I'm trying to hook up Subversion and Apache2 to Microsoft Active Directory
but am struggling a bit with exactly what is and is not possible at
present. I was hoping you can help me clarify this.
I know Apache2 with Subversion can authenticate against a Microsoft Active
Directory service using the SSPI or NTLM module when running Apache on
Windows respectively UNIX. The SSPI module is currently not actively
maintained but the TortoiseSVN documentation includes a section on how to
configure it [1] while the NTLM project's home page [2] describes how to
configure the module.
This works although it leaves the challenge of getting clients other than
Microsoft Internet Explorer to actually ask for credentials. This can be
accomplished by having Apache use basic authentication for fetching the
credentials before using SSPI or NTLM for authenticating against Microsoft
Active Directory, adding the 'SSPIOfferBasic On' respectively
"NTLMBasicAuth On" directive. Hence, configuring the NTLM module for the
SVN location as follows works:
AuthType NTLM
AuthName "Bogus Repository"
NTLMAuth On
NTLMAuthoritative On
NTLMDomain MSAD01
NTLMserver wdc1
NTLMBasicAuth On
So far so good but this naturally leads to a next question: Can I define
who has access to what using the user accounts and groups defined in the
Microsoft Active Directory?
I've searched and read up on the topic but am a bit at a loss with the
multiple authentication and authorisation modules out there and Apache 2.2
having things again refactored and would really appreciate some pointers.
Thanks,
Auke
1. http://tortoisesvn.sourceforge.net/docs/release/TortoiseSVN_en/ch03.html#tsvn-serversetup-apache-5
2. http://modntlm.sourceforge.net
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jan 4 22:50:47 2006