I am trying to configure Bazaar (http://bazaar-vcs.org) to work with Active Directory. For this as far as I know is to place it behind an Apache instance and integrate Apache with Active Directory. I'm a novice when it comes to Apache so please don't assume that I know much about it. I have got the active directory module working in apache using SSPI. I'm struggling with the next step. I have followed the bazaar guide on integrating with apache (http://doc.bazaar.canonical.com/bzr.2.1/en/user-guide/http_smart_server.html) but it does not mention the active directory integration. I have tested the python module and that seems to be working. I can pull up Python pages generated by py scripts. With my current configuration it gives me a 401 error even though I supply my credentials. The adi part is to test active directory integration. There is a little PHP script that displays the logged in user. That part works. If I don't supply credentials when trying to access something in /bzr it challenges the web browser for credentials. I have changed this so as to hide internal details of my clients network. The following is the relevant (what I think is relevant anyway) part of the config: <VirtualHost *:9090> ServerAdmin blah@blah.com DocumentRoot "c:/apache-httpd-2.2.9-dev/htdocs/bzr" ServerName blahserver.blah.com ServerAlias blahserver.blah.com blahserver ErrorLog logs/blah-error.log CustomLog logs/blah-access.log common <Proxy *> Order deny,allow Allow from all Satisfy all </Proxy> <IfModule dir_module> DirectoryIndex index.php index.html </IfModule> Alias /bzr C:/bzr-sandbox/sh-repo <Directory C:/bzr-sandbox/sh-repo> Options Indexes +FollowSymLinks RewriteEngine On RewriteBase /bzr #RewriteRule ^(.*/|)\.bzr/smart$ C:/bzr-sandbox/sh-repo/scripts/bzr-smart.fcgi RewriteRule ^(.*/|)\.bzr/smart$ C:/bzr-sandbox/sh-repo/scripts/bzr-smart.py AllowOverride All Options None Order allow,deny Allow from all # module specific AuthName "Bzr development" AuthType SSPI SSPIAuth On # module is the final authority SSPIAuthoritative On # only authenticate against DPI no others SSPIDomain DPI # keep domain name in userid string SSPIOmitDomain Off # let non-IE clients authenticate SSPIOfferBasic On # first we try NTLM authentication and then basic authentication SSPIBasicPreferred Off # need to be in dev Group to be able to access bzr Require group "OurDomain\Bazaar-grp" </Directory> Alias C:/bzr-sandbox/sh-repo/scripts/bzr-smart.py C:/bzr-sandbox/sh-repo/scripts/bzr-smart.py <Directory C:/bzr-sandbox/sh-repo/scripts> <Files bzr-smart.py> #PythonPath "sys.path+['C:/bzr-sandbox/sh-repo/scripts']" PythonPath "['c:/Program Files/Bazaar/lib']+sys.path+['C:/bzr-sandbox/sh-repo/scripts']" AddHandler python-program .py #AddHandler mod_python .py PythonHandler bzr-smart::handler PythonDebug On </Files> </Directory> # Test active directory integration <Directory "c:/apache-httpd-2.2.9-dev/htdocs/bzr/adi"> AllowOverride None Options None Order allow,deny Allow from all # module specific AuthName "Bzr development" AuthType SSPI SSPIAuth On # module is the final authority SSPIAuthoritative On # only authenticate against DPI no others SSPIDomain DPI # keep domain name in userid string SSPIOmitDomain Off # let non-IE clients authenticate SSPIOfferBasic On # first we try NTLM authentication and then basic authentication SSPIBasicPreferred Off # need to be in dev Group to be able to access Subversion Require group "OurDomain\Bazaar-grp" </Directory> </VirtualHost> Code (markup): I have tried placing the SSPI stuff into the <Directory C:/bzr-sandbox/sh-repo/scripts> section too but it does not seem to make any difference.
I am using : apache 2.2.9 on Windows XP professional mod_python-3.3.1.win32-py2.3-Apache2.2.exe mod_auth_sspi-1.0.4-2.2.2.zip mod_proxy_html-3.0.1-w32.zip python 2.3.5