iF.SVNAdmin
iF.SVNAdmin copied to clipboard
mfreiholz
Getting error while Login
Hi,
I installed version 1.6.2 on a Ubuntu system. After successful configuration, when i try to login, i get the error Exception list - Wrong user/password combination.
I have added the user in the file userroleassignments.ini. When i look into the logs, i see this error
[Tue Oct 14 09:01:31.433396 2014] [:error] [pid 14337] [client 10.18.0.103:63688] PHP Warning: ldap_search(): Search: Operations error in /var/www/html/SVNAdmin/include/ifcorelib/IF_AbstractLdapConnector.class.php on line 290, referer: http://10.1.7.88:8100/login.php
Please help me out.
Regards, Krishna M S
Hello Krishna,
was the bind test successful on the config page? What is your config for LDAP auth?
kind regards
Lars
Hi Krishna, could you also post your config.ini (without the LDAP password), please? Thanks
Hi,
Please find enclosed the config.ini
[Common] FirstStart=0 BackupFolder=./data/backup/
[Translation] Directory=./translations/
[Engine:Providers] AuthenticationStatus=basic UserViewProviderType=ldap UserEditProviderType= GroupViewProviderType=svnauthfile GroupEditProviderType=svnauthfile AccessPathViewProviderType=svnauthfile AccessPathEditProviderType=svnauthfile RepositoryViewProviderType=svnclient RepositoryEditProviderType=svnclient
[ACLManager] UserRoleAssignmentFile=./data/userroleassignments.ini
[Subversion] SVNAuthFile=/home/svn-access-manager/config/svn-access.toradex_vietnam
[Repositories:svnclient] SVNParentPath=/srv/toradex_vietnam SvnExecutable=/usr/bin/svn SvnAdminExecutable=/usr/bin/svnadmin
[Users:passwd] SVNUserFile=
[Users:digest] SVNUserDigestFile= SVNDigestRealm=SVN Privat
[Ldap] HostAddress=ldap://10.0.0.2:389/ ProtocolVersion=3 BindDN=CN=trdxsvn,CN=users,DC=toradex,DC=int BindPassword=abcdefg CacheEnabled=false CacheFile=./data/ldap.cache.json
[Users:ldap] BaseDN=DC=toradex,DC=int SearchFilter=(objectClass=user) Attributes=sAMAccountName
[Groups:ldap] BaseDN=DC=insanefactory,DC=com SearchFilter=(objectClass=group) Attributes=sAMAccountName GroupsToUserAttribute=member GroupsToUserAttributeValue=distinguishedName
[Update:ldap] AutoRemoveUsers=true AutoRemoveGroups=true
[GUI] RepositoryDeleteEnabled=false RepositoryDumpEnabled=false AllowUpdateByGui=true
BTW, when i do a test, it does not give an error. But it says 1 user and 0 groups. This was strange since i have about 100 users and 40 groups.
Thanks, Krishna M S
On Tue, Oct 14, 2014 at 7:03 PM, Manuel Freiholz [email protected] wrote:
Hi Krishna, could you also post your config.ini (without the LDAP password), please? Thanks
— Reply to this email directly or view it on GitHub https://github.com/mfreiholz/iF.SVNAdmin/issues/76#issuecomment-59043431 .
Hi,
The Bind was successful.
Hi,
Please find enclosed the config.ini
[Common] FirstStart=0 BackupFolder=./data/backup/
[Translation] Directory=./translations/
[Engine:Providers] AuthenticationStatus=basic UserViewProviderType=ldap UserEditProviderType= GroupViewProviderType=svnauthfile GroupEditProviderType=svnauthfile AccessPathViewProviderType=svnauthfile AccessPathEditProviderType=svnauthfile RepositoryViewProviderType=svnclient RepositoryEditProviderType=svnclient
[ACLManager] UserRoleAssignmentFile=./data/userroleassignments.ini
[Subversion] SVNAuthFile=/home/svn-access-manager/config/svn-access.toradex_vietnam
[Repositories:svnclient] SVNParentPath=/srv/toradex_vietnam SvnExecutable=/usr/bin/svn SvnAdminExecutable=/usr/bin/svnadmin
[Users:passwd] SVNUserFile=
[Users:digest] SVNUserDigestFile= SVNDigestRealm=SVN Privat
[Ldap] HostAddress=ldap://10.0.0.2:389/ ProtocolVersion=3 BindDN=CN=trdxsvn,CN=users,DC=toradex,DC=int BindPassword=abcdefg CacheEnabled=false CacheFile=./data/ldap.cache.json
[Users:ldap] BaseDN=DC=toradex,DC=int SearchFilter=(objectClass=user) Attributes=sAMAccountName
[Groups:ldap] BaseDN=DC=insanefactory,DC=com SearchFilter=(objectClass=group) Attributes=sAMAccountName GroupsToUserAttribute=member GroupsToUserAttributeValue=distinguishedName
[Update:ldap] AutoRemoveUsers=true AutoRemoveGroups=true
[GUI] RepositoryDeleteEnabled=false RepositoryDumpEnabled=false AllowUpdateByGui=true
BTW, when i do a test, it does not give an error. But it says 1 user and 0 groups. This was strange since i have about 100 users and 40 groups.
