[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: Apache 2.0.59, SVN 1.4 and LDAP

From: Powell, Damian <damian.powell_at_davislangdon.com>
Date: 2006-11-03 12:04:30 CET

The example below does the trick for me. However, if you're running
Apache on Windows (like me), you'll notice that mod_auth_ldap is rather
flakey and frequently crashes when it's unbinding form the LDAP server.

Also, the conversation between Apache and the LDAP server is not
encrypted so if your LDAP server is also your Active Directory server,
then your Active Directory password will be going over the network in
the clear. To make things worse, your password could be going over the
network in the clear twice: once between your Subversion client and
Apache, and again between Apache and your LDAP server.

There is also a potential gotcha with the LDAP URL. If you *are* using
LDAP to access Active Directory, then you need to specify at least one
OU as well as the DC components. If you want to search from the root of
the Active Directory domain, you'll have to specify port 3268 in the
LDAP URL (like this:
"ldap://MyAdServer:3268/DC=MyDomain,DC=com?sAMAccountName") rather than
the URL in the example.

I should also point out that the configuration shown will allow any
authenticated user to browse the repository but only allow members of
the DeveloperStaff group to commit changes.

Don't let me put you off though! :)

While I'm on the subject: does anybody have a Windows build of
Subversion 1.4 that is built against Apache 2.2?

   <Location /svn>
       # Subversion configuration
       DAV svn
       SVNParentPath C:/Repositories/Subversion
       # Authentication
       AuthType Basic
       AuthName "Subversion Repository"
       AuthLDAPUrl
"ldap://MyAdServer/OU=MyOu,DC=MyDomain,DC=com?sAMAccountName"
       AuthLDAPBindDN "mydomain\adviewerusername"
       AuthLDAPBindPassword "adviewerpassword"
       # Authorization
       <Limit GET PROPFIND OPTIONS REPORT>
           Require valid-user
       </Limit>
       <LimitExcept GET PROPFIND OPTIONS REPORT>
           Require group CN=DeveloperStaff,OU=MyOu,DC=MyDomain,DC=com
       </LimitExcept>
   </Location>

PS: Apologies for this long signature:

**********************************************************************
        PRIVACY AND CONFIDENTIALITY NOTICE

This email, and any files transmitted with it, is strictly
confidential and intended solely for the person or organisation to
whom it is addressed. If it comes to the attention of any other
unauthorised person, no action may be taken on it nor should it be
copied or shown to any third party.

If you have received this email in error please return it
to postmaster@davislangdon.com

This email message has been swept for the presence of computer viruses.
**********************************************************************

<font face="Arial, Helvetica" style="font-size:7.6pt" color="black">Project Management | Cost Management | Management Consulting | Legal Support | Specification Consulting | Engineering Services | Property Tax &amp; Finance<br clear="all">&nbsp;</font><br><font face="Arial, Helvetica" style="font-size:7pt;" color="#808285">Davis Langdon LLP is a limited liability partnership registered in England and Wales with registered number OC306911. A list of members' names is available for inspection at MidCity Place, 71 High Holborn, London WC1V 6QS, the firm's principal place of business and registered office.<br><br>Davis Langdon LLP is a member firm of Davis Langdon &amp; Seah International, with offices in: England, Scotland, Wales, Ireland, France, Spain, Poland, Lebanon, Bahrain, UAE, Qatar, Saudi Arabia, Egypt, Brunei, China, Hong Kong, India, Indonesia, Korea, Malaysia, Philippines, Singapore, Thailand, Vietnam, Australia, New Zealand, South Africa, Botswana and the USA</font><br><br><hr><font face="Arial, He
lvetica" style="font-size:7pt" color="black">PRIVACY AND CONFIDENTIALITY NOTICE<br><br>This email, and any files transmitted with it, is strictly confidential and intended solely for the person or organisation to whom it is addressed. If it comes to the attention of any other unauthorised person, no action may be taken on it nor should it be copied or shown to any third party. This email message has been swept for the presence of computer viruses.<br><br>If you have received this email in error please return it to <a href="mailto:postmaster@davislangdon.com">postmaster@davislangdon.com</a><hr></font>

_____________________________________________________________________
This e-mail has been scanned for viruses by Verizon Business Internet Managed Scanning Services - powered by MessageLabs. For further information visit http://www.mci.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Fri Nov 3 12:05:16 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.