[PATCH] Authentication for svnserve using LDAP

From: Ivlev, Eugene <eivlev_at_esignaldev.com>
Date: Sat, 02 Feb 2008 15:53:40 +0300

[PATCH] Authentication for svnserve using LDAP [PATCH] Authentication for svnserve using LDAP

New feature.

Cyrus SASL library supports authentication using LDAP.
But in Windows platform it can't be using cause:

// from Cyrus SASL documentation (components.html)
saslauthd - This calls out to the saslauthd daemon, which also ships with the distribution. The saslauthd daemon has a number of modules of its own, which allow it to do verification of passwords in a variety of ways, including PAM, LDAP, against a Kerberos database, and so on.
// from Cyrus SASL documentation (components.html)

// from Cyrus SASL documentation (windows.html)
Note, that Cyrus SASL on Windows is still laregely a "work in progress". So far only the main library, plugins (SASLDB using SleepyCat, no MySQL) and several applications (see the list below) can be built. In particular, saslauthd doesn't compile on Windows.
// from Cyrus SASL documentation (windows.html)

Last version of Cyrus SASL is 2.1.22 from 2006.05.19.

Authentication for svnserve using LDAP. Information about LDAP setting contains in svnserve.conf.
Example:

[ldap]
Server=ldap://dc1:389/
Base=OU=PrivateUsers,OU=TSSupportUsers,DC=nwork,DC=local
BindName=CN=LDAPSvcAccount,OU=ServiceAccount,OU=TSSupportUsers,DC=nwork,DC=local
BindPass=supersvcpass
UserIdAttr=sAMaccountName

For compilation You are also should get the open_ldap or novell-cldap library.
Compile without preprocessor directive SVN_HAVE_SASL.

[[[
Authentication for svnserve using LDAP.

* subversion/include/svn_ra_svn.h
(svn_ra_svn_basic_server): New function declaration.

* subversion/include/svn_config.h
(SVN_CONFIG_SECTION_LDAP, SVN_CONFIG_OPTION_LDAP_SERVER, SVN_CONFIG_OPTION_LDAP_BASE, SVN_CONFIG_OPTION_LDAP_BIND_NAME,
SVN_CONFIG_OPTION_LDAP_BIND_PASS, SVN_CONFIG_OPTION_LDAP_USER_ID_ATTR): New options for svnserve.conf.

* subversion/libsvn_ra_svn/ra_svn.h
(svn_ra_svn_basic_client): New function declaration.

* subversion/libsvn_ra_svn/internal_auth.h
(svn_ra_svn__do_internal_auth): Adds new mechanism.

* subversion/libsvn_ra_svn/basic.c
(ldap_config_struct): New struct.
(get_ldap_config): New function.
(ldap_open_and_bind): New function.
(ldap_authentication): New function.
(svn_ra_svn_basic_server): New function.
(svn_ra_svn_basic_client): New function.
]]]

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: dev-help_at_subversion.tigris.org

application/octet-stream attachment: svn_ldap.patch

Received on 2008-02-02 15:38:51 CET

This message: [ Message body ]
Next message: Mark Phippard: "Re: [PATCH] Don't bother end users about HTTP requests"
Previous message: Ivan Zhakov: "Re: [PATCH] Don't bother end users about HTTP requests"
Next in thread: Eric Gillespie: "Re: [PATCH] Authentication for svnserve using LDAP"
Reply: Eric Gillespie: "Re: [PATCH] Authentication for svnserve using LDAP"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]