Hello,

I have successfully set up the zimlet forthe zimbra LDAP administration (the "gregzimbra" Description in wiki), but without the Samba part. As the domain I took as example aaa.algites.eu. My Zimbra installation ismulti-server install with 1 LDAP, 1 MTA and 1 MBOX virtual server

I want to use the LDAP from zimbra also for the authentication of the Subversion Users, going through apache 2 http server.

I got working the authentification with zimbra LDAP, works well, but I have problem with the resolution of the required group. In Apache I have defined the Location like
Code:
        <Location "/">
                AuthType Basic
                AuthName "SVN Repository"
                AuthBasicProvider ldap
                AuthzLDAPAuthoritative off
                AuthLDAPBindDN uid=zmposix,cn=appaccts,cn=zimbra
                AuthLDAPBindPassword zimbraposixaccount
                AuthLDAPURL "ldap://zildap:389/OU=people,DC=aaa,D
C=algites,DC=eu?uid
                Require ldap-group CN=svn_access, OU=groups, DC=aaa, DC=algites, DC=eu
        </Location>
but this required group is never resolved. I get in apache log for that site after there has been successfully validated the password then always following error messages:

Code:
[Thu Jan 06 13:11:45 2011] [debug] mod_authnz_ldap.c(745): [client A.B.C.D] [
2421] auth_ldap authorise: require group: testing for member: uid=test2,ou=people,dc=aaa,dc=algites,dc=eu (CN=svn_access, OU=groups, DC=aaa, DC=algites, DC=eu)
[Thu Jan 06 13:11:45 2011] [debug] mod_authnz_ldap.c(761): [client A.B.C.D] [
2421] auth_ldap authorise: require group "CN=svn_access, OU=groups, DC=aaa, DC=algites, DC=eu": authorisation failed [Comparison no such attribute (adding to cache)][No such attribute]
[Thu Jan 06 13:11:45 2011] [debug] mod_authnz_ldap.c(745): [client A.B.C.D] [
2421] auth_ldap authorise: require group: testing for uniquemember: uid=test2,ou=people,dc=aaa,dc=algites,dc=eu (CN=svn_access, OU=groups, DC=aaa, DC=algites, DC=eu)
[Thu Jan 06 13:11:45 2011] [debug] mod_authnz_ldap.c(761): [client A.B.C.D] [
2421] auth_ldap authorise: require group "CN=svn_access, OU=groups, DC=aaa, DC=algites, DC=eu": authorisation failed [Comparison no such attribute (adding to cache)][No such attribute]
In the LDAP LOG turned on with everything logged what is possible I have:

Code:
Jan  6 13:11:45 zildap slapd[2532]: => acl_mask: access to entry"cn=svn_access,ou=groups,dc=aaa,dc=algites,dc=eu", attr "uniqueMember" requested
Jan  6 13:11:45 zildap slapd[2532]: => acl_mask: to value by "uid=zmposix,cn=appaccts,cn=zimbra", (=0)
Jan  6 13:11:45 zildap slapd[2532]: <= check a_dn_pat: cn=admins,cn=zimbra
Jan  6 13:11:45 zildap slapd[2532]: <= check a_dn_pat: uid=zmposixroot,cn=appaccts,cn=zimbra
Jan  6 13:11:45 zildap slapd[2532]: <= check a_dn_pat: uid=zmposix,cn=appaccts,cn=zimbra
Jan  6 13:11:45 zildap slapd[2532]: <= acl_mask: [3] applying read(=rscxd) (stop)
Jan  6 13:11:45 zildap slapd[2532]: <= acl_mask: [3] mask: read(=rscxd)
Jan  6 13:11:45 zildap slapd[2532]: => slap_access_allowed: compare access granted by read(=rscxd)
Jan  6 13:11:45 zildap slapd[2532]: => access_allowed: compare access granted by read(=rscxd)
Jan  6 13:11:45 zildap slapd[2532]: send_ldap_result: conn=2334 op=5 p=3
Jan  6 13:11:45 zildap slapd[2532]: send_ldap_result: err=16 matched="" text=""
Jan  6 13:11:45 zildap slapd[2532]: send_ldap_response: msgid=6 tag=111 err=16
Jan  6 13:11:45 zildap slapd[2532]: conn=2334 op=5 RESULT tag=111 err=16 text=
In the logs there are also the requests for "member" attribute but with the same unsucess... I habe also tried the attribute "memberOf" by redefinition of the group membership attribute name in the location by

Code:
AuthLDAPGroupAttribute memberOf
but then it returned some other error which is also returned in the case the attribute name is invalid.
I also tried to putthere some non-existent group instead of "svn_acccess", then I get the correct (and different) error message the group object is not found...

The given user test2@aaa.algites.eu is defined in zimbra, posix Ids are created ok.

Possible causes could be following (I have tried everything possible but do not know what exactly):

1. I have specified in the given group SVN_access the membership i a wrong way - as memberUID Ihave tried to write there the posix number of the user or the username ("test2"). Is this correct? It does not work with number or username - what should be entered as memberUID into theposix group definition?

2. Are the group names case sensitive? I think it helped me also not to remove the capital letters fromthe group name, as well as the dots and underlines from the group name, but possibly I could forgot something somewere...

3. Should be someother group membership attribute on Apache used? But which?

I would really appreciate any help or pointers, it took me really a lot of time and the solution is still unknown...

Thanx in advance, Archie