Return-Path: 
 <users-return-22879-apmail-subversion-users-archive=subversion.apache.org@subversion.apache.org>
X-Original-To: apmail-subversion-users-archive@minotaur.apache.org
Delivered-To: apmail-subversion-users-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 2687E10583
	for <apmail-subversion-users-archive@minotaur.apache.org>;
 Sun, 15 Feb 2015 10:57:01 +0000 (UTC)
Received: (qmail 54468 invoked by uid 500); 15 Feb 2015 10:47:06 -0000
Delivered-To: apmail-subversion-users-archive@subversion.apache.org
Received: (qmail 25740 invoked by uid 500); 15 Feb 2015 10:46:49 -0000
Mailing-List: contact users-help@subversion.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@subversion.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@subversion.apache.org>
List-Post: <mailto:users@subversion.apache.org>
List-Id: <users.subversion.apache.org>
Delivered-To: mailing list users@subversion.apache.org
Received: (qmail 80466 invoked by uid 99); 15 Feb 2015 00:57:43 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 15 Feb 2015 00:57:43 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of alfredo.deluca@gmail.com
 designates 209.85.223.174 as permitted sender)
Received: from [209.85.223.174] (HELO mail-ie0-f174.google.com)
 (209.85.223.174)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 15 Feb 2015 00:57:38 +0000
Received: by iecrp18 with SMTP id rp18so11913931iec.1
        for <users@subversion.apache.org>;
 Sat, 14 Feb 2015 16:57:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=k8Wpz/Kgla6mPXyUjGS53GwNXVbWUGCqe7aPB5yaRYA=;
        b=xjwrhpL/RM99Cl44aZ8fymofIdrWMv9OFnzvmuaZZQ6mF2OqP4W5wLtPo3TgTVDR6F
         gwlKlzKOXuqvkxzdGeooYUJlDnwKh/YXk2YWws2tzoipucJTg0Uzwi1UUasUCZYQ+iln
         5ievgJ9qXAD67sMfGn7X7h0k5rKX+kI6BGiAE0SIvaIETpEv8NO3Bi3Cen9VEx2R+nWK
         /sNBaX49lyax9xokPMK3aKkviQOM0t1PkZd8UrjgLeKK2NmatKJqNQ5N0SuEYRo40pDZ
         m/FZx/zZjC9fBod2/z3NEDP8+FXBj64ThuE0IDwDPE2bWx2rXLyTCyAJ45Ra7TTGIQTZ
         cCjg==
MIME-Version: 1.0
X-Received: by 10.50.222.70 with SMTP id qk6mr13233445igc.47.1423961837999;
 Sat, 14 Feb 2015 16:57:17 -0800 (PST)
Received: by 10.36.63.204 with HTTP; Sat, 14 Feb 2015 16:57:17 -0800 (PST)
Received: by 10.36.63.204 with HTTP; Sat, 14 Feb 2015 16:57:17 -0800 (PST)
In-Reply-To: 
 <CAAWpFTH_UAM92ZcqLJ-zaT9OpeEAhFBZ-w80LmBRgkPP95tDeQ@mail.gmail.com>
References: 
 <CAAWpFTE3FPJabDezzyzKHk76bTQ6R7EF_eqBWs4zHEhFtpF6Mg@mail.gmail.com>
	<CAOCN9ryX2VfDwAXVi_wHygWFGo63+fY1gSoG5cF9jiH1Q0k70w@mail.gmail.com>
	<CAAWpFTH_UAM92ZcqLJ-zaT9OpeEAhFBZ-w80LmBRgkPP95tDeQ@mail.gmail.com>
Date: Sun, 15 Feb 2015 11:57:17 +1100
Message-ID: 
 <CAAWpFTGjUGQ8Mt=hLD3nKZEiCYdjoi0Te4C=Towb1qRk4D3dAQ@mail.gmail.com>
Subject: Re: HTTP + SVN + AD
From: Alfredo De Luca <alfredo.deluca@gmail.com>
To: Nico Kadel-Garcia <nkadel@gmail.com>
Cc: Subversion <users@subversion.apache.org>
Content-Type: multipart/alternative; boundary=001a11344d8a871d06050f15f318
X-Virus-Checked: Checked by ClamAV on apache.org

--001a11344d8a871d06050f15f318
Content-Type: text/plain; charset=UTF-8

Hi all.
I figured that out was a filter/search on AD was getting not unique
username so they couldn't log in.
All ok now. Httpd and svn and AD are working together.
Thanks
On 29/01/2015 9:05 AM, "Alfredo De Luca" <alfredo.deluca@gmail.com> wrote:

