[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

svnserve using SASL to authenticate against LDAP

From: Marcus Pfeffer <marcus_pfeffer_at_gmx.de>
Date: Sat, 26 Jul 2008 09:58:18 +0200


reading through the new features of svn 1.5 I finally found the sasl
stuff and thought about the following:
In our company we have an LDAP-Server to which I can connect using
anonymous bind with the IP address (e.g. using LDAP Browser
http://www-unix.mcs.anl.gov/~gawor/ldap/). I can also connect to it
using my DN and password as long as I select SSL (which was not
necessary for anonymous bind). So in my opinion it should be possible to
configure subversion to use the sasl ldap plugin to connect to our LDAP
server. To avoid having to enter the whole DN as the username in my svn
client I can use the new "aliases" section in the authz file which will
map the username entered in the svn client to the DN which will be used
for the connect to the ldap server, right? By the way: I prefer to use
svnserve instead of apache because this will give you much better
performance while using svn.
What I don't know (as far as my research and asumptions above are right)
  is how to configure this setup (I managed to setup svn with sasl with
sasldb like described in the svn-book and it worked) , how to tell svn
to use sasl using ldap, and also how to tell sasl to use SSL for the
login to ldap. My svn server is running on Ubuntu and the ldapdb plugin
for sasl is already installed but I could also use Windows (but in my
experience that doesn't make things better, e.g. as far as I know the
ldapdb plugin doesn't exist for Windows).

Can anyone give me any advice (e.g. Which config files do I need to
create/edit? Do I need any more plugins or software? How do I configure
svn to do what I want it to do? ...)?

And for those who think I should just use another configuration and
suggest apache, or any other stuff: I cannot avoid using the ldap server
  (I know kerberos would be better but I just can't!) and I would very
much like to use svnserve because it is faster and easier to setup!

Thank you,


To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-07-26 22:23:40 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.