Subversion with Apache and LDAP
时间:2010-05-19 来源:yeahilly
Subversion with Apache and LDAP: Updated
My previous blog entry discussing Subversion, Apache and LDAP is nearing two years old. It was written when Apache 2.0.x was still the mainstream and when Apache 2.2.x was released, changes in the LDAP modules and their respective configuration directives has left my previous entry very confusing for those wanting to use Apache 2.2.x. The purpose of the Definitive Guide is to provide a single location for questions for Apache 2.0.x and 2.2.x, while also providing more depth about things to consider when building your Apache-based Subversion server using LDAP for authentication.
The Configuration
For those of you that just want to get to the point, where you can copy and paste and move on, here you go:
Example Apache 2.2.x Configuration Snippet
# Load Apache LDAP modules
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
# Load Subversion Apache Modules
LoadModule dav_svn_module modules/mod_dav_svn.so # Use full path to SUBVERSION_HOME/bin/mod_dav_svn.so on Windows
LoadModule authz_svn_module modules/mod_authz_svn.so # Use full path to SUBVERSION_HOME/bin/mod_authz_svn.so on Windows
# Work around authz and SVNListParentPath issue
RedirectMatch ^(/repos)$ $1/
# Enable Subversion logging
CustomLog logs/svn_logfile "%t %u %{SVN-ACTION}e" env=SVN-ACTION
<Location /repos/>
# Enable Subversion
DAV svn
# Directory containing all repository for this path
SVNParentPath /subversion/svn-repos
# List repositories colleciton
SVNListParentPath On
# Enable WebDAV automatic versioning
SVNAutoversioning On
# Repository Display Name
SVNReposName "Your Subversion Repository"
# Do basic password authentication in the clear
AuthType Basic
# The name of the protected area or "realm"
AuthName "Your Subversion Repository"
# Make LDAP the authentication mechanism
AuthBasicProvider ldap
# Make LDAP authentication is final
AuthzLDAPAuthoritative on
# Active Directory requires an authenticating DN to access records
AuthLDAPBindDN "CN=ldapuser,CN=Users,DC=your,DC=domain"
# This is the password for the AuthLDAPBindDN user in Active Directory
AuthLDAPBindPassword ldappassword
# The LDAP query URL
AuthLDAPURL "ldap://your.domain:389/DC=your,DC=domain?sAMAccountName?sub?(objectClass=*)"
# Require a valid user
Require valid-user
# Authorization file
AuthzSVNAccessFile /subversion/apache2/auth/repos.acl
</Location>
Example Apache 2.0.x Configuration Snippet
# Load Apache LDAP modules
LoadModule ldap_module modules/mod_ldap.so
LoadModule auth_ldap_module modules/mod_auth_ldap.so
# Load Subversion Apache Modules
LoadModule dav_svn_module modules/mod_dav_svn.so # Use full path to SUBVERSION_HOME/bin/mod_dav_svn.so on Windows
LoadModule authz_svn_module modules/mod_authz_svn.so # Use full path to SUBVERSION_HOME/bin/mod_authz_svn.so on Windows
# Work around authz and SVNListParentPath issue
RedirectMatch ^(/repos)$ $1/
# Enable Subversion logging
CustomLog logs/svn_logfile "%t %u %{SVN-ACTION}e" env=SVN-ACTION
<Location /repos/>
# Enable Subversion
DAV svn
# Directory containing all repository for this path
SVNParentPath /subversion/svn-repos
# List repositories colleciton
SVNListParentPath On
# Enable WebDAV automatic versioning
SVNAutoversioning On
# Repository Display Name
SVNReposName "Your Subversion Repository"
# LDAP Authentication is final
AuthLDAPAuthoritative on
# Do basic password authentication in the clear
AuthType Basic
# The name of the protected area or "realm"
AuthName "Your Subversion Repository"
# Active Directory requires an authenticating DN to access records
AuthLDAPBindDN "CN=ldapuser,CN=Users,DC=your,DC=domain"
# This is the password for the AuthLDAPBindDN user in Active Directory
AuthLDAPBindPassword ldappassword
# The LDAP query URL
AuthLDAPURL "ldap://your.domain:389/DC=your,DC=domain?sAMAccountName?sub?(objectClass=*)"
# Require authentication
Require valid-user
# Authorization file
AuthzSVNAccessFile /subversion/apache2/auth/repos.acl
</Location>
相关阅读 更多 +
排行榜 更多 +
