Thanks for this. Is there anything special you need to do when using ActiveDirectory? I had a terrible time (http://ask.metafilter.com/11397/ ) trying to do this a few years back.

Tom,
There is nothing special when using Active Directory as the service mod_auth_ldap is querying. Since the ldap url is a standard url with query string, it really comes down to understanding the ldap query capabilities to get exactly what you need. The url mentioned in the blog post is for Active Directory so you could take that and use it with minor modifications. One thing I have ran into when using Active Directory is the port number. The default port of 389 usually works properly as mentioned above but depending on your domain structure, you may need to search the Global Catalog that has a default port number of 3268. That is the only thing I've ran into recently with regard to Apache, mod_auth_ldap and Active Directory. I hope this helps.

Take care,

Jeremy

P.S. - The url you provided isn't working right now so I cannot address your previous issue. Feel free to create a forum post at the following Subversion forum so we can take care of you: http://subversion.open.collab.net/servlets/ForumMessageList?forumID=42

Although it doesn't relate directly to LDAP auth, it bears mentioning that one should use the AuthzSVNNoAuthWhenAnonymousAllowed setting to avoid an Authen query when read access is anonymous (* = r).

Was having problems with Apache/DAV/SVN not letting users authenticate. As mentioned in the above posts I had to authenticate against the Global Catalog and change the port to 3268.

Thanks for the info all.

Mmmm, not working for me...
I think I migh need links to documentation on how to customize
AuthLDAPBindDN "CN=someuser,CN=Users,DC=your,DC=domain"
and
AuthLDAPURL "ldap://your.domain:389/DC=your,DC=domain?sAMAccountName?sub?(objectClass=*)"

for my particular environment... any hints? (I am just not sure whic parts of those "string" are "generic" and which parts are not...

I am using http://www.jxplorer.org/ to connect to my Active Directory (and learn stuff about it) and seems to be working... I used what I learned from JXExplorer to configure Ignite OpenFire with LDAP http://www.igniterealtime.org/ ... and it now it is working... I am failing to do it with Subversion...

Perhaps you can recommend me a How-To or book with a chapter on Subversion/LDAP integration?

Hi!
For example... someuser... should match the login... of... the Domain Administrator? or just a Domain user?
what should I put instead of "sAMAccountName"... (or should I leave that untouched?)
Any hints?

I figured I would share what I did to get SubVersion hooked up to my Microsoft AD server for authentication using mod_authz_ldap ( http://authzldap.othello.ch/index.html ) . It's not perfect but... I hope this helps. I probably could have gotten this up and running faster using mod_auth_ldap but authz is more flexible in some ways (and not in others). The two biggest problems I ran into were (1) that authz doesn't use the AuthLDAPURL variable. All of the other variables mentioned above only needed 'z' added to them to work. See their reference link for all vars and note numerous speling mistakes (like they list a scope as 'onlevel' when it is actually 'onelevel' - argh!). (2) Microsoft AD requires a user name and password to 'bind' to. I know this is in the example above but the way AD behaves doesn't make it clear why. I was able to get it to work without the bind name and password if my AuthzLDAPUserKey was set to = CN but I would have had to enter "David\, Stauffer" as my user name in the login dialog box instead of my actual login account name = "daves" (fyi - the \ escapes the comma). I was trying to get away from the bind because I didnt want to store a user name and password in plain text in my httpd.conf file. It turns out that MS requires the bind variable instead of using the input user name/password to bind. This is just plain stupid.

Here goes:
LoadModule dav_module /usr/lib64/httpd/modules/mod_dav.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_ldap_module modules/mod_authz_ldap.so

Location /repos
DAV svn
SVNParentPath /cm/svn/repos
# Disables Path Checking
SVNPathAuthz off
# Display available Repos
SVNListParentPath on

# LDAP Authentication & Authorization is final; do not check other databases
# I was paranoid that if i set this on it would impact some other authentication
# used for another app. When everything is setup for AD auth
# this can probably be changed to on
AuthzLDAPAuthoritative off

AuthType Basic
AuthName "Subversion Repository"
# LDAP Server to bind to
AuthzLDAPServer "our.svn.server:389"

