I'm having a tough time with our SVN system which relies on LDAP for user authentication. Everything was functioning correctly until one of our developers suddenly couldn't log in with their domain account. Interestingly, they can still access their work computer without any trouble. Looking at the SVN logs, the problem seems to be a 'Password mismatch' error. I've double-checked the credentials but the issue continues. What might be causing this inconsistency between their successful Windows login and the failed LDAP authentication for SVN?
3 Answers
First things to check are the SVN server's LDAP bind account and search filters. Also, make sure the user's password hasn't changed recently and that replication to other Domain Controllers (DCs) is complete. It’s crucial that the SVN server's clock is aligned with the DCs too. Look out for LDAP-specific issues such as special characters in the password or errors in attribute mapping. Testing the LDAP binding with tools like ldapsearch or ldp.exe could help clarify things here.
It might be that the certificate used for the LDAP to SVN connection is expired. That could certainly cause authentication issues.
However, this problem is only affecting one user, while everyone else can log in without a hitch. This suggests that the LDAP connection to the SVN server is working well, so the problem seems to be linked specifically to this account or its settings.
This sounds like it could be a cached credential problem specific to that user in SVN’s authentication cache. It’s worth checking if SVN has stored credentials for them (usually found in %APPDATA%Subversionauth). Try deleting those and forcing a fresh authentication. Often, an old cached password can cause exactly this kind of error, especially after a password change. Plus, check their Active Directory account settings; if "User must change password at next logon" is checked, it can pass Windows authentication but cause issues with LDAP binds in unexpected ways.
This issue has been ongoing for months just for this one user. As a temporary fix, we created a second account for them to use with SVN. Their password doesn't have any special characters. When I used `ldapsearch` with their main credentials, it worked fine. The 'password mismatch' only happens in the SVN environment.