SASL2, Subversion and LDAP authtication
ohartman at zedat.fu-berlin.de
Mon Aug 25 07:45:29 UTC 2008
I already setup a working subversion server and need to autehnticate
accessing users against a LDAP server. The LDAP serving machine is
located on another box and compiled against cyrus-sasl2-port. OpenLDAP
(2.4.11), Subversion (1.5.X as taken from the ports) are capable of
handling SASL2, so I double checked this.
I followed the instructions to setup subversion
connecting/authenticating users via sasl2 but I do not have any success.
It is said that for subversion I need to create a config file
'svn.conf' in the place were sasl2 expects plugins, so this
/usr/local/lib/sasl2. There resides a chmod'd 755 file named svn.conf
with this content:
The file /usr/local/etc/sasl2/ldaprc containts LDAP specific parameters
like TLS_CACERT file etc.
Well, someone would complain about ldapdb_id and ldapdb_pw, they ar set
to bogus values at the moment as I try to figure out how things work
(the documentation is more than bad in this subject).
My problem is as follows: whenever I try to access the repository which
should authenticate against LDAP I get a SASL error complaining about
non-accessible Berkeley db /usr/local/etc/sasl2db not accessible
(permission denied). Well, this confuses me. That means subversion is
NOT accessing the LDAP path, it seems it uses authd (sasl2) directly. I
try to log the console and slapd output, both do not show up anything
execpt console log shows the mentioned Berkeley db issue.
My LDAP server is configured not to autheticate clients via there own
SSL certificates, so the bogus 'anonymous' tag and empty password is
simply I try to get LDAP's and subversion's log messages triggered - if
subversion will ever contact LDAP.
I guess subversion never looks for a config file 'svn.conf' in
Well, I'm a little bit desperate about less knowledge about sasl2 and
how it works, so if there is someone out here with a working
subversion.ldap configuration on FreeBSD (I use everywhere 7.0-STABLE) I
appreciate any comments, tips and hints.
Thanks you very much in advance,
More information about the freebsd-questions