我们有一个基于 SVN 路径的 Apache dav_svn 模块访问。到目前为止,它一直在使用具有此配置的 OpenLDAP (/etc/apache2/mods-available/dav_svn.conf):
<Location /svn>
DAV svn
SVNParentPath /home/svn
SVNListParentPath On
AuthBasicProvider file ldap
AuthType Basic
AuthName "Repositori SVN"
AuthUserFile /home/svn/.users
AuthLDAPURL "ldap://golum.intranet:389/ou=Users,dc=domini,dc=intranet?uid?sub" NONE
Require valid-user
AuthType Basic
AuthName "Subversion Repository"
LimitXMLRequestBody 0
SVNAllowBulkUpdates Off
<IfModule mod_authz_svn.c>
AuthzSVNAccessFile "/home/svn/authz"
AuthzForceUsernameCase Lower
</IfModule>
</Location>
现在我们已经迁移到带有 TLS 的 Active Directory,但我无法让它工作。更改 dav_svn.conf 并重新加载 Apache 后,当我访问 http://server/svn/ 时出现“500 内部服务器错误”。
我的新dav_svn.conf:
LDAPTrustedMode TLS
LDAPTrustedGlobalCert CA_BASE64 /usr/local/share/ca-certificates/CA.crt
<Location /svn>
DAV svn
SVNParentPath /home/svn
SVNListParentPath On
AuthBasicProvider file ldap
AuthType Basic
AuthName "Repositori SVN"
AuthUserFile /home/svn/.usuaris
AuthLDAPURL "ldap://192.168.160.242:636/DC=domini,DC=cat?samaccountname?sub" TLS # Opcions: ldap/ldaps i TLS/SSL/NONE
AuthLDAPBindDN "CN=adquery,OU=Usuaris,OU=Domini,OU=Workplace,DC=domini,DC=cat"
AuthLDAPBindPassword password
Require valid-user
LimitXMLRequestBody 0
SVNAllowBulkUpdates Off
<IfModule mod_authz_svn.c>
AuthzSVNAccessFile "/home/svn/authz"
AuthzForceUsernameCase Lower
</IfModule>
</Location>
我试过了,没有任何运气:
如果我添加指令 LDAPLibraryDebug 7 我在 Apache error.log 中得到这个调试信息:
ldap_create
ldap_extended_operation_s
ldap_extended_operation
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 192.168.160.242:636
ldap_new_socket: 47
ldap_prepare_socket: 47
ldap_connect_to_host: Trying 192.168.160.242:636
ldap_pvt_connect: fd: 47 tm: -1 async: 0
attempting to connect:
connect success
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 0x7f2c940021f0 msgid 1
wait4msg ld 0x7f2c940021f0 msgid 1 (infinite timeout)
wait4msg continue ld 0x7f2c940021f0 msgid 1 all 1
** ld 0x7f2c940021f0 Connections:
* host: 192.168.160.242 port: 636 (default)
refcnt: 2 status: Connected
last used: Tue Oct 25 10:18:06 2022
** ld 0x7f2c940021f0 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x7f2c940021f0 request count 1 (abandoned 0)
** ld 0x7f2c940021f0 Response Queue:
Empty
ld 0x7f2c940021f0 response count 0
ldap_chkResponseList ld 0x7f2c940021f0 msgid 1 all 1
ldap_chkResponseList returns ld 0x7f2c940021f0 NULL
ldap_int_select
read1msg: ld 0x7f2c940021f0 msgid 1 all 1
ldap_err2string
ldap_free_request (origid 1, msgid 1)
ldap_free_connection 1 1
ldap_free_connection: actually freed
当我调试与 OpenLDAP 的连接时,一切正常,我得到以下信息:
ldap_create
ldap_simple_bind
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP golum.intranet:389
ldap_new_socket: 30
ldap_prepare_socket: 30
ldap_connect_to_host: Trying 192.168.160.142:389
ldap_pvt_connect: fd: 30 tm: 10 async: 0
ldap_ndelay_on: 30
attempting to connect:
connect errno: 115
ldap_int_poll: fd: 30 tm: 10
ldap_is_sock_ready: 30
ldap_ndelay_off: 30
ldap_pvt_connect: 0
ldap_open_defconn: successful
ldap_send_server_request
ldap_result ld 0x7f2c7c001040 msgid 1
wait4msg ld 0x7f2c7c001040 msgid 1 (timeout 60000000 usec)
wait4msg continue ld 0x7f2c7c001040 msgid 1 all 0
** ld 0x7f2c7c001040 Connections:
* host: golum.intranet port: 389 (default)
refcnt: 2 status: Connected
last used: Tue Oct 25 10:25:59 2022
** ld 0x7f2c7c001040 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x7f2c7c001040 request count 1 (abandoned 0)
** ld 0x7f2c7c001040 Response Queue:
Empty
ld 0x7f2c7c001040 response count 0
ldap_chkResponseList ld 0x7f2c7c001040 msgid 1 all 0
ldap_chkResponseList returns ld 0x7f2c7c001040 NULL
ldap_int_select
read1msg: ld 0x7f2c7c001040 msgid 1 all 0
read1msg: ld 0x7f2c7c001040 msgid 1 message type bind
read1msg: ld 0x7f2c7c001040 0 new referrals
