From users-return-27170-apmail-subversion-users-archive=subversion.apache.org@subversion.apache.org Tue May 22 16:11:04 2018 Return-Path: X-Original-To: apmail-subversion-users-archive@minotaur.apache.org Delivered-To: apmail-subversion-users-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 92149183EE for ; Tue, 22 May 2018 16:11:04 +0000 (UTC) Received: (qmail 26575 invoked by uid 500); 22 May 2018 16:11:03 -0000 Delivered-To: apmail-subversion-users-archive@subversion.apache.org Received: (qmail 26541 invoked by uid 500); 22 May 2018 16:11:03 -0000 Mailing-List: contact users-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@subversion.apache.org Received: (qmail 26530 invoked by uid 99); 22 May 2018 16:11:03 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 May 2018 16:11:03 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id D8084C00A9 for ; Tue, 22 May 2018 16:11:02 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.879 X-Spam-Level: * X-Spam-Status: No, score=1.879 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=tibco.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id SixU3jbxIL3h for ; Tue, 22 May 2018 16:11:01 +0000 (UTC) Received: from mail-wm0-f48.google.com (mail-wm0-f48.google.com [74.125.82.48]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id C8C105F3BD for ; Tue, 22 May 2018 16:11:00 +0000 (UTC) Received: by mail-wm0-f48.google.com with SMTP id m129-v6so1297112wmb.3 for ; Tue, 22 May 2018 09:11:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tibco.com; s=tibcogoogle; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=JBu7dnZZIHPLIwfy+1T3yoAJbi87hlIhUH+/ZfJrqr4=; b=H4NklvraMIuK2qYhZaThBnjUpygnAgxWvadFPqtLKaX0dowKga08Z+Vv++qn5eMt3K +VRJYIMirjWbohx+wNXENk9pMfUwCPmGTFD26hxt9fxBbOSW0R480+NB1n+5WDs1wJaf tOyw+/QHqrca6CdQtuNFimEyEZ9eer27b3tCQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=JBu7dnZZIHPLIwfy+1T3yoAJbi87hlIhUH+/ZfJrqr4=; b=eyiZxKrYJLEVjj778mxGTgwxo+1GPzJeQBZuK7+gUQWqdOo2papVxsagJ6S+eZa/vT ZyFceQqSyCHWVB6STmLGC4Y1fnw60PgtCFI/p3ok38jjCXCWbVlJosFbbsgOijxdSlDq wPgrkV3ree0avV8in0oCiolzMu+D6EhjXAGzabZjq9L2+1e8nPVhFyzBBIjoESMdnGGE 5TD+GErWWM4JGSIMH6Ql2zaxk9b1L+G6ir3zxVdp4XRD9nB7qk/In6on5To3HDIReAHd Ij2qllEAHcxZjZ4mSjyrqk+2Awqy99HsPlLfHend+Gw6ptIrMD9+deZJ+43Nfnu9MbA8 ccGg== X-Gm-Message-State: ALKqPweQRmKoQKP1uKYAM4im/DiW1q9M/BixTdshUu9U6c1QNjwWtycQ r2/NCOxR087P0lFBGNLqyKyEjmirL4hJSdE2hHyb X-Google-Smtp-Source: AB8JxZou71HUpjlxxym7/pODanXylTIB7yv2MEWgNQxsvUL7JrWF2IM2U1ZM9AYdv6ezug+VnDLL1AfK2DgEiHTLz50= X-Received: by 2002:a2e:2f07:: with SMTP id v7-v6mr16148308ljv.113.1527005459672; Tue, 22 May 2018 09:10:59 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a2e:250:0:0:0:0:0 with HTTP; Tue, 22 May 2018 09:10:38 -0700 (PDT) In-Reply-To: References: From: Eric Johnson Date: Tue, 22 May 2018 09:10:38 -0700 Message-ID: Subject: Re: LDAP authenticate problem To: Paul Nguyen Cc: "users@subversion.apache.org" Content-Type: multipart/alternative; boundary="000000000000fe8aa3056ccda97d" --000000000000fe8aa3056ccda97d Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable The question relates to to either Apache, or the ActiveDirectory configuration, not Subversion, from the looks of it. The mailing lists for httpd will probably be able to give better advice more quickly. Eric. On Mon, May 21, 2018 at 2:41 PM, Paul Nguyen wrote: > I=E2=80=99m running SVN 1.9.3 (r1718519), on Ubuntu 16-04 with Server ver= sion: > Apache/2.4.18 (Ubuntu). > > Problem is when a user failed 3 times with his password, the account > doesn=E2=80=99t get locked but it keeps prompting. It looks like it authe= nticates > against every single file in the path of the repo that user wants to acce= ss. > > The apache.conf: > > > > > ServerName > > ErrorLog /var/log/svn/docs_LDAP_error.log > > CustomLog /var/log/svn/docs_LDAP_access.log common > > > > DAV svn > > SVNPath /var/svnrepo/docs > > ##LDAP > > AuthName "docs Repo - Active Directory Authentication" > > AuthBasicProvider ldap > > AuthType Basic > > AuthLDAPGroupAttribute member > > AuthLDAPGroupAttributeIsDN On > > AuthLDAPURL "ldap://:389/cn=3DUsers,dc=3Dchp, > dc=3Dcom?sAMAccountName?sub?(objectClass=3D*)" > > AuthLDAPBindDN "app_subversion@chp.com" > > AuthLDAPBindPassword "" > > require valid-user > > ## > > RequestHeader edit Destination ^https: http: early > > AuthzSVNAccessFile /var/svnrepo/auth/docs-subdomain > > SetInputFilter DEFLATE > > SetOutputFilter DEFLATE > > SVNIndexXSLT /.chp/svnindex.xsl > > > > > > Is there a way to lock out an user account after 3 failed attempts as it'= s > supposed to ? > > Thanks, > Paul > --000000000000fe8aa3056ccda97d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
The question relates to to either Apache, or the ActiveDir= ectory configuration, not Subversion, from the looks of it.

