Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events

Forums

Articles
Create
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

svn:// with LDAP / Active Directory: E170001: Cannot negotiate authentication mechanism

Hans-Jürgen Tap
Hans-Jürgen Tappe August 12, 2013

Hello!

I am trying to connect to an SVN repository with an svn:// URL which is authenticating through LDAP.

I have followed the instructions about the "-Dsvnkit.http.methods=Basic,Digest,Negotiate,NTLM" setting, but to no avail (probably because it is svn:// protocol and not http://) - and I cannot change the SVN server...

In Version 0.10.11 (before version 2 of the plugin), I had been able to work around this problem by using an older version (1.3.3) of SVNkit, which I cannot do in 0.10.12 of the plugin (because it finally uses new features of SVNkit).

Can anyone provide a hint how to connect to svn://+LDAP with SVNkit 1.7.4 which is packaged with this plugin version 0.10.11?

Thanks.

Answer
Watch
Like # people like this
1961 views

6 answers

1 accepted

0 votes
Answer accepted
Hans-Jürgen Tap
Hans-Jürgen Tappe January 28, 2014

As there does not seem to be a solution for any newer version of the plug-in, we finally decided to interface with our systems through an custom plugin (https://developer.atlassian.com/display/JIRADEV/JIRA+Plugin+Guide). Follow the bug tracker at https://ecosystem.atlassian.net/browse/SVN-259for this problem.

Reply
1 vote
PerL
PerL February 24, 2015

I was hunting this same problem today.

I ended up downloading the source code and building the plugin myself and finally were able to create a workable version. I then revealed that it was failing with a ClassNotFoundException for the java.security.sasl.SaslException.

The solution was to include some more packages in the MANIFEST.

I added the following lines to the pom.xml in the Import-Package section:

<Import-Package>

....

....

javax.security.sasl,
javax.security.auth.login,
javax.security.auth.callback,
javax.security.auth,
org.ietf.jgss
</Import-Package>

 

Reply
0 votes
Evgeny Zislis
Evgeny Zislis January 12, 2014

We have been able to install the older subversion plugin in JIRA 6.x with the svnkit-1.3.x downgrade as Hans described. It seems to work okay-ish. But would really love to see better solutions for this.

View More Comments
Pablo Beltran
Pablo Beltran
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 12, 2014

This configuration is the default setting of the Subversion ALM add-on, among other many enhancements, of course.

I mean you do not need to add it to the JVM command line and stop/start JIRA because the add-on makes it for you... without re-starting the JVM. Awesome!

Like
Reply
0 votes
Hans-Jürgen Tap
Hans-Jürgen Tappe December 2, 2013

The error log says this:

org.tmatesoft.svn.core.SVNAuthenticationException: svn: E170001: Cannot negotiate authentication mechanism
at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:62)
at org.tmatesoft.svn.core.internal.wc.SVNErrorManager.error(SVNErrorManager.java:51)
at org.tmatesoft.svn.core.internal.io.svn.SVNPlainAuthenticator.authenticate(SVNPlainAuthenticator.java:116)
at org.tmatesoft.svn.core.internal.io.svn.SVNConnection.authenticate(SVNConnection.java:190)
at org.tmatesoft.svn.core.internal.io.svn.SVNRepositoryImpl.authenticate(SVNRepositoryImpl.java:1275)
at org.tmatesoft.svn.core.internal.io.svn.SVNRepositoryImpl.openConnection(SVNRepositoryImpl.java:1253)
at org.tmatesoft.svn.core.internal.io.svn.SVNRepositoryImpl.testConnection(SVNRepositoryImpl.java:95)
at com.atlassian.jira.plugin.ext.subversion.SubversionManagerImpl.activate(SubversionManagerImpl.java:252)
...

Is there any hint on why SASL would not work? The SASL classes are included in the plug-in's svnkit library, so I believe it should work.

Also, when I use the binary bundled in the svnkit bin/ directory and do a "jsvn co svn://..." it does work, so there seems to be a problem with the integration of SVNkit into the Atlassian plugin, not with svnkit itself or the server. Any hints, something that one might configure in the Atlassian plugin?

Reply
0 votes
Kinto Soft
Kinto Soft
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 19, 2013

Regarding your change:

-Dsvnkit.http.methods=Basic,Digest,Negotiate,NTLM

This is useless in order to support LDAP. It is useful when you allow to connect with Basic and NTLM. By defult, SVNKit tries NTLM so it fails and you cannot connect to Subversion. In this case, setting the Basic authentication with a higher priority will resolve the connection problem but you do not yet connect by using your LDAP.

As you also noticed, it only applies for connections over the http(s) and not for the svn protocol.

Reply
0 votes
Kinto Soft
Kinto Soft
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
August 13, 2013

I had been able to work around this problem by using an older version (1.3.3) of SVNkit...

How did you do it? Well, you replaced the jar libraries and then...

Reply

Suggest an answer

Log in or Sign up to answer
Product apps
Apps & Integrations
TAGS
AUG Leaders

Atlassian Community Events

Community
Forums
FAQs Forums guidelines
Learning
About learning Resources
Events
Copyright © 2025 Atlassian
Privacy Policy Terms Security
Welcome illustration

Welcome to the new Atlassian Community

Online forums and learning are now in one easy-to-use experience.

By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.