 |
|
|
|
Next: Why does IISRESET /STOP goes longer than IISRESET..
|
| Author |
Message |
External
Since: Nov 26, 2007
Posts: 1
|
(Msg. 1) Posted: Mon Nov 26, 2007 12:21 pm
Post subject: Subversion LDAP config Apache 2 vs Apache 2.2
Archived from groups: alt>apache>configuration (more info?)
|
|
|
Hello!
I just spent about 6 hours solving a configuration problem under
Apache 2.2 and wanted to record the solution for the benefit of the
hive mind.
This is the error I saw in my Apache log:
[LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
Here's a bit of config from my working setup using Apache 2 under
Ubuntu dapper, talking to a Microsoft Active Directory, to
authenticate Subversion users.
---
# Apache 2 Config
LDAPTrustedCA /etc/apache2/ssl/ldap-cert/example.p7b
LDAPTrustedCAType BASE64_FILE
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/host.cert
SSLCertificateKeyFile /etc/apache2/ssl/host.key
<Location />
DAV svn
SVNPath /var/lib/svn/myrepo
SSLRequireSSL
# Basic Authentication (secured by accessing via https/ssl)
AuthType Basic
AuthName "SVN Repo"
AuthLDAPAuthoritative On
AuthLDAPURL "ldaps://ldap.example.com:636/
OU=myGroups,DC=example,DC=com?sAMAccountName"
AuthLDAPBindDN "CN=ldap_user,OU=myGroups,DC=example,DC=com"
AuthLDAPBindPassword ldap_password
</Location>
</VirtualHost>
---
A number of changes were made between Apache 2 and Apache 2.2 that
affected this config:
1. LDAPTrustedCA and LDAPTrustedCAType were merged into
LDAPTrustedGlobalCert.
2. BASE64_FILE turns into CA_BASE64.
3. Instead of AuthLDAPAuthoritative, use AuthBasicProvider.
4. For the location directives, (not shown in my examples,) the
"require group" parameters turn into "Require ldap-group".
4. Finally, the part that had me stumped for hours, you must set
LDAPVerifyServerCert to off!
Here is the config for Apache 2.2:
---
# Apache 2.2 Config
LDAPVerifyServerCert Off
LDAPTrustedGlobalCert CA_BASE64 /etc/apache2/ssl/ldap-cert/example.p7b
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/host.cert
SSLCertificateKeyFile /etc/apache2/ssl/host.key
<Location />
DAV svn
SVNPath /var/lib/svn/myrepo
SSLRequireSSL
# Basic Authentication (secured by accessing via https/ssl)
AuthType Basic
AuthName "SVN Repo"
AuthBasicProvider ldap
AuthLDAPURL "ldaps://ldap.example.com:636/
OU=myGroups,DC=example,DC=com?sAMAccountName"
AuthLDAPBindDN "CN=ldap_user,OU=myGroups,DC=example,DC=com"
AuthLDAPBindPassword ldap_password
</Location>
</VirtualHost>
---
I hope this saves someone some time! |
|
| Back to top |
|
 | |
External
Since: Apr 17, 2007
Posts: 88
|
(Msg. 2) Posted: Mon Nov 26, 2007 4:31 pm
Post subject: Re: Subversion LDAP config Apache 2 vs Apache 2.2 [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Nov 26, 8:21 pm, Mike van Lammeren <mvanl... DeleteThis @gmail.com> wrote:
> Hello!
>
> I just spent about 6 hours solving a configuration problem under
> Apache 2.2 and wanted to record the solution for the benefit of the
> hive mind.
>
> This is the error I saw in my Apache log:
> [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
>
> Here's a bit of config from my working setup using Apache 2 under
> Ubuntu dapper, talking to a Microsoft Active Directory, to
> authenticate Subversion users.
