Search code examples
apachedbd-mysql

Apache2 authentication with mod_authn_dbd and MySQL

Following this howto I tried to set up my Debian 8 server with Apache 2.4.10 and MySQL 5.5.50 to use MySQL as authentication backend for my SVN. I get an internal server error and can't figure out why.

First I added the file /etc/apache2/conf-available/dbd_mysql.conf, containing

<IfModule mod_dbd.c>
    DBDriver        mysql
    DBDParams       "host=localhost user=THEUSER pass=THEPASS"
    DBDMin          2
    DBDKeep         4
    DBDMax          10
    DBDExptime      300
</IfModule>

of course followed by

a2enconfig dbd_mysql

I've set up a MySQL Database "authdb" containing the table "mysql_auth" with basically two important columns, "username" and "password". The specific database is accessible by a user, which I will refer to as "THEUSER" with SELECT permission.

Then I added the site specific configuration in /etc/apache2/site-available/svn.conf:

DBDParams "dbname=authdb"

<Location /svn/private/>

    DAV svn
    SVNParentPath /svn/private/
    AuthzSVNAccessFile /svn/auth/accesslist_private

    SSLRequireSSL
    AuthUserFile /dev/null
    AuthName "SVN"
    AuthType Basic
    <IfModule mod_authn_dbd.c>

            AuthBasicProvider dbd
            AuthDBDUserPWQuery "SELECT password FROM mysql_auth WHERE username = %s"
            Require valid-user

    </IfModule>
</Location>

This site configuration has already been enabled so I restarted the Apache and found something in the log file which I absolutely can not understand:

[dbd:error] [pid 15225] (20014)Internal error: AH00629: Can't connect to mysql: Access denied for user 'A LOCAL SYSTEM USER'@'localhost' (using password: NO)
[dbd:error] [pid 15225] (20014)Internal error: AH00633: failed to initialise
[authn_dbd:error] [pid 15225] [client XX.XX.XX.XX:XYZ] AH01653: Failed to acquire database connection to look up user 'some_user'

This error repeats whenever I try to access my SVN repository.

What is really strange about this is that there is a user in the log file which I absolutely do not expect to find here. It is a system user who as nothing to do with neither MySQL nor Apache. This user is only used to login with SSH. Which point am I missing? Any help would be appreciated!

Solution

  • Finally figured out the problem. Obviously the content of my configuration file was loaded after the content of my site definition.

    The solution was as follows: I moved the content from dbd_mysql.conf right in front of the -Definition of my /etc/apache2/site-available/svn.conf, disabled the conf, reloaded Apache and everything worked.

    What I haven't figured out yet is, if my configuration is faulty because I would have expected that the configuration is loaded before my site definition which relies on the previous configuration.