sanjeev.kumarroy_at_wipro.com wrote:
> [...]
> Now I want to setup the user level Authentication using Microsoft AD.
> Can someone please guide me as to how I can set up the subversion for AD
> authentication?
> --------------------
> [...]
> I have to setup a windows 2003 server for authenticating the svn now.
NOTE that
> my SVN is currently running on a rhel machine.
> Can you please let me know how I can configure the apache to set the svn
> for authentication via the Microsoft AD?
>
<snip>
Well,
there are multiple way for such authorization.
For people hosting the apache server on windows (not your case
apparently), they can
use the sspi package (mod_auth_sspi), eg:
<Location /svn/>
DAV svn
SVNParentPath "C:/SVN/repositories/"
SVNListParentPath on
SVNIndexXSLT "/svnindex.xsl"
SVNAutoversioning on
# ### --- windows authentification
AuthName "Subversion Server"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain <your-domain>
# # some tricks
SSPIUsernameCase lower
SSPIOfferBasic On
SSPIOmitDomain On
# ### -----------------------------
Satisfy Any
Require valid-user
AuthzSVNAccessFile "C:/SVN/accesscontrol"
</Location>
But this module is not available for *nix; so in your case, you should
be able to
use the kerberos module (in this case, you need the help of the admin of
the AD),
as well as some googeling (look at
http://support.microsoft.com/?scid=kb%3Ben-us%3B555092&x=12&y=19
)
On my side (apache on linux server, auth. from a windows AD), I just use
the LDAP auth,
and the (apache) AuthnProviderAlias, to be more flexible (eg. to mix
authentication
through the AD server and using local user-password file).
I can give you a small example (but there is plenty of documentation
that google can gives you):
first, you have to find the 'distinguishedName' of the user how will do
the request.
assuming that the user 'guest' (password='guestpass') will do that, and
will have a dist.name like
'CN=guest,OU=Users,OU=MyComp,DC=server,DC=net',
on the server (machine 'mycomp-dc.net'),
you just have to configure the apache server like that:
<AuthnProviderAlias ldap ldap-dc>
AuthLDAPBindDN "CN=guest,OU=Users,OU=MyComp,DC=server,DC=net"
AuthLDAPBindPassword guestpass
AuthLDAPURL
ldap://mycomp-dc1:389/OU=Users,OU=MyComp,DC=server,DC=net?sAMAccountName?sub?(objectClass=user)
</AuthnProviderAlias>
and use this alias in a normal SVN location:
<Location /svn/projectXYZ>
DAV svn
SVNPath ...
SVNAutoversioning on
SVNIndexXSLT "/layout/svnindex.xsl"
AuthzSVNAccessFile ...
AuthName "MyComp project xyz svn"
AuthType Basic
AuthBasicAuthoritative off
AuthzLDAPAuthoritative off
AuthBasicProvider ldap-dc
Satisfy Any
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>
regards,
florian
PS: you can use some tools like 'LDAP Browser' (windows) to scan the
structure of the
ldap 'AD'.
--
--------------------------------------------------------------------
Seydoux Florian
http://www.spinx-technologies.com
--------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-07-09 11:29:24 CEST