转自:http://www.iusesvn.com/bbs/thread-2375-1-1.html
3天了,从早到晚,LDAP集成就是不成功,我快要疯掉了,大家看有什么建议,谢谢了!!
完整过程如下:
1.安装Apache2.2.6
#tar zxvf httpd-2.2.6.tar.gz
#cd httpd-2.2.6
#./configure --prefix=/local/apache2 --enable-so --enable-mods-shared=all --enable-dav=share --enable-dav-fs --with-ldap --enable-ldap --enable-authnz-ldap
# make
# make install
2.安装Subversion1.4.3
#tar jxvf subversion-1.4.3.tar.bz2
#cd subversion-1.4.3
#./configure --with-apxs=/local/apache2/bin/apxs --prefix=/local/subversion --with-apr=/local/apache2 --with-apr-util=/local/apache2 --with-ssl --with-zlib --enable-maintainer-mode
# make
# make install
3.修改apache的配置文件httpd.conf
修改:
User svnroot
Group svn
ServerName 192.168.5.253
(注:第一行是在Linux下建的用户,第二行是对应的组,第三行是本机的ip)
修改:
<Location /svn>
DAV svn
SVNPath /home/svnroot/repository/test
AuthzSVNAccessFile /home/svnroot/repository/conf/test.authz
AuthType Basic
AuthName "test for home"
AuthUserFile /home/svnroot/repository/conf/test.usr
Require valid-user
</Location>
#/local/apache2/bin/apachectl start
截至到目前为止,htpasswd命令对/home/svnroot/repository/conf/test.usr文件增加用户,并在/home/svnroot/repository/conf/test.authz中设置权限,SVN都可以完全正常工作。
下面问题就来了:
4.增加:LDAP认证
修改apache的配置文件httpd.conf
增加语句:
LDAPSharedCacheSize 200000
LDAPCacheEntries 1024
LDAPCacheTTL 600
LDAPOpCacheEntries 1024
LDAPOpCacheTTL 600
修改</Location>
<Location /svn>
DAV svn
SVNPath /home/svnroot/repository/test
AuthzSVNAccessFile /home/svnroot/repository/conf/test.authz
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://192.168.10.101:389/dc=phx,dc=corp?sAMAccountName?sub?(objectClass=*)"NONE
AuthLDAPBindDN "cn=LDAPservice,dc=phx,dc=corp"
AuthLDAPBindPassword 123456
AuthName "test for home"
Require valid-user
</Location>
配置后,无论用windows的域用户还是htpasswd建立的用户,都无法访问,apache的error_log信息如下:
[Sat Mar 01 17:05:38 2008] [warn] [client 192.168.5.133] [25788] auth_ldap authenticate: user john authentication failed; URI /module [LDAP: ldap_simple_bind_s() failed][Invalid credentials]
[Sat Mar 01 17:05:38 2008] [error] [client 192.168.5.133] user john: authentication failure for "/svn": Password Mismatch
求助阿,[LDAP: ldap_simple_bind_s() failed][Invalid credentials]这个怎么解决阿?大家帮我看看,出出意见阿。。。谢谢!!!
我把Apache的日志优先级设为最高:LogLevel debug,有新的发现:
启动的时候显示:mod_authnz_ldap.c(978): LDAP: auth_ldap not using SSL connections
[info] LDAP: SSL support available
是不是Apache在通过LDAP认证的时候,一定要用SSL阿?
日志如下:
[Tue Mar 04 17:32:39 2008] [notice] SIGHUP received. Attempting to restart
......
[Tue Mar 04 17:32:39 2008] [debug] mod_authnz_ldap.c(978): LDAP: auth_ldap not using SSL connections
[Tue Mar 04 17:32:39 2008] [notice] Digest: generating secret for digest authentication ...
[Tue Mar 04 17:32:39 2008] [notice] Digest: done
[Tue Mar 04 17:32:39 2008] [info] APR LDAP: Built with OpenLDAP LDAP SDK
[Tue Mar 04 17:32:39 2008] [info] LDAP: SSL support available
[Tue Mar 04 17:32:39 2008] [info] mod_unique_id: using ip addr 127.0.0.1
[Tue Mar 04 17:32:40 2008] [notice] Apache/2.2.6 (Unix) DAV/2 SVN/1.4.3 configured -- resuming normal operations
[Tue Mar 04 17:32:40 2008] [info] Server built: Mar 1 2008 15:59:44
问题解决了。。。晚上回家请自己吃大餐。
修改配置文件中的下面语句:
AuthLDAPURL "ldap://192.168.10.101:389/dc=phx,dc=corp?sAMAccountName?sub?(objectClass=*)"NONE
把端口389改成3268就OK了。
参考google上的一篇文章:
http://jon.netdork.net/2006/07/0 ... nd-active-directory
关联文章:
http://wenwen.soso.com/z/q240981345.htm
http://developer.51cto.com/art/201005/201827.htm