apache - OpenLDAP and SVN on MAC OS X without Kerberos -

- February 15, 2015

i all! have svn server (running on mac os x captain). have configured openldap, when users access svn server username , password, access svn repositories upon success (w.r.t openldap database entries).

however, when users try log in svn authentication fails. run sldap in debug mode figure out going wrong. found out user&pass match ldap database entries. however, additionally found tries authenticate users kerberos. want svn & ldap. knows how can disable kerberos attempting authenticate?
in advance! leticia

httpd.config snipped (apache 2.4):

<location /svn/thesis> dav svn svnpath /var/svn/repositories/thesis authtype basic authname "repository" authbasicprovider ldap authldapbinddn "cn=manager,dc=company,dc=org" authldapbindpassword pasword1 authldapurl ldap://158.227.115.33:389/dc=company,dc=org?cn?sub?(objectclass=*) require ldap-group cn=activemember,ou=groups,o=company,dc=company,dc=org </location>

slap.conf

include         /private/etc/openldap/schema/core.schema include         /private/etc/openldap/schema/cosine.schema include         /private/etc/openldap/schema/inetorgperson.schema include         /private/etc/openldap/schema/nis.schema include         /private/etc/openldap/schema/samba.schema  modulepath      /usr/libexec/openldap moduleload      back_bdb.la  # rootdn can read , write everything! access dn.subtree="o=company,dc=company,dc=org"     dn.base="cn=manager,dc=company,dc=org" write     self write     users read     anonymous auth access * self write     users read     anonymous auth  database        bdb suffix          "dc=company,dc=org" rootdn          "cn=manager,dc=company,dc=org" rootpw          {ssha}dr/1yu+mrlm6pahtp+umqjujmlmmtfqd directory       /private/var/db/openldap/openldap-data  # indices maintain database index objectclass                       eq,pres index ou,cn,mail,surname,givenname  eq,pres,sub index uidnumber,gidnumber,loginshell    eq,pres index uid,memberuid                     eq,pres,sub index nismapname,nismapentry            eq,pres,sub

ldap.conf

uri ldap://127.0.0.1/ base dc=company,dc=org  #sizelimit  12 #timelimit  15 #deref      never tls_reqcert demand

log when users try log in svn (run slapd -d 255)

……… 56ec1897 do_bind: version=3 dn="cn=john,ou=members,o=company,dc=company,dc=org" method=128 56ec1897 ==> bdb_bind: dn: cn=john,ou=members,o=company,dc=company,dc=org 56ec1897 bdb_dn2entry("cn=john,ou=members,o=company,dc=company,dc=org") 56ec1897 => bdb_search 56ec1897 bdb_dn2entry("cn=kerberoskdc,cn=config,dc=company,dc=org") 56ec1897 => bdb_dn2id("cn=config,dc=company,dc=org") 56ec1897 <= bdb_dn2id: failed: db_notfound: no matching key/data pair found (-30988) 56ec1897 => access_allowed: disclose access "dc=company,dc=org" "entry" requested 56ec1897 => dn: [1] o=company,dc=company,dc=org 56ec1897 => acl_get: [2] attr entry 56ec1897 => acl_mask: access entry "dc=company,dc=org", attr "entry" requested 56ec1897 => acl_mask: values "cn=kerberoskdc,cn=config,dc=company,dc=org", (=0)  56ec1897 <= check a_dn_pat: self 56ec1897 <= check a_dn_pat: users 56ec1897 <= acl_mask: [2] applying read(=rscxd) (stop) 56ec1897 <= acl_mask: [2] mask: read(=rscxd) 56ec1897 => slap_access_allowed: disclose access granted read(=rscxd) 56ec1897 => access_allowed: disclose access granted read(=rscxd) 56ec1897 send_ldap_result: conn=-1 op=0 p=0 56ec1897 send_ldap_result: err=10 matched="dc=company,dc=org" text="" 56ec1897 entry *odusers_copy_entry(operation *): unable locate    cn=kerberoskdc,cn=config,dc=company,dc=org (32) 56ec1897 odusers_copy_krbrealm: no entry associated kerberoskdc cn=kerberoskdc,cn=config,dc=company,dc=org 56ec1897 odusers_krb_auth: not retrieve krb realm while authing john 56ec1897 send_ldap_result: conn=1000 op=2 p=3 56ec1897 send_ldap_result: err=50 matched="" text="" 56ec1897 send_ldap_response: msgid=3 tag=97 err=50 …….

i solved it!

apparently if ldap backend bdb, kerberos automatically called (don't know how/why). however, when change ldif, there aren't calls kerberos, , works expected. steps performed follows:

using apache directory studio ldap browser, exported dit ldif file.
i stopped slapd, , changed line "database bdb" "database ldif" (in slap.conf). removed files db directory, except database_config.
i started slapd, , again, using apache directory studio imported ldif file created (in step 1).
voilà :-)

Search This Blog

Jal

apache - OpenLDAP and SVN on MAC OS X without Kerberos -

i solved it!

Comments

Post a Comment

Popular posts from this blog

javascript - Slick Slider width recalculation -

jsf - PrimeFaces Datatable - What is f:facet actually doing? -

angular2 services - Angular 2 RC 4 Http post not firing -