Configure LDAP for Apache 2.2 on Redhat Linux

Discussion in 'Apache' started by Jirong Hu, Sep 25, 2013.

0
  1. #1
    Hi All

    I want to setup LDAP authentication for my SVN. This is my platform:

    Linux 2.6.32-358.18.1.el6.x86_64 x86_64
    Apache/2.2.15 (Red Hat) Server
    svn, version 1.6.11 (r934486)

    I can switch to userid/password authentication with no issue to access SVN repos, but can't make the LDAP authentication work. It didn't prompt for userid and password! If I took out "Satisfy Any", then I got an "Internal Server Error".

    Can you guys tell me how to troubleshoot this problem? I spent two days trying everything I can find from the Internet.

    There is a bug very close to my situation but we are using port 389 and set LDAPVerifyServerCert Off also doesn’t resolve my issue:https://issues.apache.org/bugzilla/show_bug.cgi?id=50630

    Here is my subversion.conf, which is included into httpd.conf.
    Code:
    DAV svn
    SVNParentPath /var/www/svn
    SVNListParentPath on
    SVNAutoversioning on SVNReposName "BMO Subversion Repository"
    AuthType Basic
    AuthName "office.adroot.bmogc.net"

    # LDAP
    AuthBasicProvider ldap
    AuthzLDAPAuthoritative off
    AuthLDAPBindDN "CN=svnldapuser,OU=Service Accounts,OU=Domain Administration,DC=office,DC=adroot,DC=bmogc,DC=net"
    AuthLDAPBindPassword "111111"
    AuthLDAPURL "ldap://office.adroot.bmogc.net:389/DC=office,DC=adroot,DC=bmogc,DC=net?sAMAccountName?sub"
    #AuthUserFile /etc/svn-auth-conf
    #AuthzSVNAccessFile /etc/svn-acl-conf
    Require valid-user
    Satisfy Any


    Here are the some logs during the debug:

    [Mon Sep 23 15:25:05 2013] [debug] mod_auth_vas.c(1839): [mod_auth_vas] get_server_creds: using def ault HTTP.keytab
    [Mon Sep 23 15:25:05 2013] [debug] mod_auth_vas.c(1856): [mod_auth_vas] Successfully established cre dentials for HTTP/
    [Mon Sep 23 15:25:06 2013] [debug] mod_auth_vas.c(2001): [mod_auth_vas] Successfully authenticated a s HTTP/ using the default HTTP.ketyab [Mon Sep 23 15:25:06 2013] [info] Init: Seeding PRNG with 256 bytes of entropy
    [Mon Sep 23 15:25:06 2013] [info] Init: Generating temporary RSA private keys (512/1024 bits)
    [Mon Sep 23 15:25:06 2013] [info] Init: Generating temporary DH parameters (512/1024 bits)


    The only thing I am not sure is I found this in our
    Code:
    JIRA LDAP integration: User Object Filter: (&(objectCategory=Person)(memberof=CN=ccusers,OU=U NIX Security Groups,OU=CTD_CM_RMG,OU=Corporate Clients V2,DC=office,DC=adroot,DC=bmogc,DC=net))

    Group Object Filter: (&(objectCategory=Group)(sAMAccountName=))
     
    Jirong Hu, Sep 25, 2013 IP