> Thanks Nico.
> I will give it a try. Any reference/link how to do so?
> Thanks
> On 28/01/2015 3:55 PM, "Nico Kadel-Garcia" <nkadel@gmail.com> wrote:
>
>> On Tue, Jan 27, 2015 at 7:43 PM, Alfredo De Luca
>> <alfredo.deluca@gmail.com> wrote:
>> > Hi all.
>> > I have apache2 + svn 1.6. If I use SVN with local user it's all ok but
>> > when I try to integrated with Active Directory I have weird issue.
>> > With my account (with AD username and password) I have access with no
>> prob.
>> > Others can't access it at all. Below is the subversion.conf that I am
>> using.
>> > I have also tried to change my password on AD and still having access
>> > with the new password. Others in the ldap-group still not having
>> > access at all.
>>
>> Ignore AD's LDAP, if I may suggest. Rely on just the Kerberos
>> credentials to authenticate, underlying AD, and use svnserve.conf to
>> manage user and group privileges. This completely moves away from the
>> LDAP intricacies.
>>
>> > What am I missing? Any clue?
>> >
>> > Thanks heaps for any info
>> >
>> > Regards
>>
>> Just that I've frequently found AD's LDAP to be managed by monkeys
>> trying to write Hamlet by randomly clicking buttons on the screen.
>> Debugging it for them tends to raise the hackles of the people
>> administering it: pointing them to the RFC's or walking them through
>> how the underlying technology works can be really embarassing for all
>> concerned.
>>
>

--001a11344d8a871d06050f15f318
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<p dir=3D"ltr">Hi all.<br>
I figured that out was a filter/search on AD was getting not unique usernam=
e so they couldn&#39;t log in.<br>
All ok now. Httpd and svn and AD are working together. <br>
Thanks</p>
<div class=3D"gmail_quote">On 29/01/2015 9:05 AM, &quot;Alfredo De Luca&quo=
t; &lt;<a href=3D"mailto:alfredo.deluca@gmail.com">alfredo.deluca@gmail.com=
</a>&gt; wrote:<br type=3D"attribution"><blockquote class=3D"gmail_quote" s=
tyle=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p d=
ir=3D"ltr">Thanks Nico.<br>
I will give it a try. Any reference/link how to do so?<br>
Thanks </p>
<div class=3D"gmail_quote">On 28/01/2015 3:55 PM, &quot;Nico Kadel-Garcia&q=
uot; &lt;<a href=3D"mailto:nkadel@gmail.com" target=3D"_blank">nkadel@gmail=
.com</a>&gt; wrote:<br type=3D"attribution"><blockquote class=3D"gmail_quot=
e" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">=
On Tue, Jan 27, 2015 at 7:43 PM, Alfredo De Luca<br>
&lt;<a href=3D"mailto:alfredo.deluca@gmail.com" target=3D"_blank">alfredo.d=
eluca@gmail.com</a>&gt; wrote:<br>
&gt; Hi all.<br>
&gt; I have apache2 + svn 1.6. If I use SVN with local user it&#39;s all ok=
 but<br>
&gt; when I try to integrated with Active Directory I have weird issue.<br>
&gt; With my account (with AD username and password) I have access with no =
prob.<br>
&gt; Others can&#39;t access it at all. Below is the subversion.conf that I=
 am using.<br>
&gt; I have also tried to change my password on AD and still having access<=
br>
&gt; with the new password. Others in the ldap-group still not having<br>
&gt; access at all.<br>
<br>
Ignore AD&#39;s LDAP, if I may suggest. Rely on just the Kerberos<br>
credentials to authenticate, underlying AD, and use svnserve.conf to<br>
manage user and group privileges. This completely moves away from the<br>
LDAP intricacies.<br>
<br>
&gt; What am I missing? Any clue?<br>
&gt;<br>
&gt; Thanks heaps for any info<br>
&gt;<br>
&gt; Regards<br>
<br>
Just that I&#39;ve frequently found AD&#39;s LDAP to be managed by monkeys<=
br>
trying to write Hamlet by randomly clicking buttons on the screen.<br>
Debugging it for them tends to raise the hackles of the people<br>
administering it: pointing them to the RFC&#39;s or walking them through<br=
>
how the underlying technology works can be really embarassing for all<br>
concerned.<br>
</blockquote></div>
</blockquote></div>

--001a11344d8a871d06050f15f318--