[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Managing users

From: Dominic Anello <danello_at_danky.com>
Date: 2004-02-16 21:03:33 CET

On 2004-02-16 09:32:52 -0600, Justin Johnson wrote:
> I don't doubt that it may work well. The lack of support is more what
> I'm concerned about. From my research it seemed the code wasn't
> maintained by anyone anymore. Also, I'd prefer to run the server on a
> UNIX box.
>
> Thanks for the info though.
> -Justin
> On Mon, 16 Feb 2004 16:09:33 +0100, "Carsten Schurig"
> <cs-ml-0110031013@ebz-dresden.de> said:
> > Justin Johnson <mailto:justinjohnson@fastmail.fm> wrote on Monday,
> > February 16, 2004 3:56 PM:
> >
> >
> > > I'm looking for the easiest way to manage (add/remove) subversion
> > > users. I was hoping to find some way to hook into their NT login and
> > > password via the domain controllor, but the current method (sspi,
> > > etc) seems rather unsupported/unmaintained, so I don't feel
> > > comfortable going in that direction.
> >
> > I'm using this option and it works well. For that I've installed apache
> > on our Win2K server. I configured it to listen for https:// on a
> > non-standard port and not to listen on any other ports. I don't know if
> > you can setup apache on a Linux or any other unix machine and do a
> > password lookup on a windows DC.
> >
> > Cheers,
> > Carsten

Funny, I just solved this problem this morning using LDAP.

You have to be running an ActiveDirectory domain for this to work.

Configure apr-util --with-ldap and apache with --enable-ldap and
--enable-ldap-auth (I built apr/apr-util separately from CVS and linked
both svn and apache against the same apr).

Then put something like this into httpd.conf

<Location /svn>
  DAV svn
  SVNPath /path/to/repo

  AuthLDAPURL ldap://myserver/CN=Users,DC=isolution,DC=idx,DC=com?sAMAccountName?sub?(objectClass=user)
  AuthLDAPBindDN "ISOLUTION\danello"
  AuthLDAPBindPassword XXXXXX
  AuthType Basic
  AuthName "LDAP Test"
  Require valid-user
</Location>

In this example, isolution.idx.com is the ActiveDirectory domain,
ISOLUTION is the NT domain, and myserver is the ActiveDirectory server
for my domain. The user danello has permissions to browse the
ActiveDirectory.

Good luck!

-Dominic

  • application/pgp-signature attachment: stored
Received on Mon Feb 16 21:03:58 2004

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.