# the search scope
AuthzLDAPMethod ldap

# Bind to AD User: needs to bind to a user to search. It appears any user will do.
# Without this a subtree search will not work
# Thanks to the user who pointed out http://www.jxplorer.org/ I used this to figure out what the CN of my account was!!!
AuthzLDAPBindDN "CN=user\, name,OU=office,OU=Users,DC=ourdc,DC=org"
AuthzLDAPBindPassword "password"

# Search for this attribute: the sAMAccountName is what contains the AD login name
AuthzLDAPUserKey sAMAccountName

# User Base: this is where the search will start. Really it should be changed to a
# group search to see if a user is in a valid group. in this case only users
# in this office AD OU will be able to access subversion
AuthzLDAPUserBase "OU=office,OU=Users,DC=ourdc,DC=org"

# Set the search scope: subtree allows the search to go to AD levels below the base. I used subtree because we have a hierarchy (its not flat). base or onelevel may work for you and would be faster
AuthzLDAPUserScope subtree

Require valid-user
/Location

Hi All,
You can find the complete package of active directory subversion and apache on http://opensourcedevelopment.net/text-tutorials/apache-subversion-active-directory.html
So, you don't need to compile apache, subversion. This is the complete package with document.
Regards

I should have been a little clearer in my earlier comment. Jeremy's method of connecting works perfectly fine. I posted mine as an alternative based on two issues I was having. One I wanted to do Authorization via an AD group. Right now svn is limited to using an authorization file. In a large enterprise I want to be able to do both Authentication AND authorization via AD and not have to go around editing text files every time a new user wants access to a repository. Hopefully the next release of svn will add this functionality. The other thing this method does is get rid a an svn 'nuisance' where attempting to browse the /repos parent path generates a page cannot be displayed error. Posts on other sites recommend a workaround of changing the Location directive to Location /repos/ but you have to remember to add the trailing / when you use the url. The point here is that Jeremy's description works well if you don't mind having to maintain an authorization file and it uses a pretty standard apache module. The alternative uses a non-standard apache module and can cause a little confusion so I apologize if I wasn't clear in my earlier post. I think the biggest problem people have is connecting/binding/searching AD so I would highly recommend you look at jxplorer or some other LDAP browser. If you are having problems binding to the AD using this tool it probably explains why you can't get the configuration to work. Depending on how your windows guys setup AD that AuthLDAPBindDN could be pretty long. Assuming the bind was sucessful and port number correct the only thing you need to change about the AuthLDAPURL is the "DC=your,DC=domain". The sAMAccountName is one of many available AD fields associated with your record. You probably want to browse to your record and verify what information is stored in that field and if you need to use something different. As i mentioned earlier our CN's are "firstname, lastname" so the bind was tricky because you had to use firstname,\ lastname to escape out the comma but the sAMAccountName was FirstInitialFirstX#LettersOfLastName. Thats why you should browse AD first to see what values you should be binding with versus entering into the username/password dialog when you browse to the repos.

Michel,
Thanks for making this information public knowledge. On a side-note, the offerings from CollabNet [1] also include Apache with LDAP and SSL functionality.

Take care,

Jeremy

[1] http://downloads.open.collab.net

Hi All,
Everyone is facing the problem of integration of apache/Subversion with Active directory. I found the document with complete package and it takes only 5-10 mins to install. You can also use the same and if any problem, Logon to http://forum.opensourcedevelopment.net, It is really very good.
Path is:- http://opensourcedevelopment.net/text-tutorials/apache-subversion-active-directory.html
Regards
Mike

Thanks Mike, for link it is working for me

I have been looking for an answer to a problem for a while.
I filter on samaccountname
the dn contains cn="lastname\, firstname",...

Some users can bind with their password and others can't.

I have noticed that the ones that have different first names in samaccountname and cn aren't working.
example
john.smith samaccountname
smith\, Johnathan CN
won't authenticate

But
david.smith samaccountname
smith\, david CN
authenticates correctly

anyway suggestions on how to handle this issue.
Thanks,
David

David,
Can you take this offline in our support forums? It would be great to know more about this issue. In the forum post, can you provide the following:

AuthLDAPURL from the Apache configuration file
The exact scenario where it works, including username used and LDAP CN
The exact scenario where it fails, including usernamd used and LDAP CN

Just in case you cannot find the forums, here is the one most applicable:

http://subversion.open.collab.net/servlets/ForumMessageList?forumID=42

Take care,

Jeremy

Is there anyway to get bind Active Directory with Apache without having the AuthLDAPBindPassword stored in cleartext in the httpd.conf because this seems as if it could result in some security issues.

