subversion on 12.04 Returns 500 Internal Server Error

Asked by Jim Krause on 2012-05-11

I have installed subversion on a ubuntu 12.04 64bit server. When I try to browse the repository via the web I get the following error 500 Internal Server Error. Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, [no address given] and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

I have checked the apache error log and I find no errors.

Here is my sites config file.

# redirect all non-ssl'd traffic to the ssl-enabled site
# disabled for now ...

<VirtualHost *:80>
   ServerName code.sencore.com
   #RedirectMatch ^/(.*)$ https://code.sencore.com/$1
   RedirectMatch ^/(.*)$ https://s01svn02.sencore.com/$1
</VirtualHost>

<VirtualHost *:443>
   ServerName code.sencore.com
   DocumentRoot /var/www/webroot/code
   DirectoryIndex index.html
   Options -Indexes
   RedirectMatch ^/$ /svn/
   RedirectMatch ^/svn$ /svn/

   SSLEngine On
   SSLCertificateFile /etc/apache2/ssl/certs/code.sencore.com.crt
   SSLCertificateKeyFile /etc/apache2/ssl/private/s01svn02.key

   <Location /svn/>
     DAV svn

     SVNParentPath /var/svnrepos
     SVNListParentPath on
     SVNIndexXSLT /svnindex/svnindex.xsl

     AuthType Basic
     AuthName "Subversion"
     AuthBasicProvider ldap
     AuthLDAPURL ldap://ldap.sencore.com:389/DC=sencore,DC=com?sAMAccountName?sub?(objectClass=*)
     AuthLDAPBindDN "CN=username,DC=sencore,DC=com"
     AuthLDAPBindPassword password
     AuthzSVNAccessFile /var/svnrepos/svn-access-policy.txt
     AuthUserFile /var/svnrepos/svn-auth-file.txt
     Require valid-user
# Allow from all
   </Location>

</VirtualHost>

But if I comment the the authenication everything works correctly. Could someone explain what is going on here?

# redirect all non-ssl'd traffic to the ssl-enabled site
# disabled for now ...

<VirtualHost *:80>
   ServerName code.sencore.com
   #RedirectMatch ^/(.*)$ https://code.sencore.com/$1
   RedirectMatch ^/(.*)$ https://s01svn02.sencore.com/$1
</VirtualHost>

<VirtualHost *:443>
   ServerName code.sencore.com
   DocumentRoot /var/www/webroot/code
   DirectoryIndex index.html
   Options -Indexes
   RedirectMatch ^/$ /svn/
   RedirectMatch ^/svn$ /svn/

   SSLEngine On
   SSLCertificateFile /etc/apache2/ssl/certs/code.sencore.com.crt
   SSLCertificateKeyFile /etc/apache2/ssl/private/s01svn02.key

   <Location /svn/>
     DAV svn

     SVNParentPath /var/svnrepos
     SVNListParentPath on
     SVNIndexXSLT /svnindex/svnindex.xsl

# AuthType Basic
# AuthName "Subversion"
# AuthBasicProvider ldap
# AuthLDAPURL ldap://ldap.sencore.com:389/DC=sencore,DC=com?sAMAccountName?sub?(objectClass=*)
# AuthLDAPBindDN "CN=username,DC=sencore,DC=com"
# AuthLDAPBindPassword password
# AuthzSVNAccessFile /var/svnrepos/svn-access-policy.txt
# AuthUserFile /var/svnrepos/svn-auth-file.txt
# Require valid-user
     Allow from all
   </Location>

</VirtualHost>

Thanks for the help.

Jim Krause

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu subversion Edit question
Assignee:
No assignee Edit question
Solved by:
opello
Solved:
2012-05-11
Last query:
2012-05-11
Last reply:
2012-05-11

Assuming the document roots and access rights are correct:

...
   RedirectMatch ^/(.*)$ https://s01svn02.sencore.com/$1
</VirtualHost>

<VirtualHost *:443>
   ServerName code.sencore.com
...

