Problem authenticating user for Subversion using Apache and Ldap

Question

I'm trying to use Ldap authentication for a Subversion repository, accessed via Apache. Whatever I try, Apache generates the following error msg -

authentication failed; URI /repos/branches/my-branch [ldap_search_ext_s() for user failed][Operations Error]

I've used the AD explorer from Sysinternals to connect to my AD server, and can see data in there, so I presume it's a problem with my LDAP URL search string. I've tried several variations, but always get the above error. Here's what I have in my httpd.conf. Any suggestions or ideas to diagnose this would be appreciated.

<Location /repos>
    DAV svn
    SVNPath C:\repos
    AuthType Basic
    AuthzLDAPAuthoritative off
    AuthBasicProvider ldap
    AuthName "IT Subversion repository"
    AuthLDAPURL "ldap://x.y.z.com:389/DC=y,DC=z,DC=com?sAMAccountName?sub?(objectClass=user)" NONE    
    Require valid-user
</Location>

Answer 1

It appears that you're using Active Directory, which does not allow anonymous binding. Try adding the following:

# Active Directory requires an authenticating DN to access records
# This is the DN used to bind to the directory service
# This is an Active Directory user account.
AuthLDAPBindDN "CN=someuser,CN=Users,DC=y,DC=z,DC=com"

# This is the password for the AuthLDAPBindDN user in Active Directory
AuthLDAPBindPassword some_secret_password