How do I add LDAP users to roles in Subversion Edge's web console?

Solution 1

It turns out that simply connecting via SVN isn't enough to create the user account. Instead, you need to login to the web console as an LDAP user. After logging in the first time, the LDAP user will show up elsewhere in the management tool and can be added to groups.

For the curious, this is my LDAP configuration:

Obviously you'll need to update "mydomain" and "domainuser" with your own info.

Solution 2

I just had to tackle this issue myself with CollabNet Edge 2.2.0 and wanted to share what worked for me. I'm running RHEL 6 and trying to connect to a Windows AD server and just couldn't get anything working.

First of all, do yourself a favor and enable DEBUG logging so you can get error messages to google. Log into the CollabNet Edge Web Console: https://servername:4434/csvn. Then navigate to Administration->Server Logs->Configure. Change the field named "Subversion Server log Level:" to "DEBUG" this will give you DEBUG logging for apache which is the service which actually performs your LDAP queries. Now you can go to the "Available Files" tab right next to it and select the latest error_[DATE].log file to see the errors that apache encounters.

Now with Edge 2.2.0 users don't need to log into the web console to create a user account (although they can). Alternatively, just try to checkout a repo using your windows user name and password. I'm guessing it won't work right away, but it will generate a nice error message in your logs. As I was debugging my problem I saw error messages like this:

• auth_ldap authenticate: user XXXXX authentication failed; URI /viewvc/ [LDAP: ldap_simple_bind_s() failed][Can't contact LDAP server]
• auth_ldap authenticate: user XXXXX authentication failed; URI / [LDAP: ldap_simple_bind_s() failed][Invalid credentials]
• auth_ldap authenticate: user XXXXX authentication failed; URI / [ldap_search_ext_s() for user failed][Operations error]

Now you can start googling your heart out or just read on. My big break was finding Michele's blog. It recommended adding the line "REFERRALS off" to your /etc/ldap/ldap.conf file (or in RHEL's case /etc/openldap/ldap.conf). That didn't work for me, but one of the comments did. It suggested further narrowing down your "LDAP Base DN" field with an OU. I did that and tried checking out again and bingo, everything worked :)

FYI Here's my configurations on the Administration->Server Settings->Authentication tab

I hope this saves someone some time (I lost half a day).

Solution 3

Note: Since Subversion Edge 1.3, users can use their LDAP credentials to log into the Subversion server as well as the console. Upon first sign-in to the console, the LDAP user is created as a console user with ROLE_USER permissions. This user cannot be edited, but a Subversion Edge administrator can assign additional roles via the Edit Role screen to allow the user to administer the server using LDAP credentials.

CollabNet Subversion Edge User Guide

Related videos on Youtube

03 : 56

How to synchronize your BuddyPress users extended profile fields with your LDAP server?

miniOrange

491

02 : 31

Importing LDAP roles in Virtual DataPort

Denodo

259

14 : 49

Configuring LDAP and Map users

Hai Do Ngoc

5

06 : 11

057 Weblogic: addUser to the LDAP Then set attributes and Roles

Stuart Fleming

3

04 : 07

Assign role to LDAP group

Project Harbor

2

Author by

Michael Haren

These days I'm a .net/sql software guy I have plenty of experience on the LAMP stack, too Currently toying with RoR, ObjC. and stumbling my way through LINQ to Entities Currently loving ASP.NET MVC and jQuery More about be on my CV or personal blog [email protected] Random silliness on Twitter This is a personal account and not affiliated with my employer. #SOreadytohelp

Updated on September 18, 2022