[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Authentication proxy for slave Subversion repos

From: Branko Čibej <brane_at_wandisco.com>
Date: Wed, 29 May 2013 14:08:55 +0200

On 29.05.2013 13:54, Nico Kadel-Garcia wrote:
> On Tue, May 28, 2013 at 7:19 PM, Daniel Shahaf <d.s_at_daniel.shahaf.name> wrote:
>> Philippe Andersson wrote on Tue, May 28, 2013 at 09:52:10 +0200:
>>> Hello list,
>>> We're starting to create slave Subversion repos for installation on
>>> remote sites. All of them will svnsync against a single central master
>>> at headquarters.
>>> Now the question: we would like all users on the remote sites to
>>> authenticate against the master (to avoid having replicating that info
>>> as well to the slave servers). The authentication on the master is
>>> handled through Apache.
>>> Is it possible to configure the slave servers to proxy the
>>> authentication requests against the master ?
>> It's certainly possible (e.g., if you use LDAP authentication you could
>> configure an LDAPAuthURL that points to HQ), but whoever has access to
>> the slave's httpd.conf will be able to disable/change those settings.
> If I may suggest? You're re-inventing yet another in a whole set of
> wheels for high availability support. Why not just buy the whole Land
> Rover to start with, talk to our friends and colleagues over at
> www.wandisco.com, and check out their commercial support for
> multi-master setups for Subversion?

There are valid reasons for not doing that. :)

For example, the ASF uses a setup very similar to what was proposed: we
have a master repository server in the US, and a slave in the EU, which
runs mod_dav_svn in its master/slave proxy mode and uses svnsync (driven
by svnpubsub) to keep in step with the master. Both servers authenticate
against the same replicated LDAP.

-- Brane

Branko Čibej
Director of Subversion | WANdisco | www.wandisco.com
Received on 2013-05-29 14:09:37 CEST

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.