On 29.05.2013 13:54, Nico Kadel-Garcia wrote:
> On Tue, May 28, 2013 at 7:19 PM, Daniel Shahaf <d.s_at_daniel.shahaf.name> wrote:
>> Philippe Andersson wrote on Tue, May 28, 2013 at 09:52:10 +0200:
>>> Hello list,
>>> We're starting to create slave Subversion repos for installation on
>>> remote sites. All of them will svnsync against a single central master
>>> at headquarters.
>>> Now the question: we would like all users on the remote sites to
>>> authenticate against the master (to avoid having replicating that info
>>> as well to the slave servers). The authentication on the master is
>>> handled through Apache.
>>> Is it possible to configure the slave servers to proxy the
>>> authentication requests against the master ?
>> It's certainly possible (e.g., if you use LDAP authentication you could
>> configure an LDAPAuthURL that points to HQ), but whoever has access to
>> the slave's httpd.conf will be able to disable/change those settings.
> If I may suggest? You're re-inventing yet another in a whole set of
> wheels for high availability support. Why not just buy the whole Land
> Rover to start with, talk to our friends and colleagues over at
> www.wandisco.com, and check out their commercial support for
> multi-master setups for Subversion?
There are valid reasons for not doing that. :)
For example, the ASF uses a setup very similar to what was proposed: we
have a master repository server in the US, and a slave in the EU, which
runs mod_dav_svn in its master/slave proxy mode and uses svnsync (driven
by svnpubsub) to keep in step with the master. Both servers authenticate
against the same replicated LDAP.
Director of Subversion | WANdisco | www.wandisco.com
Received on 2013-05-29 14:09:37 CEST