[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Combining SVN access rights with Active Directory authentication

From: Jon Bendtsen <jon.bendtsen_at_laerdal.dk>
Date: 2006-01-04 22:58:44 CET

Den onsdag 4.jan kl. 22:29 skrev Auke Jilderda:

> I'm trying to hook up Subversion and Apache2 to Microsoft Active
> Directory
> but am struggling a bit with exactly what is and is not possible at
> present. I was hoping you can help me clarify this.
> I know Apache2 with Subversion can authenticate against a Microsoft
> Active
> Directory service using the SSPI or NTLM module when running Apache on
> Windows respectively UNIX. The SSPI module is currently not actively
> maintained but the TortoiseSVN documentation includes a section on
> how to
> configure it [1] while the NTLM project's home page [2] describes
> how to
> configure the module.
> This works although it leaves the challenge of getting clients
> other than
> Microsoft Internet Explorer to actually ask for credentials. This
> can be
> accomplished by having Apache use basic authentication for fetching
> the
> credentials before using SSPI or NTLM for authenticating against
> Microsoft
> Active Directory, adding the 'SSPIOfferBasic On' respectively
> "NTLMBasicAuth On" directive. Hence, configuring the NTLM module
> for the
> SVN location as follows works:
> AuthType NTLM
> AuthName "Bogus Repository"
> NTLMAuth On
> NTLMAuthoritative On
> NTLMDomain MSAD01
> NTLMserver wdc1
> NTLMBasicAuth On
> So far so good but this naturally leads to a next question: Can I
> define
> who has access to what using the user accounts and groups defined
> in the
> Microsoft Active Directory?

use authz for that.


To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jan 4 23:15:52 2006

This is an archived mail posted to the Subversion Dev mailing list.