SVN SASL Commit – Authorisation failed

active-directoryauthorizationsaslsvn

I've been attempting to setup our SVN server to be accessible by both DAV SVN through Apache and now the SVN:// protocol (for better performance)

root@svnvm:~# svnserve --foreground -d --foreground -R --config-file /svn/svnserve.conf -r /svn/projects/ --log-file /var/log/svn.log

I do recieve this error when starting the svnserve process;

root@svnvm:~# tail /var/log/auth.log

Mar  7 09:58:21 svnvm svnserve: auxpropfunc error invalid parameter supplied
Mar  7 09:58:21 svnvm svnserve: _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: ldapdb

I'm still able to read/checkout the repository using correct Active Directory credentials (it fails when entering incorrect ones), accessed via svn://svn/test/

However when I commit, Tortoise SVN displays;

Command: Commit  
Error: Commit failed (details follow):  
Error: Authorisation failed  
Completed!:

root@svnvm:~# tail /var/log/svn.log 

9660 2012-03-06T23:08:37.983867Z 10.0.0.122 dev test open 2 cap=(edit-pipeline svndiff1 absent-entries depth mergeinfo log-revprops) / SVN/1.7.2 TortoiseSVN-1.7.3.22386
9660 2012-03-06T23:08:37.984316Z 10.0.0.122 dev test ERR /build/buildd/subversion-1.6.6dfsg/subversion/svnserve/serve.c 167 170001 Authorisation failed

Server Configuration;

root@svnvm:~# cat /svn/authz

[/]
* = rw

root@svnvm:~# cat /svn/svnserve.conf

[general]
authz-db=/svn/authz
password-db=/svn/passwd
realm=Example Subversion Server
anon-access = none
auth-access = write

[sasl]
use-sasl = true
min-encryption = 0
max-encryption = 0

root@svnvm:~# ls -l /svn/projects/test/

total 28
drwxrwsr-x 2 root root 4096 2012-03-06 17:41 conf
drwxrwsr-x 3 root root 4096 2010-05-27 02:25 dav
drwxrwsr-x 6 root root 4096 2011-04-05 18:11 db
-r--rwSr-- 1 root root    2 2010-05-27 00:04 format
drwxrwsr-x 2 root root 4096 2010-05-27 02:23 hooks
drwxrwsr-x 2 root root 4096 2010-05-27 00:04 locks
-rw-rwSr-- 1 root root  229 2010-05-27 00:04 README.txt

root@svnvm:~# cat /etc/saslauthd.conf

###################################################################

ldap_servers: ldap://Example-blade.Example.Example.com.au:3268

ldap_search_base: OU=Example Staff,DC=Example,DC=Example,DC=com,DC=au

ldap_bind_dn: CN=Development,OU=Other,OU=Example Staff,DC=Example,DC=Example,DC=com,DC=au

ldap_bind_pw: -----

#ldap_mech: PLAIN

# Misc options for LDAP to make it work with Microsoft AD.  Nothing to change here, #move along…
ldap_deref: never
ldap_restart: yes
ldap_scope: sub
ldap_use_sasl: no
ldap_start_tls: no
ldap_version: 3
ldap_auth_method: bind
ldap_filter: sAMAccountName=%u
ldap_password_attr: userPassword
ldap_timeout: 10
ldap_cache_ttl: 30
ldap_cache_mem: 32768
#########################################################################

root@svnvm:~# cat /usr/lib/sasl2/svn.conf

pwcheck_method: saslauthd
auxprop_plugin: ldapdb

mech_list: PLAIN LOGIN
ldapdb_mech: PLAIN LOGIN

root@svnvm:~# testsaslauthd -u dev -p —–

0: OK "Success."

root@svnvm:~# tail /etc/default/saslauthd

#MECHANISMS="pam"
MECHANISMS="ldap"

root@svnvm:~# svnserve –version

svnserve, version 1.6.6 (r40053)
Cyrus SASL authentication is available.

Best Answer

The solution was that svnserve was being run with -R

-R [--read-only]         : force read only, overriding repository config file

Removing this allowed committing.

Related Topic