Anthony, yes there is a different way. You can use Winbind to join a corporate AD, which PAM can make use of, which in turn enables you to use "AuthPAM_Enabled" in your dav_svn.conf.

Well, I'm not using a Linux machine to set this up. And mostly what I'm seeing is that Winbind is a tool on Linux machines to help integrate Linux machines into Windows environments. If you could point me in the right direction with a link...that'd be great.

I've googling for the ability to avoid the initial search phase in mod_authz_ldap and simply bind to the ldap directory with information supplied by the user through the basic-auth credentials.

I would have assumed this to be the preferred method of authenticating a user, in terms of performance (1 stage of connection, auth, and search removed) and obviously security, but all articles I've found, like the above, require either an anonymously available directory or credentials (and clear text at that) embedded in the config?

This strikes me as rather peculiar, so I'm assuming I've missed something blatantly obvious that everyone else seems to know?

Would someone help a poor man out and enlighten me.

Thanks. :-)

Hey Guys,
our Dev team is moving to subversion, and I'm doin the ldap auth.
The configuration on top nearly works for me, but:
on entering the correct username and password, nothing happens. the popup with password request appears again. Apache2 logfile sais nothing, and AD logfile sais: User access granted.
On typing a false password, apache log sais: user denied.
So I assume, that the Apache config works well, or not?
Any ideas?
Thanks.

Here i installed both apache and subversion. also i create some users by htpasswd command. but the problem is here all users are able to access all repository but i want limitation on access...

suppose i create one repository like "ProjectOne" and i have to give access of this repository to only user "rock" than what i have to do. pls help me.

Anil, the access privileges for anonymous users are set in the conf directory inside your repository directory
Search for the line

anon-access = read

and change for

anon-access = none

I think it's the simplest way. Somebody knows another form to make this?

I'm just trying this out, and the Apache config appears ok, unfortunately, it never authenticates me, but does allow read and write to the repository :-(

Any ideas about how to debug this?

Paul

Paul,

Paste your directive. It sounds like you are missing "Require valid-user"

Mark

this article is not for people who use apache 2.2 httpd
because of the update for mod_auth_ldap (changed to mod_authz_ldap in apache2.2)
http://httpd.apache.org/docs/2.2/new_features_2_2.html#module

so in the dav_svn.conf file it should've been this

#AuthzLDAPAuthoritative off

and NOT (notice the Z)

#AuthLDAPAuthoritative off

it has to be OFF for apache 2.2

here is some other lines in dav_svn.conf, i have edited

#AuthLDAPURL "ldap://192.168.1.1:389/OU=People,DC=google,DC=com?uid?sub?(objectClass=*)"
#AuthBasicProvider ldap

finally got mine to work
after about 6 hours of work
i hope this will save other people's time

Hi Jeremy,
The implementation of the ldap autenticated is not functional.

Marcio,
Yes, I know. It was originally published when we were still suggesting Subversion use Apache 2.0.x. When Apache 2.2.x was released, there were changes to things like the LDAP stuff that cause the configuration above to no lnoger work. A little reading of the Apache documentation should help translate this 2.0.x stuff to 2.2.x. Maybe I should just come out with an updated blog entry with both 2.0.x and 2.2.x outlined...

Take care,

Jeremy

P.S. - Further discussion of this topic should be done in the Subversion Server forum on subversion.open.collab.net. (http://subversion.open.collab.net/ds/viewForumSummary.do?dsForumId=3)

With Collabnet SVB 1.5 it crashes: Aplicación con errores: httpd.exe, versión: 2.2.8.0, módulo con error: wldap32.dll, versión 5.1.2600.2180, dirección de error 0x00006d07.

Any hints?

I finally got it to work by copying the mod_authnz_ldap.so and mod_ldap.so from apache 2.2.9 and putting them into the 2.2.8 httpd/modulesdirectory.

--Vic

I am able to connect and authenticate through LDAP, but everyone authenticated can access the whole repository. Can I create user groups and restrict them to different levels when i am authenticating through LDAP?

- Sameer

Well, here's what worked with CollabNet Subversion 1.5.2 on CentOS 4.6
authenticating against Active Directory.

