Subversion Server Using Active Directory error

761 views Asked by At

I am using apache subversion running on linux 7. from front end i am using tortoise svn. I am trying to integrate my subversion with current AD. For which i have opened /etc/httpd/conf.d directory and given below details in subversion.conf file. Details are mentioned below

<location /svn>
DAV svn
SVNParentPath /u01/ciroot/subversion
AuthType Basic
AuthBasicProvider ldap
AuthName "Root Repo"
AuthLDAPURL "ldap://100.100.10.2:388/DC=macgroup,DC=local?sAMAccountName?sub?(&(ObjectClass=*)memberOf=CN=OBIEE_Admin,OU=OBIEE,OU=Security,OU=Groups,OU=Global Resources,DC=MACGROUP,DC=LOCAL))"
AuthLDAPBindDN "CN=oidkerbt,OU=Service Accounts,OU=Users,OU=Global Resources,DC=MACGROUP,DC=LOCAL"
AuthLDAPBindPassword welcome123@
Require valid-user
</location>

With above conf file details, when i am trying open the folders under /u01/ciroot/subversion, i am prompting the user password dialog box but when giving correct user of this group, it is not authenticating and giving below error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.

But when i am editing this file as below then it is working fine.

<location /svn>
DAV svn
SVNParentPath /u01/ciroot/subversion
AuthType Basic
AuthBasicProvider ldap
AuthName "Root Repo"
AuthLDAPURL "ldap://100.100.10.2:388/DC=macgroup,DC=local?sAMAccountName?sub?(&(ObjectClass=*))"
AuthLDAPBindDN "CN=oidkerbt,OU=Service Accounts,OU=Users,OU=Global Resources,DC=MACGROUP,DC=LOCAL"
AuthLDAPBindPassword welcome123@
Require valid-user
</location>

Can someone please help me where i am getting wrong when adding group it is failing.

Regards

1

There are 1 answers

7
LisaJ On

There is a parenthesis missing in the LDAP filter. Each attr=value pair needs to be enclosed in parenthesis. The string should read:

"ldap://100.100.10.2:388/DC=macgroup,DC=local?sAMAccountName?sub?(&(ObjectClass=*)(memberOf=CN=OBIEE_Admin,OU=OBIEE,OU=Security,OU=Groups,OU=Global Resources,DC=MACGROUP,DC=LOCAL))" None

Replacing the "None" with "STARTTLS" if you want to encrypt the communication after connection. I generally start with clear text & get everything else sorted before moving over to an encrypted connection. Then any failure can be isolated to certificate/trust issues.

I would expect the clear text LDAP port to be 389 ... but if authentication is working without the filter, then there must be an unusual port mapping / port bound to the directory service.

If authentication still fails, you might try capturing the network traffic to your LDAP server on the specified port. This will show you the exact LDAP query that is being made and the response from the directory server.