>
> ---
> # Apache 2 Config
> LDAPTrustedCA /etc/apache2/ssl/ldap-cert/example.p7b
> LDAPTrustedCAType BASE64_FILE
>
> <VirtualHost *:443>
> SSLEngine On
> SSLCertificateFile /etc/apache2/ssl/host.cert
> SSLCertificateKeyFile /etc/apache2/ssl/host.key
>
> <Location />
> DAV svn
> SVNPath /var/lib/svn/myrepo
>
> SSLRequireSSL
>
> # Basic Authentication (secured by accessing via https/ssl)
> AuthType Basic
> AuthName "SVN Repo"
> AuthLDAPAuthoritative On
>
> AuthLDAPURL "ldaps://ldap.example.com:636/
> OU=myGroups,DC=example,DC=com?sAMAccountName"
> AuthLDAPBindDN "CN=ldap_user,OU=myGroups,DC=example,DC=com"
> AuthLDAPBindPassword ldap_password
> </Location>
> </VirtualHost>
> ---
>
> A number of changes were made between Apache 2 and Apache 2.2 that
> affected this config:
>
> 1. LDAPTrustedCA and LDAPTrustedCAType were merged into
> LDAPTrustedGlobalCert.
> 2. BASE64_FILE turns into CA_BASE64.
> 3. Instead of AuthLDAPAuthoritative, use AuthBasicProvider.
> 4. For the location directives, (not shown in my examples,) the
> "require group" parameters turn into "Require ldap-group".
> 4. Finally, the part that had me stumped for hours, you must set
> LDAPVerifyServerCert to off!
>
> Here is the config for Apache 2.2:
>
> ---
> # Apache 2.2 Config
> LDAPVerifyServerCert Off
> LDAPTrustedGlobalCert CA_BASE64 /etc/apache2/ssl/ldap-cert/example.p7b
>
> <VirtualHost *:443>
> SSLEngine On
> SSLCertificateFile /etc/apache2/ssl/host.cert
> SSLCertificateKeyFile /etc/apache2/ssl/host.key
>
> <Location />
> DAV svn
> SVNPath /var/lib/svn/myrepo
>
> SSLRequireSSL
>
> # Basic Authentication (secured by accessing via https/ssl)
> AuthType Basic
> AuthName "SVN Repo"
> AuthBasicProvider ldap
>
> AuthLDAPURL "ldaps://ldap.example.com:636/
> OU=myGroups,DC=example,DC=com?sAMAccountName"
> AuthLDAPBindDN "CN=ldap_user,OU=myGroups,DC=example,DC=com"
> AuthLDAPBindPassword ldap_password
> </Location>
>
> </VirtualHost>
> ---
>
> I hope this saves someone some time!
thank you. i will try it at work soonish |
|
| Back to top |
|
| |
| Related Topics: | apache, DAV and Subversion - Hi, i have installed the last stable version of apache 2.0 on my win2k server... i need apache server to complite the configuration of a subversion network repository, All i want to do is add some directive to the conf file. But when i add the following...
Webdav, apache 2.0, subversion - I've got subversion running nicely on apache on xp, and i'm trying to set up standard webdav for another folder. It's giving me errors for the line "DavLockDB", saying unrecognised command. It seems to be loading all the correct dav modules. An...
win32 apache 1.3.x ... which subversion of 1.3 am i running? - Hi I'm running Apache 1.3.x under win32 ... the question is ... how do I find the exact subversion of 1.3 that I have on this system? I'm gonna update to the latest version(1.3.34) but first I would like to know what I'm replacing to help research it a...
Apache 2.0 with Subversion authenticate against Active Dir.. - Hi *, running the subversion module on Apache 2.0 I want the user to authenticate with his/her user name and password managed by a Microsoft Windows 2000 Domain Controller. It should be possible to do this using the LDAP protocol. The configuration..
apache 2.0.48 ldap - I tried to install apache_2.0.48 with ldap like "./configvre" \ "--prefix=/pooh-local/apache" \ "--with-ssl=/vsr/local/ssl" \ "--enable-ssl" \ "--enable-most" \ "--with-ldap" \... |
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
|
|
|
FAQ
Profile
Private Messages
Log in
