I have CentOs 5.5 with Apache 2.2 and SVN installed. Also I have Windows 2003 R2 with Active Directory.
I'm trying to authorize users via AD so each user have access to repo if he is a member of corespondent group in AD.
Here is my apache config:
LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule authz_svn_module modules/mod_authz_svn.so LDAPVerifyServerCert off ServerName svn.mydomain.com DocumentRoot /var/www/svn.mydomain.com/htdocs RewriteEngine On [Location /] AuthType basic AuthBasicProvider ldap AuthzLDAPAuthoritative on AuthLDAPURL ldaps://comp1.mydomain.com:636/DC=mydomain,DC=com?sAMAccountName?sub?(objectClass=*) AuthLDAPBindDN binduser@mydomain.com AuthLDAPBindPassword binduserpassword [/Location] [Location /repos/test] DAV svn SVNPath /var/svn/repos/test AuthName "SVN repository for test" Require ldap-group CN=test,CN=ProjectGroups,DC=mydomain,DC=com [/Location]
When I'm using "Require valid-user" everything goes fine, "Require ldap-user" also works.
But as soon as I use "Require ldap-group" authorization fails.
Trere are no errors in apache logs, but Active Directory shows folowing error:
Event Type: Information Event Source: NTDS LDAP Event Category: LDAP Interface Event ID: 1138 Date: 10/9/2010 Time: 1:28:52 PM User: MYDOMAIN\binduser Computer: COMP1 Description: Internal event: Function ldap_compare entered. Event Type: Error Event Source: NTDS General Event Category: Internal Processing Event ID: 1481 Date: 10/9/2010 Time: 1:28:52 PM User: MYDOMAIN\binduser Computer: COMP1 Description: Internal error: The operation on the object failed. Additional Data Error value: 2 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of: 'DC=mydomain,DC=com'
I'm confused by this problem. What I'm doing wrong?
