Hello all,
it's my first time posting, please bear with me.
I have setup a svn repository served trough apache httpd with the
mod_dav_svn module with a double authentication scheme: LDAP first then
file.
Unfortunately the network connection to the LDAP server hosted on another
machine is not reliable and the server is not always reachable.
I would like the file authentication to act as a back-up of the LDAP one in
case the server is unavailable.
I somewhat achieved the desired behaviour at the expense of loosing the
user names by using the Satisfy Any directive (see commented directive
below).
If I omit that directive and the LDAP server is unreachable any commit
fails with an internal server error and the apache access.log shows lines
such as:
10.150.41.26 - - [23/Oct/2013:10:44:45 +0200] "MKACTIVITY
/svn/test/!svn/act/b14626ae-5ff3-4119-a040-b9da3b5d7b68 HTTP/1.1" 401 626
"-" "SVN/1.7.13 neon/0.29.6"
10.150.41.26 - afalappa [23/Oct/2013:10:44:45 +0200] "MKACTIVITY
/svn/test/!svn/act/b14626ae-5ff3-4119-a040-b9da3b5d7b68 HTTP/1.1" 500 635
"-" "SVN/1.7.13 neon/0.29.6"
Is there a way to achieve robustness towards LDAP server availability
without loosing user names?
Here is my apache <Location> configuration:
# test subversion repository
<Location /svn/test>
DAV svn
SVNPath /var/svn/test
SVNPathAuthz off
# Limit write permission to list of valid users.
<LimitExcept GET PROPFIND OPTIONS REPORT>
AuthName "Test subversion repository"
AuthType Basic
AuthBasicProvider ldap file
AuthLDAPURL "ldap://ldap-server:8080/dc=organization,dc=com?cn";
AuthzLDAPAuthoritative off
AuthUserFile /etc/apache2/svn_users.passwd
Require valid-user
# Uncommenting the following line auth succeeds even if ldap server
unreachable but we lose user names in commit
# Satisfy any
</LimitExcept>
</Location>
Thank in advance for any suggestion and please put me in CC in any answers.
--
Alessandro Falappa