Jeremy - yes, I think it's time for a new blog post about Subversion 1.5.2 since lots of people seem to have been lead down the wrong path by the outdated information here.

~Matt

This is conf/collabnet_subversion_httpd.conf, missing the location elements that were stripped by this blog.

ServerName svn.yourcompany.com:443
Listen 443

User apache
Group apache

#LogLevel debug

# Enable Subversion
DAV svn

# Directory containing all repository for this path
SVNParentPath /data/mysvnroot

AuthType Basic
AuthName "Subversion repositories"

AuthBasicProvider ldap
AuthLDAPURL "ldap://your_ad_server:3268/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)"

# Active Directory requires an authenticating DN to access records
# This is the DN used to bind to the directory service
# This is an Active Directory user account
AuthLDAPBindDN "CN=...,DC=dusthq,DC=dust-inc,DC=com"

# This is the password for the AuthLDAPBindDN user in Active Directory
AuthLDAPBindPassword secret

# Tell Apache not to use LDAP for authorization information
AuthzLDAPAuthoritative off

# Where the authorization file is located
AuthzSVNAccessFile /etc/opt/CollabNet_Subversion/conf/svn_access_file

# Use https only
SSLRequireSSL

Require valid-user

The rest of the process was as follows:

1. Install Subversion

On 9/17/08 I used:

CollabNetSubversion-client-1.5.2-1.i386.rpm
CollabNetSubversion-extras-1.5.2-1.i386.rpm
CollabNetSubversion-server-1.5.2-1.i386.rpm

$ sudo rpm -Uvh CollabNetSubversion*1.5.2*.rpm

This installs the necessary files in /opt/CollabNet_Subversion and
/etc/opt/CollabNet_Subversion. Log files will be in
/var/opt/CollabNet_Subversion by default.

2. Configure for http access

In /etc/opt/CollabNet_Subversion/conf as the user for apache and modify
collabnet_subversion_httpd.conf.

3. Install an SSL Certificate

I also tweaked httpd.conf and extras/httpd-ssl.conf for https

I followed the steps at http://www.cb1inc.com/2007/05/13/creating-self-signed-certs-on-apache-2.2 which were

$ mkdir mycerts
$ cd mycerts
$ openssl genrsa -out mycert.key 1024
$ openssl req -new -key mycert.key -out mycert.csr
$ openssl x509 -req -days 1000 -in mycert.csr -signkey mycert.key -out mycert.cert

$ cp mycert.key /etc/opt/CollabNet_Subversion/conf/server.key
$ cp mycert.cert /etc/opt/CollabNet_Subversion/conf/server.crt

4. Start Apache

sudo /etc/init.d/collabnet_subversion start

This is using Apache 2.2

5. Check the log files in /var/opt/CollabNet_Subversion/logs

Expect to see warnings about authentication being rejected since
mod_dav_svn checks authentication once against AD without a password (?)

6. Check the authorization in /etc/opt/CollabNet_Subversion/conf/svn_auth_file

7. Test access

Browse to https://svn.yourcompany.com/your_repo

You should be warned about a self-signed certificate. Accept the
certificate as trusted. Then enter your AD userid and password and you
should see a listing of the files in the scratch repository.

== Troubleshooting ==

a) Check the error log in /var/opt/CollabNet_Subversion/logs

b) Open up port 80 and try http instead of https

c) Comment out all but the DAV and SVNParentPath from the collabnet_subversion_httpd.conf file and retry

Hey there,

I am trying to setup apache2.x+svn+ldap(MS Active Directory). I want to use existing users from my active directory. Server is window 20003 and client machines are running Windows XP.

I created my repositories and I have svnserve as service already. (functional)
However, I hate the fact i will have to maintain a separate list of users and passwords.

So far I have Apache 2.x installed on a windows 2003 sever box.

I attempted to modify the httpd file based on the stuff above but appache 2.0 will not start.
Can someone please assist me in this matter?

When I look at my active directory structure I have the following format...

pp.domain.org [main starting point]
-Users
-Groups
-SomeGroup
----somefolder1
----somefolder2
------*subversion [this is the username I supply in my config]

I think the following line is where my error is happening

AuthLDAPURL "ldap://pp.domain.org:389/DC=pp,DC=domain,DC=org?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "CN=subversion,CN=somefolder2,CN=SomeGroup,DC=pp,DC=domain,DC=org"

Regards,
i.s

Hi Guys,

I have done everything as Instructed.However I am not getting the Prompt to do the repository.

