svn:// with LDAP / Active Directory: E170001: Cannot negotiate authentication mechanism

Hans-Jürgen Tappe August 12, 2013

Hello!

I am trying to connect to an SVN repository with an svn:// URL which is authenticating through LDAP.

I have followed the instructions about the "-Dsvnkit.http.methods=Basic,Digest,Negotiate,NTLM" setting, but to no avail (probably because it is svn:// protocol and not http://) - and I cannot change the SVN server...

In Version 0.10.11 (before version 2 of the plugin), I had been able to work around this problem by using an older version (1.3.3) of SVNkit, which I cannot do in 0.10.12 of the plugin (because it finally uses new features of SVNkit).

Can anyone provide a hint how to connect to svn://+LDAP with SVNkit 1.7.4 which is packaged with this plugin version 0.10.11?

Thanks.

6 answers

1 accepted

0 votes
Answer accepted
Hans-Jürgen Tappe January 28, 2014

As there does not seem to be a solution for any newer version of the plug-in, we finally decided to interface with our systems through an custom plugin (https://developer.atlassian.com/display/JIRADEV/JIRA+Plugin+Guide). Follow the bug tracker at https://ecosystem.atlassian.net/browse/SVN-259for this problem.

1 vote
PerL February 24, 2015

I was hunting this same problem today.

I ended up downloading the source code and building the plugin myself and finally were able to create a workable version. I then revealed that it was failing with a ClassNotFoundException for the java.security.sasl.SaslException.

The solution was to include some more packages in the MANIFEST.

I added the following lines to the pom.xml in the Import-Package section:

<Import-Package>

....

....

javax.security.sasl,
javax.security.auth.login,
javax.security.auth.callback,
javax.security.auth,
org.ietf.jgss
</Import-Package>

 

0 votes
Evgeny Zislis January 12, 2014

We have been able to install the older subversion plugin in JIRA 6.x with the svnkit-1.3.x downgrade as Hans described. It seems to work okay-ish. But would really love to see better solutions for this.

Pablo Beltran
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
January 12, 2014

This configuration is the default setting of the Subversion ALM add-on, among other many enhancements, of course.

I mean you do not need to add it to the JVM command line and stop/start JIRA because the add-on makes it for you... without re-starting the JVM. Awesome!

0 votes
Hans-Jürgen Tappe December 2, 2013

The error log says this:

org.tmatesoft.svn.core.SVNAuthenticationException: svn: E170001: Cannot negotiate authentication mechanism
at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:62)
at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:51)
at org.tmatesoft.svn.core.internal.io.svn.SVNPlainAuthenticator.authenticate(SVNPlainAuthenticator.java:116)
at org.tmatesoft.svn.core.internal.io.svn.SVNConnection.authenticate(SVNConnection.java:190)
at org.tmatesoft.svn.core.internal.io.svn.SVNRepositoryImpl.authenticate(SVNRepositoryImpl.java:1275)
at org.tmatesoft.svn.core.internal.io.svn.SVNRepositoryImpl.openConnection(SVNRepositoryImpl.java:1253)
at org.tmatesoft.svn.core.internal.io.svn.SVNRepositoryImpl.testConnection(SVNRepositoryImpl.java:95)
at com.atlassian.jira.plugin.ext.subversion.SubversionManagerImpl.activate(SubversionManagerImpl.java:252)
...

Is there any hint on why SASL would not work? The SASL classes are included in the plug-in's svnkit library, so I believe it should work.

Also, when I use the binary bundled in the svnkit bin/ directory and do a "jsvn co svn://..." it does work, so there seems to be a problem with the integration of SVNkit into the Atlassian plugin, not with svnkit itself or the server. Any hints, something that one might configure in the Atlassian plugin?

0 votes
Kinto Soft
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 19, 2013

Regarding your change:

-Dsvnkit.http.methods=Basic,Digest,Negotiate,NTLM

This is useless in order to support LDAP. It is useful when you allow to connect with Basic and NTLM. By defult, SVNKit tries NTLM so it fails and you cannot connect to Subversion. In this case, setting the Basic authentication with a higher priority will resolve the connection problem but you do not yet connect by using your LDAP.

As you also noticed, it only applies for connections over the http(s) and not for the svn protocol.

0 votes
Kinto Soft
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
August 13, 2013

I had been able to work around this problem by using an older version (1.3.3) of SVNkit...

How did you do it? Well, you replaced the jar libraries and then...

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events