Thanks, Krishna M S
On Tue, Oct 14, 2014 at 6:23 PM, ldold [email protected] wrote:
Hello Krishna,
was the bind test successful on the config page? What is your config for LDAP auth?
kind regards
Lars
— Reply to this email directly or view it on GitHub https://github.com/mfreiholz/iF.SVNAdmin/issues/76#issuecomment-59037621 .
The login will not work, until the test doesn't provide you the list off all users.
Does the user CN=trdxsvn,CN=users,DC=toradex,DC=int really have permission to browse through all users?
Hi,
It is an ordinary Domain user.
Do you think i should replace this with a user with admin privileges. Is so, i can make the necessary changes tomorrow and check once.
Please suggest.
Thanks, Krishna M S
On Tue, Oct 14, 2014 at 9:17 PM, Manuel Freiholz [email protected] wrote:
The login will not work, until the test doesn't provide you the list off all users. Does the user CN=trdxsvn,CN=users,DC=toradex,DC=int really have permission to browse through all users?
— Reply to this email directly or view it on GitHub https://github.com/mfreiholz/iF.SVNAdmin/issues/76#issuecomment-59067783 .
Hi,
It seems to work. However i have a question.
All our users and groups are in different OU's. Is it possible to search for multiple OU's.
Thanks, Krishna M S
On Tue, Oct 14, 2014 at 9:25 PM, Manuel Freiholz [email protected] wrote:
I guess it would be worth a try. :)
— Reply to this email directly or view it on GitHub https://github.com/mfreiholz/iF.SVNAdmin/issues/76#issuecomment-59069138 .
If you set the root (BaseDN) to your AD root, you should find all users and groups in your entire AD.
As i can see, your config is already set to DC=toradex,DC=int, so you should find all existing users in all sub-OU's.
Hi,
I had to fine tune my LDAP search and now it lists all users.
However if i assign an LDAP group to a project and give read write permissions, it does not work and i get a forbidden message. If i add a user to the project, i can login as that user.
Is it a bug with SVN?
Thanks, Krishna M S
On Tue, Oct 14, 2014 at 10:12 PM, Manuel Freiholz [email protected] wrote:
If you set the root (BaseDN) to your AD root, you should find all users and groups in your entire AD.
As i can see, your config is already set to DC=toradex,DC=int, so you should find all existing users in all sub-OU's.
— Reply to this email directly or view it on GitHub https://github.com/mfreiholz/iF.SVNAdmin/issues/76#issuecomment-59076401 .
Hi,
Currently we have a single authorization file for all projects. Is it possible to have separate file for each repository?
Thanks, Krishna M S
On Tue, Oct 14, 2014 at 10:12 PM, Manuel Freiholz [email protected] wrote:
If you set the root (BaseDN) to your AD root, you should find all users and groups in your entire AD.
As i can see, your config is already set to DC=toradex,DC=int, so you should find all existing users in all sub-OU's.
— Reply to this email directly or view it on GitHub https://github.com/mfreiholz/iF.SVNAdmin/issues/76#issuecomment-59076401 .
Your first posted config.ini doesn't contain a configuration for groups from LDAP. Maybe the user is not assign to the group, because of a missing synchronization. You can validate it by looking into your SVNAuthFile. There should be a [group] section with assigned users.
