I'm trying to link my LDAP with an Apache 2.4 server dedicated to my SVN repositories, so I use the Apache mods dav_svn and authnz_ldap. The LDAP works properly on its own.
I could manage to bind the server with an admin DN, and search for the user I need.
When connecting, if the user doesn't exist, it is a [No such object] error (yay !). However, if the user exists, the LDAP always returns an [Invalid credentials] error, even if the password is correct.
Here is the Apache error.log end
[authnz_ldap:debug] [pid 9243:tid 2990508864] mod_authnz_ldap.c(516): [client ::1:46639] AH01691:
auth_ldap authenticate: using URL ldap://my_ldap_ip:port/ou=aaaa,dc=company,dc=fr?uid?sub
[ldap:debug] [pid 9243:tid 2990508864] util_ldap.c(379): AH01278:
LDAP: Setting referrals to On.
[authnz_ldap:info] [pid 9243:tid 2990508864] [client ::1:46639] AH01695:
auth_ldap authenticate: user mr.myself authentication failed; URI /svn/ [ldap_simple_bind() to check user credentials failed][Invalid credentials]
[auth_basic:error] [pid 9243:tid 2990508864] [client ::1:46639] AH01617:
user mr.myself: authentication failure for "/svn/": Password Mismatch
And here is my config file
<VirtualHost domain:443>
ServerName domain
SSLEngine On
SSLCertificateFile /path/to/ssl/cert.pem
SSLCertificateKeyFile /path/to/ssl/key.pem
SSLProtocol all
SSLCipherSuite HIGH:MEDIUM
<Location /svn>
DAV svn
SVNParentPath /path/to/svn/repositories
SVNListParentPath ON
AuthType Basic
AuthName "a nice message"
AuthBasicProvider ldap
AuthLDAPURL ldap://my_ldap_ip:port/ou=aaaa,dc=company,dc=fr?uid?sub
AuthLDAPBindDN cn=mr-admin,ou=cccc,ou=bbbb,dc=company,dc=fr
AuthLDAPBindPassword clear_password
<RequireAll>
Require valid-user
Require ssl
Require ldap-group cn=svngroup,ou=ffff,ou=eeee,ou=dddd,dc=company,dc=fr
</RequireAll>
</Location>
</VirtualHost>
The only config I added to Apache besides this file is "Listen 443" in ports.conf
Do you have any idea about what the problem is ? I've been searching for a while now, and I need this working soon.
Thanks for reading (and sorry for that bad english)
——- Edit : additional details
-
This is my whole code
-
I only changed the domain, paths, DN names, and bindDN password for clarity.
-
I have the same result when changing
uid
intocn
-
Here are the ldapsearch results
.
ldapsearch -x -H ldap://my_ldap_ip:port/ -D cn=mr.myself,ou=gggg,ou=aaaa,dc=company,dc=fr -w 'p4(sSwo]rd' -v
ldap_initialize( ldap://my_ldap_ip:port/??base )
ldap_bind: Invalid credentials (49)
ldapsearch -x -H ldap://my_ldap_ip:port/ -D cn=mr.myself,ou=gggg,ou=aaaa,dc=company,dc=fr -w p4(sSwo]rd -v
bash: syntax error near unexpected token "("
Best Answer
Thanks for the help.
This is a valid configuration, the problem was located in our LDAP. I had my password reset and everything works fine.