[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Subversion using apache and ldap

From: Kyle George <kgeorge_at_tcpsoft.com>
Date: 2007-05-10 19:03:24 CEST

On Thu, 10 May 2007, Brent Kiley wrote:

> I have finally been able to get subversion working over apache. I have now
> jumped into the task of adding authentication of this access using an
> openldap directory that is already used for our domain authentication. The
> problem is I can not seem to get it to work. I believe that I have the ldap
> [snip]
> If anyone has any ideas please let me know, or if I can provide any
> additional info to diagnose the problem, please tell me.

I run Subversion 1.4.3 on OpenBSD w/ Apache 2.2.4. I authenticate against
Active Directory (MS-ified LDAP) with the standard mod_authnz_ldap and
OpenLDAP just fine using the email LDAP attribute for the username. Note
that the use of port 3268 is for some strange thing with AD and that AD
requires that a valid DN (distinguished name) be used to "bind" to the
directory during the search phase. This may or may not be required in
your setup. Your DNs and paths will definitely be different as well.

Here's what works for me:

<Location /svn>
   # Enable WebDAV with svn provider
   DAV svn

   # Parent path for svn repositories
   SVNParentPath /var/svn/repos

   # Require that clients authenticate against active directory and belong
   # to the right group
   AuthType basic
   AuthName "subversion repository"
   AuthBasicProvider ldap
   AuthUserFile /dev/null
   AuthzLDAPAuthoritative Off
   AuthLDAPURL "ldap://my.domain:3268/dc=my,dc=domain?mail?sub?(&(objectClass=user))"
   AuthLDAPBindDN "cn=mybindusername,ou=Service Accounts,ou=Security Groups And Service Accounts,dc=my,dc=domain"
   AuthLDAPBindPassword "mypassword"
   Require ldap-group CN=Development,OU=Security Groups,OU=Security Groups And Service Accounts,DC=my,DC=domain

   # Once authenticated, restrict repository virtual filesystem permissions
   AuthzSVNAccessFile /var/svn/conf/authzsvn

Kyle George
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu May 10 19:03:49 2007

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.