read1msg: mark request completed, ld 0x7f2c7c001040 msgid 1
request done: ld 0x7f2c7c001040 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_result
ldap_msgfree
ldap_search_ext
put_filter: "(&(objectclass=*)(uid=40447118P))"
put_filter: AND
put_filter_list "(objectclass=*)(uid=40447118P)"
put_filter: "(objectclass=*)"
put_filter: simple
put_simple_filter: "objectclass=*"
put_filter: "(uid=40447118P)"
put_filter: simple
put_simple_filter: "uid=40447118P"
ldap_build_search_req ATTRS: uid
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 0x7f2c7c001040 msgid 2
wait4msg ld 0x7f2c7c001040 msgid 2 (timeout 60000000 usec)
wait4msg continue ld 0x7f2c7c001040 msgid 2 all 1
** ld 0x7f2c7c001040 Connections:
* host: golum.intranet port: 389 (default)
refcnt: 2 status: Connected
last used: Tue Oct 25 10:25:59 2022
** ld 0x7f2c7c001040 Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
ld 0x7f2c7c001040 request count 1 (abandoned 0)
** ld 0x7f2c7c001040 Response Queue:
Empty
ld 0x7f2c7c001040 response count 0
ldap_chkResponseList ld 0x7f2c7c001040 msgid 2 all 1
ldap_chkResponseList returns ld 0x7f2c7c001040 NULL
ldap_int_select
read1msg: ld 0x7f2c7c001040 msgid 2 all 1
read1msg: ld 0x7f2c7c001040 msgid 2 message type search-entry
wait4msg ld 0x7f2c7c001040 59 s 999435 us to go
wait4msg continue ld 0x7f2c7c001040 msgid 2 all 1
** ld 0x7f2c7c001040 Connections:
* host: golum.intranet port: 389 (default)
refcnt: 2 status: Connected
last used: Tue Oct 25 10:25:59 2022
** ld 0x7f2c7c001040 Outstanding Requests:
* msgid 2, origid 2, status InProgress
outstanding referrals 0, parent count 0
ld 0x7f2c7c001040 request count 1 (abandoned 0)
** ld 0x7f2c7c001040 Response Queue:
* msgid 2, type 100
ld 0x7f2c7c001040 response count 1
ldap_chkResponseList ld 0x7f2c7c001040 msgid 2 all 1
ldap_chkResponseList returns ld 0x7f2c7c001040 NULL
ldap_int_select
read1msg: ld 0x7f2c7c001040 msgid 2 all 1
read1msg: ld 0x7f2c7c001040 msgid 2 message type search-result
read1msg: ld 0x7f2c7c001040 0 new referrals
read1msg: mark request completed, ld 0x7f2c7c001040 msgid 2
request done: ld 0x7f2c7c001040 msgid 2
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 2, msgid 2)
adding response ld 0x7f2c7c001040 msgid 2 type 101:
ldap_parse_result
ldap_get_dn
ldap_simple_bind
ldap_sasl_bind
ldap_send_initial_request
ldap_send_server_request
ldap_result ld 0x7f2c7c001040 msgid 3
wait4msg ld 0x7f2c7c001040 msgid 3 (timeout 60000000 usec)
wait4msg continue ld 0x7f2c7c001040 msgid 3 all 0
** ld 0x7f2c7c001040 Connections:
* host: golum.intranet port: 389 (default)
refcnt: 2 status: Connected
last used: Tue Oct 25 10:25:59 2022
** ld 0x7f2c7c001040 Outstanding Requests:
* msgid 3, origid 3, status InProgress
outstanding referrals 0, parent count 0
ld 0x7f2c7c001040 request count 1 (abandoned 0)
** ld 0x7f2c7c001040 Response Queue:
Empty
ld 0x7f2c7c001040 response count 0
ldap_chkResponseList ld 0x7f2c7c001040 msgid 3 all 0
ldap_chkResponseList returns ld 0x7f2c7c001040 NULL
ldap_int_select
read1msg: ld 0x7f2c7c001040 msgid 3 all 0
read1msg: ld 0x7f2c7c001040 msgid 3 message type bind
read1msg: ld 0x7f2c7c001040 0 new referrals
read1msg: mark request completed, ld 0x7f2c7c001040 msgid 3
request done: ld 0x7f2c7c001040 msgid 3
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 3, msgid 3)
ldap_parse_result
ldap_msgfree
ldap_get_values
ldap_msgfree
^C
root@zeus:/etc/apache2/mods-available# tail -f /var/log/apache2/error.log
read1msg: ld 0x7f2c7c001040 msgid 3 message type bind
read1msg: ld 0x7f2c7c001040 0 new referrals
read1msg: mark request completed, ld 0x7f2c7c001040 msgid 3
request done: ld 0x7f2c7c001040 msgid 3
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 3, msgid 3)
ldap_parse_result
ldap_msgfree
ldap_get_values
ldap_msgfree
是的,不一样,但我不知道哪里出了问题😫