svn:// with LDAP / Active Directory: E170001: Cannot negotiate authentication mechanism

Hello!

I am trying to connect to an SVN repository with an svn:// URL which is authenticating through LDAP.

I have followed the instructions about the "-Dsvnkit.http.methods=Basic,Digest,Negotiate,NTLM" setting, but to no avail (probably because it is svn:// protocol and not http://) - and I cannot change the SVN server...

In Version 0.10.11 (before version 2 of the plugin), I had been able to work around this problem by using an older version (1.3.3) of SVNkit, which I cannot do in 0.10.12 of the plugin (because it finally uses new features of SVNkit).

Can anyone provide a hint how to connect to svn://+LDAP with SVNkit 1.7.4 which is packaged with this plugin version 0.10.11?

Thanks.

6 answers

1 accepted

0 votes
Accepted answer

As there does not seem to be a solution for any newer version of the plug-in, we finally decided to interface with our systems through an custom plugin (https://developer.atlassian.com/display/JIRADEV/JIRA+Plugin+Guide). Follow the bug tracker at https://ecosystem.atlassian.net/browse/SVN-259for this problem.

I was hunting this same problem today.

I ended up downloading the source code and building the plugin myself and finally were able to create a workable version. I then revealed that it was failing with a ClassNotFoundException for the java.security.sasl.SaslException.

The solution was to include some more packages in the MANIFEST.

I added the following lines to the pom.xml in the Import-Package section:

<Import-Package>

....

....

javax.security.sasl,
javax.security.auth.login,
javax.security.auth.callback,
javax.security.auth,
org.ietf.jgss
</Import-Package>

 

I had been able to work around this problem by using an older version (1.3.3) of SVNkit...

How did you do it? Well, you replaced the jar libraries and then...

Regarding your change:

-Dsvnkit.http.methods=Basic,Digest,Negotiate,NTLM

This is useless in order to support LDAP. It is useful when you allow to connect with Basic and NTLM. By defult, SVNKit tries NTLM so it fails and you cannot connect to Subversion. In this case, setting the Basic authentication with a higher priority will resolve the connection problem but you do not yet connect by using your LDAP.

As you also noticed, it only applies for connections over the http(s) and not for the svn protocol.

The error log says this:

org.tmatesoft.svn.core.SVNAuthenticationException: svn: E170001: Cannot negotiate authentication mechanism
at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:62)
at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:51)
at org.tmatesoft.svn.core.internal.io.svn.SVNPlainAuthenticator.authenticate(SVNPlainAuthenticator.java:116)
at org.tmatesoft.svn.core.internal.io.svn.SVNConnection.authenticate(SVNConnection.java:190)
at org.tmatesoft.svn.core.internal.io.svn.SVNRepositoryImpl.authenticate(SVNRepositoryImpl.java:1275)
at org.tmatesoft.svn.core.internal.io.svn.SVNRepositoryImpl.openConnection(SVNRepositoryImpl.java:1253)
at org.tmatesoft.svn.core.internal.io.svn.SVNRepositoryImpl.testConnection(SVNRepositoryImpl.java:95)
at com.atlassian.jira.plugin.ext.subversion.SubversionManagerImpl.activate(SubversionManagerImpl.java:252)
...

Is there any hint on why SASL would not work? The SASL classes are included in the plug-in's svnkit library, so I believe it should work.

Also, when I use the binary bundled in the svnkit bin/ directory and do a "jsvn co svn://..." it does work, so there seems to be a problem with the integration of SVNkit into the Atlassian plugin, not with svnkit itself or the server. Any hints, something that one might configure in the Atlassian plugin?

We have been able to install the older subversion plugin in JIRA 6.x with the svnkit-1.3.x downgrade as Hans described. It seems to work okay-ish. But would really love to see better solutions for this.

This configuration is the default setting of the Subversion ALM add-on, among other many enhancements, of course.

I mean you do not need to add it to the JVM command line and stop/start JIRA because the add-on makes it for you... without re-starting the JVM. Awesome!

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Oct 31, 2018 in Marketplace Apps

Marketplace Spotlight: Zephyr

Hello Atlassian Community! Each month, we run a series of Spotlights to highlight Marketplace vendors and apps that our team thinks this Community would find valuable. In last month's Spotlig...

412 views 0 3
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you