TurnKey Linux Virtual Appliance Library

SVN Authentication with AD Users via Likewise-Open?

I've setup a Turnkey RCS server, and installed LikeWise-Open to allow Active Directory users to authenticate to the machine. I've created an AD user group to contain the users which will have write access to the SVN repositories, and I've changed the permissions of the repositories folders so that the group has rwx permissions. Group members can checkout the code, but are unable to checkin: svn: E170001: Authorization failed Any ideas would be appreciated :)

Permissions

Are you sure you changed all the perms on all the .svn folders as well?

JM

Permissions

Hi JM,

Yes I'm fairly sure.  Details of the setup are below:

I moved the contents of /srv/repos (bzr, git, hg, svn folders) to /mnt/repo, and created symlinks to the new location of each folder.

The owner & group for the symlinks is root/root.

The owner of each of the folders in /mnt/repo is root, however the group is an AD group - this permission was applied recursively: 

  • cd /mnt/repo 
  • chgrp -R "groupname" *

The permissions applied to these folders are 775.

  • chmod -R 775 *

Inside the /mnt/repo/svn folder are 3 repositories (including the default helloworld).

I can checkout the helloworld repository using:

svn co svn://<repo address>/svn/helloworld

However trying to commit changes results in "Authorization failed".

 

If I modify the svnserve.conf file in the helloworld/conf folder, and set anon-access = write, then I can commit without error (but anonymously, which is useless).

 

Any suggestions for how to enable my AD users to commit to the repositories would be greatly appreciated :)

Permissions

I wonder what the result would be if you had the dev log directly onto the repository server and have them try a checkin there.  It might help you determine if it's a UNIX permssions thing or an svn config issue.

JM

SVN Config issue

JM,

Logging into the Repository server as an AD user, checking out the helloworld repository and then checking it back in results in:

  • svn: Commit failed (details follow):
  • svn: Authorization failed

SVN appears to be using some other mechanism (apart from just file/folder permissions) to control which users have write access to the repository.

Permissons

svnserve.conf

The svnserve.conf file is vanilla for the Turnkey rcs image, and hasn't been modified:

  • [general]
  • # anon-access = read
  • # auth-access = write
  • # password-db = passwd
  • # authz-db = authz
  • # realm = My First Repository
  • [sasl]
  • # use-sasl = true
  • # min-encryption = 0
  • # max-encryption = 256

sasl is enabled (by default), and svnserve is build with sasl support.

Uncomment the following

Uncomment the following line

# password-db = passwd

and add the users into this passwd file.

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)