Date: Mon, 25 Aug 2008 07:25:44 +0000 From: "O. Hartmann" <ohartman@zedat.fu-berlin.de> To: freebsd-questions@freebsd.org Subject: SASL2, Subversion and LDAP authtication Message-ID: <48B25E78.9090306@zedat.fu-berlin.de>
next in thread | raw e-mail | index | archive | help
Sirs, I already setup a working subversion server and need to autehnticate accessing users against a LDAP server. The LDAP serving machine is located on another box and compiled against cyrus-sasl2-port. OpenLDAP (2.4.11), Subversion (1.5.X as taken from the ports) are capable of handling SASL2, so I double checked this. I followed the instructions to setup subversion connecting/authenticating users via sasl2 but I do not have any success. It is said that for subversion I need to create a config file 'svn.conf' in the place were sasl2 expects plugins, so this /usr/local/lib/sasl2. There resides a chmod'd 755 file named svn.conf with this content: auxprop_plugin: ldap pwcheck_method: auxprop ldapdb_uri: ldap://my.ldap.server/ ldapdb_id: anonymous ldapdb_pw: ldapdb_mech: EXTERNAL ldapdb_rc: /usr/local/etc/sasl2/ldaprc ldapdb_startls: yes mech_list: EXTERNAL log_level: 7 The file /usr/local/etc/sasl2/ldaprc containts LDAP specific parameters like TLS_CACERT file etc. Well, someone would complain about ldapdb_id and ldapdb_pw, they ar set to bogus values at the moment as I try to figure out how things work (the documentation is more than bad in this subject). My problem is as follows: whenever I try to access the repository which should authenticate against LDAP I get a SASL error complaining about non-accessible Berkeley db /usr/local/etc/sasl2db not accessible (permission denied). Well, this confuses me. That means subversion is NOT accessing the LDAP path, it seems it uses authd (sasl2) directly. I try to log the console and slapd output, both do not show up anything execpt console log shows the mentioned Berkeley db issue. My LDAP server is configured not to autheticate clients via there own SSL certificates, so the bogus 'anonymous' tag and empty password is simply I try to get LDAP's and subversion's log messages triggered - if subversion will ever contact LDAP. I guess subversion never looks for a config file 'svn.conf' in /usr/local/lib/sasl2/. Well, I'm a little bit desperate about less knowledge about sasl2 and how it works, so if there is someone out here with a working subversion.ldap configuration on FreeBSD (I use everywhere 7.0-STABLE) I appreciate any comments, tips and hints. Thanks you very much in advance, Oliver --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48B25E78.9090306>