NameVirtualHost *:8080

DocumentRoot C:\svn_repository
ServerName http://domain.com
ErrorLog "C:\Program Files\Apache Software Foundation\Apache2.2\logs\error.log"
LogLevel warn
CustomLog "C:\Program Files\Apache Software Foundation\Apache2.2\logs\access.log" combined
ServerSignature On

DAV svn
SVNParentPath C:\svn_repository
SVNListParentPath on
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPBindDN CN=Administrator,DC=domain,DC=com
AuthLDAPBindPassword password
AuthLDAPURL "ldap://server.address:3268/DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)"

require valid-user

Please tell me if I need to add something else to this to make it work.I have written this in a separate file called Subversion.conf and included that in the end of Httpd.conf.

Thanks

Saurabh

Hello everyone,

Like others have shown in this thread, I have been able to get Apache+SVN+LDAP to work for the initial authentication to the SVN server through Apache (my example is for Active Directory LDAP):

Location /svn
DAV svn
SVNParentPath /var/www/svn
SVNListParentPath On

# Require SSL connection for password protection.
# SSLRequireSSL

AuthType Basic
AuthBasicProvider ldap
AuthName "My Subversion Server"
AuthLDAPURL "ldap://ldapserver.mydomain.com:389/ou=User,ou=mydomain,ou=com?sAMAccountName?sub?(objectClass=user)"
AuthLDAPBindDN cn=binduser,ou=User,ou=mydomain,ou=com
AuthLDAPBindPassword *******
AuthLDAPGroupAttribute memberOf
AuthzLDAPAuthoritative Off
Require valid-user
/Location

But I am running into another problem which I haven't seen an answer to. As is probably typical, I would like to restrict access to particular SVN repositories to users which have certain group memberships. I do the following additional configuration:

Location /svn/Repository1
Require ldap-group CN=mygroup,OU=Group,OU=mydomain,OU=com
/Location

And I get this error when I try to access that particular SVN repository via the web browser:

"access to /svn/Repository1/ failed, reason: require directives present and no Authoritative handler."

From what I understand and containers do inheritance of directives from parent and containers so I shouldn't need to duplicate all the config.

Does someone have any idea how to properly configure custom tailored access to particular SVN repositories?

thank you for the help,
leandro

I'm struggling like others to get 1.5.0 working with Active Directory. Can someone post a list of modules they are using in their httpd.conf. I have the following but I can't get authenticated. I'm prompted for an ID and password but it won't accept anything.

LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

Hello all,

anyone have examples on setting up ldap on a Solaris 10 box ?

Thanks in advanced,
Antoine

Saurabh

Use member instead of memberOf. What happens is that the group dn is looked up and then the user's dn is checked to see if it exists within the group property, so in the case of active directory, this is member. I tried memberOf first, expecting it to look at for the group dn in the user's memberOf list, but aparanly not.

The info submitted by "Sameer | August 01, 2008 at 12:58 AM" works great. Our environment is RHEL 4.5, and I used the 1.5.0 version of Collabnet Subversion.

One thing I noticed is that I did not need to use AuthLDAPBindDN (I guess our AD allows anonymous bind for searches), so I commented out the following:

# Active Directory requires an authenticating DN to access records
# This is the DN used to bind to the directory service
# This is an Active Directory user account
#AuthLDAPBindDN "CN=...,DC=dusthq,DC=dust-inc,DC=com"

# This is the password for the AuthLDAPBindDN user in Active Directory
#AuthLDAPBindPassword secret

I like to keep the configs as simple as possible, and not have usernames and passwords in config files if I can avoid it.

Thanks so much for posting all this info!

michael

Correction... It was this post I was following --> "Matt Doar | September 17, 2008 at 03:36 PM"

i have configured the SVN for the http:// access using apache

i want some help regarding Look and feel which is giving default is not looking good. I want to change that please help me.

My configuration was working with apache 2.2.8 + svn 1.4.6, I updated to apache 2.2.10 + svn 1.5.4 and the authentication stopped working while throwing a authentication failed; URI /repository/main [ldap_search_ext_s() for user failed][Operations Error] and a 500 Internal Server Error page...

