I am running a Apache server (2.2.21) on my 32-bit Win7 desktop with a WebSVN 2.3.3 and Subversion 1.5.6.
Here's the problem :
If i were to navigate to http://myservername/websvn
, LDAP auth will be enforced and only the users whom i allow in the config file can access it.
However, if i were to navigate to http://myservername/WebSvn
or /Websvn
or even /webSVN
, you get the idea, LDAP auth is not enforced and they allow any users, even those not specified in the config file, to enter the same websvn page.
So, how do i go about resolving this issue ?
Update :
Here's my websvn.conf file. For security reasons, i have altered it to fit the post here.
This particular file is called in the httpd.conf
file by inserting the 'Include C:/somehwere/websvn.conf
' near the end of the file.
<Location /websvn/>
#Redirect any requests to this page to the listing.php
FallbackResource listing.php
AuthLDAPBindDN "acct@xxx.com"
AuthLDAPBindPassword "password"
#The LDAP query URL
AuthLDAPURL "ldap://x.x.x.x.x.x:389/DC=x,DC=x,DC=x,DC=x,DC=x?sAMAccountName?sub?(objectClass=user)" NONE
AuthType Basic
AuthName "Websvn"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthUserFile /dev/null
Require ldap-user user1
</Location>
Update 7/2/2013 :
I was informed that should be used instead of and i have done that.
The Apache documentation details the difference between and especially under the part, "What to use when". So, i modified the websvn.conv file to reflect this :
<Directory /websvn>
DirectoryIndex listing.php
Options FollowSymLinks
Order allow,deny
Allow from all
AuthLDAPBindDN "acct@xxx.com"
AuthLDAPBindPassword "password"
#The LDAP query URL
AuthLDAPURL "ldap://x.x.x.x.x.x:389/DC=x,DC=x,DC=x,DC=x,DC=x?sAMAccountName?sub?(objectClass=user)" NONE
AuthType Basic
AuthName "Websvn"
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
Require ldap-user user1
</Directory>
However, i still can access my websvn even with the incorrect URL, eg./websVn and furthermore, the authentication does not kick in anymore.
Also, the page listing.php does not show. Instead, the directory listing of websvn is shown.
Can anyone please point out to me what am i doing wrong ? Thank you.