Results 1 to 10 of 10

Thread: No luck with uberSVN 12.4-9777 + Active Directory

  1. #1

    No luck with uberSVN 12.4-9777 + Active Directory

    Environment:

    Windows Server 2008 R2
    Install Directory: C:\Program Files (x86)\WANdisco\uberSVN

    Here's what I did:

    1. Added an LDAP Location:

    Code:
    Location Order: 1
    Location Name: DNS01
    LDAP URL: ldap://DNS01/ou=Users,DC=DNS01,DC=COMPANY,DC=COM?sAMAccountName?sub?(objectClass=*)
    Anon Bind: no
    Bind User DN: CN=<user>,OU=Users,DC=DNS01,DC=COMPANY,DC=COM
    Connection test successful.
    User retrieval successful.
    User import successful.

    2. Created a new repo, "test", changed authentication to LDAP / AD, checked DNS01

    Code:
    Auth Name: DNS01
    AuthzLDAPAuthoritative: Yes
    AuthLDAPGroupAttribute: <blank>
    AuthLDAPGroupAttributeIsDN: No
    Require: valid-user
    3. Added user from step 2 to repository permissions (R & W)

    Result:

    Cannot start the Apache service:
    Code:
    The Apache service named  reported the following error:
    > > > AuthLDAPBindDN takes one argument, DN to use to bind to LDAP server. If not provided, will do an anonymous bind.   .

  2. #2

    Resolved

    Resolution:

    1. Opened c:\Program Files (x86)\WANdisco\uberSVN\conf\conf.d\35-ldap.conf
    2. Edited AuthLDAPBindDN and encapsulated value in quotation marks (the value contains spaces since the DN is required)
    3. Started WANdisco Apache service

    Alternate Resolution:

    Revise Bind User DN to <username>@<domain><tld> or <domain>\<username>

    Result: LDAP authentication functional

    Yay.
    Last edited by Merp; 04-30-2012 at 11:42 AM.

  3. #3
    Administrator Site ModeratorSite Admin
    Join Date
    May 2011
    Posts
    312
    Thank you for taking the time to investigate this, Merp. I'll raise the issue internally.

  4. #4
    No problemo. I upgraded from the previous beta version to 12.4 without any issue on my test server, but the DN I used to bind with didn't contain any spaces. Imagine my surprise when our production SVN repos weren't working after I upgraded our production server. Oh well. That's what snapshots/backups are for

  5. #5
    Administrator Site ModeratorSite Admin
    Join Date
    May 2011
    Posts
    312
    That's true but I don't want us to be adversely affecting any production environments, so it does concern me when I see problems like this. Happy that you're up and running, though.

    As an aside, how are you finding the uberSVN experience so far? Are you using it predominantly to administrate repos and access or are you looking to bulk out via uberAPPS?

  6. #6
    Quote Originally Posted by wmellors View Post
    As an aside, how are you finding the uberSVN experience so far? Are you using it predominantly to administrate repos and access or are you looking to bulk out via uberAPPS?
    Mostly to administer repos and access. We're not that big when it comes to IT and developers, so uberSVN is perfect because, like you advertise, it's super easy to administer. I like the direction uberSVN is going and I have a hunch that multi-site/clustering might end up being an uberAPP option. If I'm right, that would definitely be a consideration for us. We're big enough to where we aren't comfortable with the idea of hosting our VCS off-network.

    We also chose uberSVN because of the option for paid support. Having that option is invaluable for smaller IT teams.

    I'll include this because some of the uberAPPS have a bit to do with project management: we're actually using a host of Atlassian products.

  7. #7
    Administrator Site ModeratorSite Admin
    Join Date
    May 2011
    Posts
    312
    Interesting stuff, really happy to hear that uberSVN is a good solution for you.

    We have big plans ahead for uberSVN and the uberAPPS store, so keep your eyes peeled for announcements. In the meantime, please do feel free to visit http://suggest.ubersvn.com and pop down any thoughts, enhancements or even wishes in the way that you'd like to see uberSVN progress. The product team review this list regularly, so its the best way to get their attention

    Anyway, hope everything continues to go well and please do let us know if you have any more questions or issues. We're here to help.


    Wayne

  8. #8
    I'm still having some difficulty getting LDAP to work, the LDAP test is functional but it won't pull any of the User data. My setup looks really familiar to yours but it just isn't working (also running on SLES 11), I also opted to go with the bind user DN as <username>@<mydomain>.<tld>. What I am curious about is what should the attribute fields be populated with (Microsoft Active Directory) right now I have
    FirstName - givenName
    LastName - surname
    EMail - mail
    Does that look right and would it have anything to do with me not pulling user data from the ldap?

  9. #9
    Quote Originally Posted by jtuman View Post
    I'm still having some difficulty getting LDAP to work, the LDAP test is functional but it won't pull any of the User data. My setup looks really familiar to yours but it just isn't working (also running on SLES 11), I also opted to go with the bind user DN as <username>@<mydomain>.<tld>. What I am curious about is what should the attribute fields be populated with (Microsoft Active Directory) right now I have
    FirstName - givenName
    LastName - surname
    EMail - mail
    Does that look right and would it have anything to do with me not pulling user data from the ldap?
    It's not necessary for uberSVN to populate those fields, but it would be beneficial if you plan on using the social aspect of the application (I used "name" for First Name, left Last Name blank and used "mail" for Email).

    By user data do you mean JUST the first name, last name and email? Or do you mean you're unable to retrieve usernames at all?

    If the latter is the case, since the LDAP connection was successful my guess is that your issue is related to what you're using for your LDAP URL. Try the base URL without adding any OU's and then try to retrieve users. So for example:

    Code:
    ldap://AD-SERVER/dc=COMPANY,dc=COM?sAMAccountName
    
    -or if your AD domain is a subdomain-
    
    ldap://AD-SERVER/dc=SUBDOMAIN,dc=COMPANY,dc=COM?sAMAccountName
    ?sAMAccountName specifies that LDAP is searching for usernames

    If you're able to retrieve users, then you can start to become more specific in where you select users from, but this is entirely optional. Example:

    Code:
    ldap://AD-SERVER/ou=Users,ou=Division,ou=Entity,dc=SUBDOMAIN,dc=COMPANY,dc=COM?sAMAccountName?sub?(objectClass=user)
    Last edited by Merp; 05-03-2012 at 02:09 PM.

  10. #10
    That got it to work, I'm not exactly sure what changed but I took the OU statements out and pulled all the users, put them back in and pulled the users I wanted. Thanks for the help.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •