Re: LDAP Authentification

From: Helmut Heidegger <h.heidegger_at_phion.com>
Date: 2004-04-26 11:04:09 CEST

Mladen Mihajlovic [H] wrote:
> Hi
>
> Could you please explain what you did to get SSL and LDAP working on
> your system? I just joined the mailing list and cannot find any of the
> posts that you were referring to.
>

Hi,

just add to your apache2 config file (httpd.conf) a section like this:

<Location /svn>
    DAV svn
    SVNParentPath /opt/repos
    AuthzSVNAccessFile /opt/repos/access.conf
    AuthLDAPAuthoritative on
    AuthType Basic
    AuthName "Subversion Repository"
    AuthLDAPBindDN CN=Your,OU=System,OU=User
    AuthLDAPBindPassword YourPassword
    AuthLDAPURL
"ldap://your.activedirectory.host:389/OU=Some,DC=Organisation?sAMAccountName?sub?(objectClass=user)"
    require valid-user
</Location>

[no break after AuthLDAPURL]

I got the settings for active directory from this link:
http://thomas-howard.com/Reference/Articles/Apache+AD/

The SVNParentPath means you have all repositories in the /opt/repos
path. If you want to specify a single repository you will have to use
the SVNPath parameter as described at
http://svnbook.red-bean.com/svnbook/ch06s04.html#svn-ch-6-sect-4.2

In the access.conf file there is the following very trivial to start:

[/]
* = rw

which means everyone (authorized) can read and write in every repository
in all paths. Just for testing, I will do some finer fragmentation of
user access rights later. Look also at the above link for description.

Verify that the following modules are present in your apache2 config file:

LoadModule authz_svn_module modules/mod_authz_svn.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule auth_ldap_module modules/mod_auth_ldap.so

try this to get working on your repository. After you verified your
configuration and so the authorization works, just add https as it is
described in the apache documentation.

I added the following to the httpd.conf file to enable HTTPS:

SSLEngine on
SSLProtocol all
SSLCipherSuite HIGH:MEDIUM
SSLCertificateFile conf/ssl.crt/server.crt
SSLCertificateKeyFile conf/ssl.key/server.key

using the default server certificate files provided by the Redhat
distribution. I will update them to pass the requirements of our server,
since the default cert refers to localhost etc.

Hope that helps...

Regards,
Helmut Heidegger

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Mon Apr 26 11:04:46 2004

This message: [ Message body ]
Next message: Christophe Labouisse: "SVN::Push or svn-push.c"
Previous message: Helmut Heidegger: "Re: LDAP Authentification"
Maybe in reply to: Helmut Heidegger: "LDAP Authentification"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]