[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Betr.: Setting up Jenkins and Subversion for multiple LDAP domains.

From: Jan Keirse <jan.keirse_at_tvh.be>
Date: Tue, 6 Sep 2011 17:23:24 +0200

 David Weintraub <qazwart_at_gmail.com> schreef op 06/09/2011 17:12:41:

> This is really part of the same question, but it involves both our
> Subversion repository and Jenkins.
>
> We want to use our Windows Active Directory to log into Jenkins and as
> our permissioning scheme in Subversion. Subversion uses Apache httpd.
>
> First in Subversion: We have the following setup for the "mfxdomain":
>
> <Location /src>
> DAV svn
> SVNParentPath /opt/cm/svn_repos
> AuthType basic
> AuthName "MFX Repository"
> AuthBasicProvider ldap
> AuthzLDAPAuthoritative off
> AuthLDAPURL
> "ldap://mfxdomain.mycompany.com:3268/dc=mycompany,dc=com?sAMAccountName"
> NONE
> AuthLDAPBindDN "CN=svnuser,OU=Users,DC=mycompany,DC=com"
> AuthLDAPBindPassword "swordfish"
> Require valid-user
> </Location>
>
> This works great. Anyone in the mfxdomain is able to log in. However,
> many of our users are actually in the effdomain, so we need to verify
> a user is either in one of the two domains. How do I set this up? Do I
> need a new <location>, or do I double the AuthLDAP lines?
>
> In Jenkins, we use the active directory plugin to verify our logins.
> Is it possible to specify two Active Directory domains?
>

From my apache httpd.conf:
...
LoadModule authn_alias_module modules/mod_authn_alias.so
...
 <AuthnProviderAlias ldap olddomain>
  AuthLDAPURL "..." NONE
  AuthLDAPBindDN "..."
  AuthLDAPBindPassword "..."
</AuthnProviderAlias>

<AuthnProviderAlias ldap newdomain>
  AuthLDAPURL "..." NONE
  AuthLDAPBindDN "..."
  AuthLDAPBindPassword "..."
</AuthnProviderAlias>

<Location /svn>
  DAV svn
  SVNParentPath C:/Repositories
  AuthType Basic
  AuthName "My Subversion server"
  AuthBasicProvider newdomain olddomain
  AuthzLDAPAuthoritative off
  AuthzSVNAccessFile c:/repositories/authz
  AuthzForceUsernameCase lower
  SVNIndexXSLT /svn.xsl
  require valid-user
</Location>

> And in both, how do I know if someone is in one domain or the other?
> Do they need to prefix their login with the domain?

I have no idea about that.

Kind Regards,

JAN KEIRSE
ICT-DEPARTMENT
Software quality & Systems: Software Engineer

**** DISCLAIMER ****

http://www.tvh.com/newen2/emaildisclaimer/default.html

"This message is delivered to all addressees subject to the conditions
set forth in the attached disclaimer, which is an integral part of this
message."
Received on 2011-09-06 17:22:41 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.