Keep in mind, that eveytime you change a user/group association you need to synchronise with the SVNAdmin application.
Hi,
I got your point. Is there a way of automatically synchronize the user/group with svn using any scripts or scheduler?
Thanks, Krishna M S On 15-Oct-2014 8:22 PM, "Manuel Freiholz" [email protected] wrote:
Your first posted config.ini doesn't contain a configuration for groups from LDAP. Maybe the user is not assign to the group, because of a missing synchronization. You can validate it by looking into your SVNAuthFile. There should be a [group] section with assigned users.
Keep in mind, that eveytime you change a user/group association you need to synchronise with the SVNAdmin application.
— Reply to this email directly or view it on GitHub https://github.com/mfreiholz/iF.SVNAdmin/issues/76#issuecomment-59217975 .
Yes, there is an update.php file, which can be started via cron task.
If you execute the script, you need to make sure that the CWD is set to the
directory of the script.
2014-10-15 17:58 GMT+02:00 mskrishna20051974 [email protected]:
Hi,
I got your point. Is there a way of automatically synchronize the user/group with svn using any scripts or scheduler?
Thanks, Krishna M S On 15-Oct-2014 8:22 PM, "Manuel Freiholz" [email protected] wrote:
Your first posted config.ini doesn't contain a configuration for groups from LDAP. Maybe the user is not assign to the group, because of a missing synchronization. You can validate it by looking into your SVNAuthFile. There should be a [group] section with assigned users.
Keep in mind, that eveytime you change a user/group association you need to synchronise with the SVNAdmin application.
— Reply to this email directly or view it on GitHub < https://github.com/mfreiholz/iF.SVNAdmin/issues/76#issuecomment-59217975> .
— Reply to this email directly or view it on GitHub https://github.com/mfreiholz/iF.SVNAdmin/issues/76#issuecomment-59229323 .
Hi,
I went to the directory manually and ran the command php update.php . However i get this error
PHP Notice: Undefined index: SERVER_SOFTWARE in /var/www/html/SVNAdmin/include/ifcorelib/IF_SVNBaseC.class.php on line 90
Thanks, Krishna M S
On Wed, Oct 15, 2014 at 9:37 PM, Manuel Freiholz [email protected] wrote:
Yes, there is an
update.phpfile, which can be started via cron task. If you execute the script, you need to make sure that the CWD is set to the directory of the script.2014-10-15 17:58 GMT+02:00 mskrishna20051974 [email protected]:
Hi,
I got your point. Is there a way of automatically synchronize the user/group with svn using any scripts or scheduler?
Thanks, Krishna M S On 15-Oct-2014 8:22 PM, "Manuel Freiholz" [email protected] wrote:
Your first posted config.ini doesn't contain a configuration for groups from LDAP. Maybe the user is not assign to the group, because of a missing synchronization. You can validate it by looking into your SVNAuthFile. There should be a [group] section with assigned users.
Keep in mind, that eveytime you change a user/group association you need to synchronise with the SVNAdmin application.
— Reply to this email directly or view it on GitHub < https://github.com/mfreiholz/iF.SVNAdmin/issues/76#issuecomment-59217975>
.
— Reply to this email directly or view it on GitHub < https://github.com/mfreiholz/iF.SVNAdmin/issues/76#issuecomment-59229323> .
— Reply to this email directly or view it on GitHub https://github.com/mfreiholz/iF.SVNAdmin/issues/76#issuecomment-59230774 .
Well, thats a bug which has been fixed, but i probably didn't create a new release package with it. Could you download the current development trunk instead of the available download package?
Link: https://github.com/mfreiholz/iF.SVNAdmin/archive/master.zip
Hi,
Let me try that and get back to you. Right now most of the things are working and i have a internal demo tomorrow.
Maybe after the demo, i will try with this package.
Thanks, Krishna M S
On Thu, Oct 16, 2014 at 10:34 AM, Manuel Freiholz [email protected] wrote:
Well, thats a bug which has been fixed, but i probably didn't create a new release package with it. Could you download the current development trunk instead of the available download package?
Link: https://github.com/mfreiholz/iF.SVNAdmin/archive/master.zip
— Reply to this email directly or view it on GitHub https://github.com/mfreiholz/iF.SVNAdmin/issues/76#issuecomment-59314528 .