SVN 1.11 authentication freeze 30-45 seconds

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

SVN 1.11 authentication freeze 30-45 seconds

Cotrut, Michael

Hi Mark,

 

We are migrating from SVN 1.9.2 to 1.11 (Apache 2.2 to Apache 2.4)

 

We’ve been using SVN for 7-8 years and we have hundreds of repositories and a client base of 300-400 users.

 

We’ve been noticing during testing of 1.11 a period of about 30-45 seconds delay when the SVN seems frozen upon an initial log in to a repository or after the user is not using SVN for a while. After the initial delay everything seems to be working as it should. We don’t have this delay on SVN 1.9.2 and we are using similar configuration.

 

During the freeze time I see lots and lots (thousands) of these messages logged:

[Wed Jan 02 11:58:33.427566 2019] [authz_core:debug] [pid 2616:tid 896] mod_authz_core.c(817): [client X.XX.XXX..XXX:64085] AH01626: authorization result of Require valid-user : denied (no authenticated user yet)

[Wed Jan 02 11:58:33.427566 2019] [authz_core:debug] [pid 2616:tid 896] mod_authz_core.c(817): [client 7.28.145.212:64085] AH01626: authorization result of <RequireAny>: denied (no authenticated user yet)

[Wed Jan 02 11:58:33.427566 2019] [authnz_ldap:debug] [pid 2616:tid 896] mod_authnz_ldap.c(522): [client 7.28.145.212:64085] AH01691: auth_ldap authenticate: using URL ldap://OmegaLDAP1.OMEGA.DCE-EIR.NET:XXX/OU=XX,OU=XXXX,DC=XXXX,DC=XXX.XX=NET?sAMAccountName?sub?(objectClass=user)

 

Basic conf

 

LDAPSharedCacheSize 500000

LDAPCacheEntries 1024

LDAPCacheTTL 600

LDAPOpCacheEntries 1024

LDAPOpCacheTTL 600

<Location /apps>

  CacheEnable disk

 

  DAV svn

  SVNParentPath d:/data/RepoDU

  SVNListParentPath on

 

  SVNAutoversioning On

 

  # Repository Display Name Also display this in IE's title bar

  SVNReposName "CBSA Subversion repository"

 

  # Authorization control policy

  AuthzSVNAccessFile "D:\apps\Subversion\Apache2\conf\svnaccessfile.conf"

  AuthzForceUsernameCase Lower

 

  # Authentication (WHO is allowed to access the repository)

  #Satisfy any

  AuthBasicProvider omega file

  AuthType Basic

  AuthName "Location apps"

  LDAPReferrals Off

  Require valid-user

 

  # What to display on the login dialog

  AuthName "Please enter your OMEGA username and password"

 

  # Make LDAP the authentication mechanism but offer file (non-ldap) as well

  AuthBasicProvider omega file

 

  # FILE if not in ldap use thi user\password file

  AuthUserFile "D:\apps\Subversion\Apache2\conf\svnuserfile.conf"

 

</Location>

 

#Example of typical authentication used

[/]

@dcadmins = rw

* = rw

 

[dcscripts:/]

# dcadmins group has read/write access. All other users have read access only.

@dcadmins = rw

* = r

 

Michael Cotrut

Consultant, DevCentre
Canada Border Services Agency
Place Vanier, 333 North River road, 17th floor, Tower A, 17th Floor 17077
Ottawa, Ontario
343-291-6097 Office

 

From: Mark Phippard [mailto:[hidden email]]
Sent: December 17, 2018 1:00 PM
To: Cotrut, Michael <[hidden email]>
Cc: [hidden email]
Subject: Re: ra-serf missing from SVN Client for windows 1.11

 

On Mon, Dec 17, 2018 at 12:54 PM Cotrut, Michael <[hidden email]> wrote:

Hi,

It looks like ra-serf is missing from svn 1.11 client for windows

 

Svn –version

svn, version 1.11.0 (r1845130)

   compiled Nov  1 2018, 12:47:00 on x86/x86_64-microsoft-windows10.0.17134

 

Copyright (C) 2018 The Apache Software Foundation.

This software consists of contributions made by many people;

see the NOTICE file for more information.

Subversion is open source software, see http://subversion.apache.org/

 

The following repository access (RA) modules are available:

 

* ra_svn : Module for accessing a repository using the svn network protocol.

  - handles 'svn' scheme

* ra_local : Module for accessing a repository on local disk.

  - handles 'file' scheme

 

 

For 1.10

svn --version

svn, version 1.10.2 (r1835932)

   compiled Aug 30 2018, 11:56:10 on x86/x86_64-microsoft-windows10.0.17134

 

Copyright (C) 2018 The Apache Software Foundation.

This software consists of contributions made by many people;

see the NOTICE file for more information.

Subversion is open source software, see http://subversion.apache.org/

 

The following repository access (RA) modules are available:

 

* ra_svn : Module for accessing a repository using the svn network protocol.

  - handles 'svn' scheme

* ra_local : Module for accessing a repository on local disk.

  - handles 'file' scheme

* ra_serf : Module for accessing a repository via WebDAV protocol using serf.

  - using serf 1.3.9 (compiled with 1.3.9)

  - handles 'http' scheme

  - handles 'https' scheme

 

 

 

The Subversion project does not provide binaries, so you should report this to whomever or wherever you obtained them.  You are right that it looks like they were not built properly and/or did not include all of the libraries needed for http support.

 

 

--

Thanks

Mark Phippard
http://markphip.blogspot.com/

Reply | Threaded
Open this post in threaded view
|

Re: SVN 1.11 authentication freeze 30-45 seconds

Mark Phippard-3
On Jan 10, 2019, at 1:43 PM, Cotrut, Michael <[hidden email]> wrote:

Hi Mark,

 

We are migrating from SVN 1.9.2 to 1.11 (Apache 2.2 to Apache 2.4)

 

We’ve been using SVN for 7-8 years and we have hundreds of repositories and a client base of 300-400 users.

 

We’ve been noticing during testing of 1.11 a period of about 30-45 seconds delay when the SVN seems frozen upon an initial log in to a repository or after the user is not using SVN for a while. After the initial delay everything seems to be working as it should. We don’t have this delay on SVN 1.9.2 and we are using similar configuration.


I think this is a known issue with Apache 2.4 on Windows when using LDAP authentication.  Try adding the LDAPTimeout directive with a low value like 5.

Mark