[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Windows authentication with subversion and apache

From: Florian Seydoux <florianseydoux_at_gmail.com>
Date: Mon, 02 Jun 2008 13:17:16 +0200

Sam Munzani wrote:
> Is there such module for FreeBSD? My repository is on FreeBSD however I
> would like to use windows AD auth for the authentication piece.

I guess not (not available on linux -> *nix).

Anyway, you should be able to use the kerberos module (the admin of the
AD should creates
something for you), or 'simply' by using LDAP.

In that case, I suggest to use an AuthnProviderAlias, to be more
flexible (eg. to mix authentication
through the AD server and using local user-password file).

There is plenty of documentation that google can gives you, but I can
give you a small example:

first, you have to find the 'distinguishedName' of the user how will do
the request.
assuming that the user 'guest' (password='guestpass') will do that, and
will have a dist.name like
   'CN=guest,OU=Users,OU=MyComp,DC=server,DC=net',
on the server (machine 'mycomp-dc.net'),

you just have to configure the apache server like that:

<AuthnProviderAlias ldap ldap-dc>
  AuthLDAPBindDN "CN=guest,OU=Users,OU=MyComp,DC=server,DC=net"
  AuthLDAPBindPassword guestpass
  AuthLDAPURL
ldap://mycomp-dc1:389/OU=Users,OU=MyComp,DC=server,DC=net?sAMAccountName?sub?(objectClass=user)
</AuthnProviderAlias>

and use this alias in a normal SVN location:

<Location /svn/projectXYZ>
        DAV svn
        SVNPath ...
        SVNAutoversioning on
        SVNIndexXSLT "/layout/svnindex.xsl"
        AuthzSVNAccessFile ...
        AuthName "MyComp project xyz svn"
        AuthType Basic
        AuthBasicAuthoritative off
        AuthzLDAPAuthoritative off
        AuthBasicProvider ldap-dc
        Satisfy Any
        <LimitExcept GET PROPFIND OPTIONS REPORT>
                Require valid-user
        </LimitExcept>
</Location>

regards,

florian

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-06-02 13:17:57 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.