subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Feldhacker, Chris" <>
Subject RE: Subversion Apache2.2 LDAPS authentication failed
Date Mon, 28 Feb 2011 18:53:14 GMT
-----Original Message-----
From: 金健康 [] 
Sent: Friday, February 25, 2011 12:53 AM
Subject: Subversion Apache2.2 LDAPS authentication failed


OS: Redhat Linux
Subversion: 1.5.0
Apache: 2.2.17
OpenLDAP: 2.3.27

LDAPSharedCacheSize 200000
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600

<Location /svn>
DAV svn
SVNParentPath /home/svnroot/repository
AuthzSVNAccessFile /home/svnroot/repository/svn_access_file
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldaps://,DC=ebupt,DC=com?uid?sub?(objectClass=*)"
AuthName "Subversion.resository"
Require valid-user

Apache error_log:

[Thu Feb 24 16:48:00 2011] [debug] mod_authnz_ldap.c(403): [client] [25242] auth_ldap
uthenticate: using URL
[Thu Feb 24 16:48:00 2011] [info] [client] [25242] auth_ldap authenticate: user
jinjian kang authentication failed; URI /svn [LDAP: ldap_simple_bind_s() failed][Can't contact
LDAP server]

ping is OK.

My FTP LDAPS authentication is OK as below:
port:636 Enable
Base DN:ou=staff,dc=ebupt,dc=com
anonymous bind:checked
Search Filter:(objectClass=*)
User DN attribute:uid
Search scope:subtree

Jin Jiankang

I don't see any "LDAPTrustedGlobalCert" entries that tell Apache how to verify the server
certificate...  Have you defined any in the config file?

Otherwise, you could also try adding this directive to see if it has any affect:
LDAPVerifyServerCert Off

Other than checking to verify the host name matches what's in the certificate, and making
sure the CAs are setup, you could also check out this message:


-----Message Disclaimer-----

This e-mail message is intended only for the use of the individual or
entity to which it is addressed, and may contain information that is
privileged, confidential and exempt from disclosure under applicable law.
If you are not the intended recipient, any dissemination, distribution or
copying of this communication is strictly prohibited. If you have
received this communication in error, please notify us immediately by
reply email to and delete or destroy all copies of
the original message and attachments thereto. Email sent to or from the
Principal Financial Group or any of its member companies may be retained
as required by law or regulation.

Nothing in this message is intended to constitute an Electronic signature
for purposes of the Uniform Electronic Transactions Act (UETA) or the
Electronic Signatures in Global and National Commerce Act ("E-Sign")
unless a specific statement to the contrary is included in this message.

While this communication may be used to promote or market a transaction
or an idea that is discussed in the publication, it is intended to provide
general information about the subject matter covered and is provided with
the understanding that The Principal is not rendering legal, accounting,
or tax advice. It is not a marketed opinion and may not be used to avoid
penalties under the Internal Revenue Code. You should consult with
appropriate counsel or other advisors on all matters pertaining to legal,
tax, or accounting obligations and requirements.
View raw message