<= div>The mailing lists for httpd will probably be able to give better advice= more quickly.

Eric.


On Mon, May 21, = 2018 at 2:41 PM, Paul Nguyen <paultnguyen@hotmail.com>= wrote:

I=E2=80=99m running SVN 1.9.3 (r1718519), on Ubuntu 16-04 with Server version: Apache/2.4.18 (Ubunt= u).

Problem is when a user failed 3 times with his password,= the account doesn=E2=80=99t get locked but it keeps prompting. It looks li= ke it authenticates against every single file in the path of the repo that user wants to acces= s.

The apache.conf:


<VirtualHost *:80>

=C2=A0 ServerName <server name>

=C2=A0 ErrorLog /var/log/svn/docs_LDAP_error.log<= /p>

=C2=A0 CustomLog /var/log/svn/docs_LDAP_access.log common

=C2=A0 <Location />

=C2=A0=C2=A0=C2=A0 DAV svn

=C2=A0=C2=A0=C2=A0 SVNPath /var/svnrepo/docs

=C2=A0=C2=A0=C2=A0 ##LDAP

=C2=A0=C2=A0=C2=A0= =C2=A0 AuthName "docs Repo - Active Directory Authentication"

=C2=A0=C2=A0=C2=A0 AuthBasicProvider ldap

=C2=A0=C2=A0=C2=A0 AuthType Basic

=C2=A0=C2=A0=C2=A0 AuthLDAPGroupAttribute member

=C2=A0=C2=A0=C2=A0 AuthLDAPGroupAttributeIsDN On

=C2=A0=C2=A0=C2=A0 AuthLDAPURL "ldap://<ldap server>:389/cn=3DUsers,dc=3Dchp= ,dc=3Dcom?sAMAccountName?sub?(objectClass=3D*)"

=C2=A0=C2=A0=C2=A0 AuthLDAPBindDN "app_subversion@chp.com"

=C2=A0=C2=A0=C2=A0 AuthLDAPBindPassword "<password>"

=C2=A0=C2=A0=C2=A0 require valid-user

=C2=A0=C2=A0=C2=A0 ##

=C2=A0=C2=A0=C2=A0 RequestHeader edit Destination ^https: http: early

=C2=A0=C2=A0=C2=A0 AuthzSVNAccessFile /var/svnrepo/auth/docs-subdomain

=C2=A0=C2=A0=C2=A0 SetInputFilter DEFLATE

=C2=A0=C2=A0=C2=A0 SetOutputFilter DEFLATE

=C2=A0=C2=A0=C2=A0 SVNIndexXSLT /.chp/svnindex.xsl

=C2=A0 </Location>

</VirtualHost>


Is there a way to lock out an use= r account after 3 failed attempts as it's supposed to ?

Thanks,
Paul


--000000000000fe8aa3056ccda97d--