DAV svn
SVNParentPath f:/svnrepositories
SVNIndexXSLT "/repos-web/view/repos.xsl"

AuthType Basic
AuthBasicProvider ldap
AuthName "[GPI] Repositorio Subversion"

AuthzLDAPAuthoritative off
AuthLDAPBindDN "ad.user@dproject.com"
AuthLDAPBindPassword uF2SODWAHiW0e
AuthLDAPURL "ldap://10.0.0.3:389/DC=dproject,DC=com?sAMAccountName?sub?(objectClass=*)" NONE

AuthzSVNAccessFile f:/svnrepositories/global_authz_options

#
Require valid-user
#

Does anyone have an idea about whats happening here???

Thnx!!!

By the way Chiranjeevi GK u can use the one I do... http://www.reposstyle.com/ there are download links and how to information.

Regards.

Naraio is LAMP like software. It contains Apache, MySQL, PHP, Perl, Openssl, Phpmyadmin, OpenLDAP, Subversion, Ruby, Python, Phpldapadmin, and Trac. Trac and Subversion are authenticates user with integrated ldap. Naraio is easy, secure and flexible.
WebSite:-http://sourceforge.net/projects/naraio/

Another option for those of you who'd like web-based administration would be to use Atlassian's Crowd.

The connector also allows you to integrate groups from LDAP on top of password integration.

http://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Subversion

LDAP is a PITA and not worth the trouble if you can use Windows authentication mechanisms directly. The mod_auth_sspi SSPI Apache authentication module provides an easy way to configure and support ActiveDirectory authentication without the security risks and maintenance problems of having a plain-text password in a configuration file.

Although I generally prefer Linux for server operations, the security disadvantages and configuration complexity of Apache LDAP far outweigh the technical merits of underlying system. Why put in the work and glue to use a standard interface when you can far more easily use a proprietary one purpose built to authenticate against ActiveDirectory? mod_auth_sspi is far easier to configure for ActiveDirectory than LDAP and supports some compelling features like NTLM single sign-on.

I have published a comprehensive step-by-step how-to that takes a bare Windows Server install and turns it into a fully functional Subversion server with SSL and ActiveDirectory authentication.

Comment system ate my link :(

My alternative solution using mod_auth_sspi to authenticate to ActiveDirectory is at the follwing link:
http://concise-software.blogspot.com/2009/02/instant-windows-svn-server-with-ssl-and.html

Alain,
There is nothing about using LDAP that makes it more or less difficult than other systems. The usual problem is people resort to Googling for some article to copy/paste/refactor and don't know what they are doing. You end up with a problem you can't fix because you don't understand the configuration parts. I have an updated Subversion with Apache and LDAP blog entry coming out today. Stay tuned to find out how easy it really can be once you have an article that explains things.

Take care,

Jeremy

How do I obtain the LDAP modules that will work with collabnet's rpm?

I made it work building my own apache with the apr build with the ldap option but when I integrate these modules into your own packaged apache it doesn't work because I think the aprs that come with the Collabnets rpms are not built with open ldap. I must say I got it working but using apache on its own not with collabnet's packaged one. How can you make this a lot effortless?
Any thouhgts?

Guillermo

Guillermo,
The LDAP modules are built statically into the Apache executable so there is no shared module to obtain. No need to load said modules either.

Take care,

Jeremy

Jeremy:

I think I posted my problem in the wrong blog. This question is for the latest apache 2.2.13 that is packaged with the latest rpms.

In that article you mention that we need this:

# Load Apache LDAP modules
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

However, the new SVN 1.6.5 installed from the rpms doesn't recognize that LDAP binding without the LDAP mods being in the modules. As mentioned before I had to build them from scratch into the latest http-2.2.13 server but when I share them into the collabnet location: /opt/CollabNet_Subversion/modules the http server packaged with the latest redhat binaries they don't work. So what I have to do is run apache on its own. However, I like to use the one is provided inside the latest redhat rpms. This way I can use all the cool functionality that comes with the configuration setup. I hope that I making sense :)

Guillermo

I see what you are telling...All I had to do was removed the folllowing:
" Load Apache LDAP modules
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so"

As you mentioned, it is statically build and therefore I guess it is not needed.

I like to see how much this has come arround. Nice :)