Announcement

Collapse
No announcement yet.

LDAP Authentication

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • LDAP Authentication

    Hi,

    I have a problem with using LDAP/AD as an authentication method for uberSVN and TortoiseSVN. If the user tries to lock a file, open repo-browser he is asked to enter his credentials. As there is LDAP authentication configured in uberSVN settings this should be normal windows id and password for each user. This works fine for 2/7 users (not tested all so far). One user tried to login via TortoiseSVN yesterday, but was not able to. Looking at error.log showed:
    user %USERID%: authentication failure for "/Repo/bla/blub": Password Mismatch (<-- Password was definitely correct)

    Details of my Configuration:

    Software:
    uberSVN 13.2-3008 / SVN - 1.7 on Windows Server 2008 R2 x64
    Client: TortoiseSVN 1.7.11 on Windows 7 Enterprise 32-Bit

    Config of uberSVN:
    Repository: Permissions: Users and Teams (Where users are integrated too). Team+each specific user has got either rw or admin rights. Affected user is admin of the repo same as my user which is able to login successfully.
    Authentication: uberSVN internally managed

    LDAP-Locations: Can retrieve users out of AD correctly. Login to uberSVN works for every user.

    Can you provide support on this issue? Thanks in advance.

    Regards
    Christoph
    Last edited by Christoph_DE; 03-27-2013, 09:32 AM.

  • #2
    Hi there,

    To setup auth for both uberSVN and your repositories using LDAP you need to add the location, retrieve the users, then change the following 2 settings:
    - on LDAP locations tab - change Use LDAP for uber login authentication to Yes
    - on the Repositories tab > yourreponame > Authentication select LDAP / Active Directory Authentication

    In your post you say that LDAP auth is configured in uberSVN but then say that the Authentication is set to uberSVN internally managed. Which is correct?

    Comment


    • #3
      I am very confused:

      I can authenticate to uberSVN via LDAP, so if I set repo authentication to uberSVN internally this should be LDAP!?

      My understanding was that repo auth via LDAP would make it possible to set permissions through special LDAP-Groups!? Could you tell me a sample configuration for this repo auth via LDAP, so I can test if it solves my problem?

      Best regards and happy Easter
      Christoph

      Comment


      • #4
        We have a video tutorial that will walk you through basic LDAP setup in uberSVN, you can find it here.

        Comment


        • #5
          Is that video available somewhere other than youtube or vimeo? Those (and probably most others) are blocked by corporate firewalls. Is there a corresponding wiki entry with screenshots instead? My problem is that the ubersvn auth through AD works fine (even when users change their AD password) but the repository browser is stuck requiring old passwords, and that's only if we use svn internally managed. If I try changing it to LDAP/Activedirectory authentication then no one can login with any password old or new.

          Comment


          • #6
            Good point, I'll work at converting that into a KB article (hopefully today).

            Comment


            • #7
              Originally posted by Mand View Post
              We have a video tutorial that will walk you through basic LDAP setup in uberSVN, you can find it here.
              At first: Thanks for the link to this video.

              This is what works quite well with our uberSVN installation. I configured this exactly as described in the video and I am able to retreive users via LDAP and also authenticate to uberSVN via LDAP. BUT: Some users are able to login to the uberSVN Web-Portal but cannot access any repository where they have permissions (rw). The authentication for these repositories works over "uberSVN internally managed".

              So this video does not really help me with my problem.

              Again: LDAP location configured. Use LDAP for uber login authentication (yes). Repository permissions (uberSVN internally managed). Repository authentication (uberSVN internally managed).

              Best regards
              Christoph

              Comment


              • #8
                Originally posted by Mand View Post
                We have a video tutorial that will walk you through basic LDAP setup in uberSVN, you can find it here.
                Sorry but this video does not help me at all.

                Once again my problem:

                LDAP location configured successful. Users retreived. Login to uberSVN portal page successful for all users.

                Repositories set up with permissions and authentication internally managed, which works for me and some colleagues. But some colleagues are not able to authenticate to the repository allthough they have r/w rights set in the repo permissions.

                The error message in the log displays: password mismatch

                This cannot be true because the users use the correct password to login (which works for portal login).

                So I do not know how to solve this and I have no idea how to search for the problem. Users are in the same AD-Groups.

                If this problem is not solved quickly we have to switch to another subversion installation instead of uberSVN.

                Comment


                • #9
                  Great video, except it didn't finish the process. I have completed the above video steps, imported all of my users, have them in the group Everyone with RW permissions on our repo "CADDemo" and yet only administrators can login using clients such as TortoiseSVN. Non-Admin users are only able to login to UberSVN through the UberSVN Portal. Admins can also use the UberPortal to browse the repo but non-Administrators cannot.

                  Hopefully I'm not considered post-Jacking here

                  Comment


                  • #10
                    I just ran across this note which explains one of the problems I'm having:
                    http://docs.ubersvn.com/v1.0/reference.html#R78

                    Known Problem (Windows only)
                    Enabling LDAP authentication for a repository will prevent you from viewing it using uberSVN's repository browser.
                    We're looking to fix the problem, although our long term strategy is to bring in a replacement repository browser.
                    This explains why I can never get LDAP authentication working for the repository browser, because Ubersvn is installed on Windows Server 2008 R2 SP 1 Standard.

                    See Thread: W2K3R2 Server - uberSVN #12.4-9777 SVN - Repo Browser Not Working With LDAP/AD User

                    Comment


                    • #11
                      I can use the Repo Browser and access the repo with LDAP Authentication enabled if my account is registered as an Admin in UberSVN. I am running UberSVN on a Windows Server 2008R2 w/SP1 box.

                      Comment


                      • #12
                        is the video link mentioned above still available? I am trying to connect a repository in our new SVN environment to our active directory. I've setup the LDAP location, and configured the repository to use that LDAP location, but when either I try to browse the repository or use the TortoiseSVN from my laptop, I cannot connect. I see a password mismatch error in the server's error log.

                        Comment

                        Working...
                        X