Active Directory LDAP and user issues (using apache2 for svn access)

Posted by CaCl on Server Fault See other posts from Server Fault or by CaCl
Published on 2010-04-06T18:36:55Z Indexed on 2010/04/06 18:43 UTC
Read the original article Hit count: 511

Filed under:
|
|

I currently have a setup where I work that lets users use their active directory domain logins and passwords to authenticate and authorize access to Subversion. Currently I need to allow application accounts the same access. So our IT group creates application accounts in the active directory for us to use. But they want to be "secure" so they set the "Workstations Allowed" to be only a limited number of workstations. So when an application account hits the apache2 server for authentication they can't login for some reason and I'm having a heck of a time trying to debug. The error logs only show me:

[Tue Apr 06 11:24:25 2010] [warn] [client 24.24.24.24] [3469] auth_ldap authenticate: user appuser13 authentication failed; URI /svn [ldap_simple_bind_s() to check user credentials failed][Invalid credentials]
[Tue Apr 06 11:24:25 2010] [error] [client 24.24.24.24] user appuser13: authentication failure for "/svn": Password Mismatch

I've checked the password numerous times and it appears to be correct but I can't seem to get the user to authenticate properly. Below is a snippet of the apache configuration for ldap:

# Auth providers
# Active Directory
<AuthnProviderAlias ldap ldap1>
    AuthBasicProvider ldap
    AuthLDAPURL "ldap://dmain.company.com:389/dc=dmain,dc=company,dc=com?sAMAccountName?sub?(objectClass=*)"
    AuthLDAPBindDN "CN=svnuser13,OU=Application Accounts,dc=dmain,dc=teradata,dc=com"
    AuthLDAPBindPassword secret3
</AuthnProviderAlias>

# Another set of users from a different group
<AuthnProviderAlias ldap ldap2>
    AuthBasicProvider ldap
    AuthLDAPURL ldap://diffldapserver:389/dc=specialusers,dc=com?uid
</AuthnProviderAlias>

# Another set of users from a different group
<AuthnProviderAlias file file1>
        AuthUserFile /var/svn/auth/htpasswd
</AuthnProviderAlias>

<Location /svn>
    DAV svn
    SVNPath /var/svn

    Satisfy Any
    Require valid-user

    AuthType Basic
    AuthName "SVN Repository"
    AuthBasicProvider ldap1 file1 ldap2
    AuthzSVNAccessFile /var/svn/auth/access
    AuthzLDAPAuthoritative  on
    Require valid-user
</Location>

Any help, like tips for debugging is appreciated!

© Server Fault or respective owner

Related posts about apache2

Related posts about ldap