tried using: > ?samAccountName?sub?(objectClass=*) > Instead of: > ?samAccountName?sub?(objectCategory=person) > > That is the only difference I see in my config files and the examples in > the google hits. Yet I am still not successful in accessing the repository. > I am, apparently, quite a novice with SVN, LDAP and ActiveDirectory because > I am really confused as to how to proceed. > > > PATI MOSS > System Engineer Sr. Professional > CSC > > > From: [email protected] To: Patricia A Moss/USA/c...@csc Cc: > [email protected] Date: 11/09/2010 11:13 AM Subject: Re: locking > down access to a repository > ------------------------------ > > > > Patricia A Moss <[email protected]> wrote on 11/09/2010 09:41:42 AM: > > > From: Patricia A Moss <[email protected]> > > To: [email protected] > > Cc: [email protected] > > Date: 11/09/2010 09:41 AM > > Subject: Re: locking down access to a repository > > > > > > >I don't think you want the "Require valid-user" line, since by > > default it uses > > >ANY of the Require lines as matches. (And in your case valid-user > > matches all > > >users so it doesn't care you are also specifying a group and an user.) > > > > But if I remove that line then no one can access the repository. > > I think you also may need to be less specific with your ldapurl (remove the > objectclass or use * ??): > (Assuming active directory, this is like what I have used in the past) > > AuthLDAPURL "ldap:// > ad.example.com/ou=group,dc=example,dc=com?sAMAccountName" > AuthLDAPGroupAttribute member > Require ldap-group ... > > It has been quite awhile since I used ldap groups instead of authz files... > > This first google hit has some examples: > * > ** > http://www.held-im-ruhestand.de/software/apache-ldap-active-directory-authentication > *<http://www.held-im-ruhestand.de/software/apache-ldap-active-directory-authentication> > > As does this one: > * > ** > http://ramblings.gibberishcode.net/archives/apache-22-and-active-directory-and-group-restrictions/36 > *<http://ramblings.gibberishcode.net/archives/apache-22-and-active-directory-and-group-restrictions/36> > > Kevin R. > > Although this is probably better suited for the apache/mod_ldap list, I'll attempt to help. do your domain controllers support unencrypted binds (very dangerous)? can you supply any apache/AD debug logs? can you supply versions of apache/mod_ldap? can you describe anything that is knows to be working? ...this should be pretty straight forward to troubleshoot if you give us some useful information to work with. I speak without a full understanding of the lists user base, but I bet none of them can or ever will be able to read the minds of the end user with a problem (let alone know how their systems are configured). If there is such a wonderful beasty, I'd be mighty interested in meeting them. /OSG
