Discussion:
LDAP authenticate problem
Paul Nguyen
2018-05-21 21:41:28 UTC
Permalink
I’m running SVN 1.9.3 (r1718519), on Ubuntu 16-04 with Server version: Apache/2.4.18 (Ubuntu).
Problem is when a user failed 3 times with his password, the account doesn’t get locked but it keeps prompting. It looks like it authenticates against every single file in the path of the repo that user wants to access.
The apache.conf:

<VirtualHost *:80>
ServerName <server name>
ErrorLog /var/log/svn/docs_LDAP_error.log
CustomLog /var/log/svn/docs_LDAP_access.log common
<Location />
DAV svn
SVNPath /var/svnrepo/docs
##LDAP
AuthName "docs Repo - Active Directory Authentication"
AuthBasicProvider ldap
AuthType Basic
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN On
AuthLDAPURL "ldap://<ldap server>:389/cn=Users,dc=chp,dc=com?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "***@chp.com"
AuthLDAPBindPassword "<password>"
require valid-user
##
RequestHeader edit Destination ^https: http: early
AuthzSVNAccessFile /var/svnrepo/auth/docs-subdomain
SetInputFilter DEFLATE
SetOutputFilter DEFLATE
SVNIndexXSLT /.chp/svnindex.xsl
</Location>
</VirtualHost>


Is there a way to lock out an user account after 3 failed attempts as it's supposed to ?

Thanks,
Paul
Eric Johnson
2018-05-22 16:10:38 UTC
Permalink
The question relates to to either Apache, or the ActiveDirectory
configuration, not Subversion, from the looks of it.

The mailing lists for httpd will probably be able to give better advice
more quickly.

Eric.
Post by Paul Nguyen
Apache/2.4.18 (Ubuntu).
Problem is when a user failed 3 times with his password, the account
doesn’t get locked but it keeps prompting. It looks like it authenticates
against every single file in the path of the repo that user wants to access.
<VirtualHost *:80>
ServerName <server name>
ErrorLog /var/log/svn/docs_LDAP_error.log
CustomLog /var/log/svn/docs_LDAP_access.log common
<Location />
DAV svn
SVNPath /var/svnrepo/docs
##LDAP
AuthName "docs Repo - Active Directory Authentication"
AuthBasicProvider ldap
AuthType Basic
AuthLDAPGroupAttribute member
AuthLDAPGroupAttributeIsDN On
AuthLDAPURL "ldap://<ldap server>:389/cn=Users,dc=chp,
dc=com?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindPassword "<password>"
require valid-user
##
RequestHeader edit Destination ^https: http: early
AuthzSVNAccessFile /var/svnrepo/auth/docs-subdomain
SetInputFilter DEFLATE
SetOutputFilter DEFLATE
SVNIndexXSLT /.chp/svnindex.xsl
</Location>
</VirtualHost>
Is there a way to lock out an user account after 3 failed attempts as it's supposed to ?
Thanks,
Paul
Loading...