The https server name is not s01svn02.sencore.com but code.sencore.com?

Could you also check if ldap://ldap.sencore.com:389/ is accessible from the machine itself?

Also, the logs from apache might give some more insight.

Chris

Jim Krause (jim-krause) said : #2

ldap.sencore.com is accessible from the machine. When I have those options enabled it does prompt me for a username and password and if I type in an incorrect password it does not accept the credentials, but when I type in the correct credentials I receive this error. I have checked the apache logs and there is nothing in there.

Thanks

Jim

We do not use LDAP here, only DAV as svn interface:

    <Location /svn>
        DAV svn
        SVNParentPath /var/svn

        Order Deny,Allow
        Allow from All

        AuthType Basic
        AuthName "Subversion Repository"
        AuthUserFile /etc/apache2/svn.passwd
        Require valid-user
    </Location>

The AuthUserFile contains the users in following form:

name:passwordhash
name:passwordhash
name:passwordhash

For your situation: i'm not too experienced with LDAP but I wonder if the password file (AuthUserFile) is needed when using LDAP.

Assuming the authentication succeeds, is the AuthzSVNAccessFile /var/svnrepos/svn-access-policy.txt readable for www-data? Because this will most likely be the next step after retrieving the user details.

Maybe ErrorLog and ErrorLevel can be raised more in the apache config?

Chris

Jim Krause (jim-krause) said : #4

We have this configuration working on 10.04 and I am not seeing this issue. Yes the file is readable to www-data
-rw-rwSr-- 1 www-data www-data 5871 Mar 28 16:44 svn-access-policy.txt
I am thinking it has something to do with the svn-access-policy.txt file but I am unsure what could be wrong. We also have tried the ErrorLog and ErrorLevel and we were still unable to see anything in the apache log files.

Thanks

Jim

Jim Krause (jim-krause) said : #5

So I tried just commenting the svn-access-policy.txt file and it still works. So it has to be an issue with accessing this file. Here is my config file currently.
     AuthType Basic
     AuthName "Subversion"
     AuthBasicProvider ldap
     AuthLDAPURL ldap://ldap.sencore.com:389/DC=sencore,DC=com?sAMAccountName?sub?(objectClass=*)
     AuthLDAPBindDN "CN=svnreader,DC=sencore,DC=com"
     AuthLDAPBindPassword sen0130

# AuthzSVNAccessFile /var/svnrepos/svn-access-policy.txt
# AuthUserFile /var/svnrepos/svn-auth-file.txt
# Require valid-user
     Allow from all
   </Location>

Could you try to sudo su - www-data and cat the file, just to make sure?

Also, the repository files themselves should be accessible to www-data.

Have you defined any groups in the svn-access-policy files? I remember to see this post (on active directory but the rest should be the same:

http://www.jejik.com/articles/2007/06/apache_and_subversion_authentication_with_microsoft_active_directory/

Chris

PS: I have the feeling I am only asking for the obvious. As it seems you have been quite thorough on this matter already :-)

(btw: I would change the password on ldap asap, the password is still in the previous post?)

Jim Krause (jim-krause) said : #8

This is just a test servers anyways. No harm but thanks for the warning.

Jim Krause (jim-krause) said : #9

I did try the following sudo su - www-data and cat the file and that was successful. I have tried taking myself out from the file and I do get access denied like I would expect. So it seems like it is reading the file. Just something is getting broken after that.

So either: the way you specified your name in the file is not (entirely) correct or the access to the svn repos is different using the ldap credentials?

I'm all out of ideas!

Chris

Best opello (opello) said : #11

I work with Jim, and we resolved this by adding "REFERRALS off" to ldap.conf.

Thanks!
Dan

Active Directory can be a nasty thing :)

Glad to see it has been resolved!

Chris

Jim Krause (jim-krause) said : #13

Thanks opello, that solved my question.