bzr-windows team mailing list archive
-
bzr-windows team
-
Mailing list archive
-
Message #00347
Fwd: [Question #113185]: How do I get smart server to use active directory
Can anyone suggest an answer to this?
I know NTLM auth used to require some specific client behaviour to do
with keeping the socket open. Possibly bzr doesn't do that properly?
---------- Forwarded message ----------
From: Jemsquash <question113185@xxxxxxxxxxxxxxxxxxxxx>
Date: 2 June 2010 12:41
Subject: [Question #113185]: How do I get smart server to use active directory
To: mbp@xxxxxxxxxxxxxx
New question #113185 on Bazaar:
https://answers.launchpad.net/bzr/+question/113185
I am trying to get active directory to integrate with smart server.
>From the documentation it seems like I can run the smart server behind
an apache instance. I have also loaded the Active Directory
integration and this seems to be working. I'm an apache novice so I'm
going on trial and error.
It seems like something is going wrong either during the rewrite rule
or after it. I can see in the access logs that it is accessing /smart.
What I can't see is evidence of the rewrite happening but seeing as it
is the rewrite making it go to .py I don't know how to check if it is
working.
The problem I have is I always get a 401 error even though I've authenticated.
My apache config is as follows (with a few changes so as not to reveal
too many details about my clients network).
<VirtualHost *:9090>
ServerAdmin blah@xxxxxxxx
DocumentRoot "c:/apache-httpd-2.2.9-dev/htdocs/bzr"
ServerName blahserver.blah.com
ServerAlias blahserver.blah.com blahserver
ErrorLog logs/blah-error.log
CustomLog logs/blah-access.log common
<Proxy *>
Order deny,allow
Allow from all
Satisfy all
</Proxy>
<IfModule dir_module>
DirectoryIndex index.php index.html
</IfModule>
Alias /bzr C:/bzr-sandbox/sh-repo
<Directory C:/bzr-sandbox/sh-repo>
Options Indexes +FollowSymLinks
RewriteEngine On
RewriteBase /bzr
#RewriteRule ^(.*/|)\.bzr/smart$
C:/bzr-sandbox/sh-repo/scripts/bzr-smart.fcgi
RewriteRule ^(.*/|)\.bzr/smart$ C:/bzr-sandbox/sh-repo/scripts/bzr-smart.py
AllowOverride All
Options None
Order allow,deny
Allow from all
# module specific
AuthName "Bzr development"
AuthType SSPI
SSPIAuth On
# module is the final authority
SSPIAuthoritative On
# only authenticate against DPI no others
SSPIDomain DPI
# keep domain name in userid string
SSPIOmitDomain Off
# let non-IE clients authenticate
SSPIOfferBasic On
# first we try NTLM authentication and then basic authentication
SSPIBasicPreferred Off
# need to be in dev Group to be able to access bzr
Require group "OurDomain\Bazaar-grp"
</Directory>
Alias C:/bzr-sandbox/sh-repo/scripts/bzr-smart.py
C:/bzr-sandbox/sh-repo/scripts/bzr-smart.py
<Directory C:/bzr-sandbox/sh-repo/scripts>
<Files bzr-smart.py>
#PythonPath "sys.path+['C:/bzr-sandbox/sh-repo/scripts']"
PythonPath "['c:/Program
Files/Bazaar/lib']+sys.path+['C:/bzr-sandbox/sh-repo/scripts']"
AddHandler python-program .py
#AddHandler mod_python .py
PythonHandler bzr-smart::handler
PythonDebug On
</Files>
</Directory>
# Test active directory integration
<Directory "c:/apache-httpd-2.2.9-dev/htdocs/bzr/adi">
AllowOverride None
Options None
Order allow,deny
Allow from all
# module specific
AuthName "Bzr development"
AuthType SSPI
SSPIAuth On
# module is the final authority
SSPIAuthoritative On
# only authenticate against DPI no others
SSPIDomain DPI
# keep domain name in userid string
SSPIOmitDomain Off
# let non-IE clients authenticate
SSPIOfferBasic On
# first we try NTLM authentication and then basic authentication
SSPIBasicPreferred Off
# need to be in dev Group to be able to access Subversion
Require group "OurDomain\Bazaar-grp"
</Directory>
</VirtualHost>
--
You received this question notification because you are an answer
contact for Bazaar.
--
Martin <http://launchpad.net/~mbp/>