[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: ldap authentication in subversion

From: Andrey Repin <anrdaemon_at_freemail.ru>
Date: Fri, 24 Apr 2009 19:51:50 +0400

Greetings, Irfan Sayed!

> We are using subversion I just waneted to check can we use windows domain
> controller for authentication. what i need is they should login
> to subversion using their windows username and password.

Try mod_auth_sspi
http://www.nosq.com/blog/2008/06/fixing-mod_auth_sspi-and-ie-losing-post-data/
Not that svn works transparently with SSPI, like CVSNT does, but it works.
I have it set to authenticate against local user database, but setting it to
auth against domain, even couple of domains, isn't hard.

Here's my config, you could use it as starting point:

<VirtualHost *>
    ServerName svn.mydomain.local

    DocumentRoot "C:/home/svn"
    AddDefaultCharset utf-8

    ErrorLog "C:/home/svn/.log/error_log"
    CustomLog "C:/home/svn/.log/access_log" common env=!SVN-ACTION
    CustomLog "C:/home/svn/.log/svn_access_log" svn env=SVN-ACTION

    <IfModule rewrite_module>
        RewriteLog "C:/home/svn/.log/rewrite_log"
        RewriteLogLevel 0

        RewriteEngine On

        # Necessary precaution
        RewriteRule "^/\..*" - [forbidden,last]

        # Important fix for http://host/repos redirect bug
        RewriteCond "%{REQUEST_METHOD}" !"^(GET|POST|HEAD)$"
        RewriteCond "%{REQUEST_FILENAME}" "^/([^/\.]+)$"
        RewriteCond "C:/home/svn/%1" -d
        RewriteRule "^/([^/\.]+)$" "/$1/" [passthrough]
    </IfModule>

    <Location "/">
        Order allow,deny
        Allow from 192.168.1.10

        <IfModule dav_svn_module>
            DAV svn
            SVNParentPath "C:/home/svn"
        </IfModule>

        <IfModule sspi_auth_module>
            Allow from all

            AuthName "Subversion repository"
            AuthType SSPI
            SSPIAuth On
            SSPIAuthoritative On
            SSPIOfferBasic On
            SSPIOmitDomain On
            SSPIUsernameCase lower
            SSPIBasicPreferred On

            # only developers may access the repository
            Require group "HOSTNAME\CVS"

            # And they should obey to SVN user permissions file
            <IfModule authz_svn_module>
                AuthzSVNAccessFile "C:/home/svn/.registry"
            </IfModule>
        </IfModule>
    </Location>
</VirtualHost>

--
WBR,
 Andrey Repin (anrdaemon_at_freemail.ru) 24.04.2009, <19:42>
Sorry for my terrible english...
------------------------------------------------------
http://subversion.tigris.org/ds/viewMessage.do?dsForumId=1065&dsMessageId=1894350
To unsubscribe from this discussion, e-mail: [users-unsubscribe_at_subversion.tigris.org].
Received on 2009-04-24 17:55:59 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.