We also do external authentication against LDAP. Users and groups are
stored in LDAP and then we use an Apache module to allow Apache to
control authentication.
We did at one time try to use RequireGroup and such within Apache and
while this does work, we found the resulting commit did not pass the
authentication username into SVN as the author of the commit, and the
author was blank. Our research showed that to get the author reliably
and correctly populated, we had to use SVN's authorization. So, what we
currently have is a configuration where Apache uses LDAP to authenticate
the user, but then a perl script scheduled in cron is doing the task of
synchronizing LDAP groups back to SVN's access control list file. This
way, as we maintain groups in LDAP, the changes replicate back to SVN
(via the script) within a short period. This has been working very well
for us.
Brian
Quinn Taylor wrote:
> I suppose this is slightly off-topic, but still relevant.
>
> I'm in the process of getting this to work myself, with a Drupal MySQL
> database. One option when hosting with Apache is to use the
> mod_auth_mysql module to authenticate users based on username and
> password from a table and columns you specify.
>
> A good link to start with is probably:
> http://dev.e-taxonomy.eu/trac/wiki/ApacheMySQLAuthentication Note
> that they are applying a patch to make the module work with Apache 2,
> which is required for using mod_dav_svn.
>
> You can use the <Location> directive at the top level of an Apache
> config file, or within a <VirtualHost> directive.
>
> Best of luck,
> - Quinn
>
>
> On Aug 14, 2008, at 11:43 AM, David Wolever wrote:
>
>> Hey,
>> I'm working on a project-management-type app, and it would be
>> _really_ nice to, some how (any how!) get the subversion server
>> (either SVN or SVN+Apache) to authenticate against our internal
>> database.
>>
>> In the past we've simply been re-writing the authz/htpasswd files
>> used by svn/apache with each internal permissions change... But
>> that's not ideal.
>>
>> So would it be somehow possible to ask svnserve to authenticate
>> people against something dynamic? Failing that, would it be
>> absolutely ridiculous to write a wrapper around svnserve, so requests
>> come in like this: client --> our app --> svnserve (where 'our app'
>> is a python-based web app)?
>>
>> Thanks!
>> David
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
>> For additional commands, e-mail: users-help_at_subversion.tigris.org
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe_at_subversion.tigris.org
For additional commands, e-mail: users-help_at_subversion.tigris.org
Received on 2008-08-15 12:48:53 CEST