Home > Linux, OpenSource, Ubuntu > SVN LDAP Authentication on Apache

SVN LDAP Authentication on Apache

Thanks to this link I’ve successfully implemented the LDAP Authentication against a Microsoft Active Directory LDAP for Subversion Access via Apache2.

Thanks to the power and flexibility of Apache the configuration is really straightforward.

Install and configure Apache to serve the URL of the repository you want, for example https://svn.mydomain.com/ (SSL is preferable to clear text http).

Enable the DAV modules and the authnz_ldap extension.

Create an account in your AD to get access to the Directory (in this example ldap.svn). Create a Group in your AD (in this example SVNAllowed) where place the SVN-enabled users.

Add to the configuration of the Virtual Host this block:

<Location "/">
LDAP Auth
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative off
AuthName "My SVN Repository"
AuthLDAPURL "ldap://dc.mycompany.com:389/DC=mycompany,DC=com?sAMAccountName?sub?(objectClass=*)" NONE
AuthLDAPBindDN "ldap.svn@mycompany.com"
AuthLDAPBindPassword XXXXXXXXXXXXXXXXXX
require valid-user
</Location>


<Location /svn>
DAV svn
SVNParentPath /svn
SVNListParentPath On


# Check if the user is in this LDAP Group:
require ldap-group CN=SVNAllowed,CN=Users,DC=mycompany,DC=com
</Location>

And you are done!

Now every access to https://svn.mycompany.com/ will be authenticated against the AD backend. Access to https://svn.mycompany.com/svn/YourProject will be accessible only by the users in the group SVNAllowed.

You can also define fine-grained access to some repository (not included in this example).

Beware that Apache’ mod_ldap will cache the user credentials for a default value of 600 seconds. See the manual page of the module for more options.

((enjoy))

About these ads
  1. Non c'è ancora nessun commento.
  1. No trackbacks yet.

Rispondi

Inserisci i tuoi dati qui sotto o clicca su un'icona per effettuare l'accesso:

Logo WordPress.com

Stai commentando usando il tuo account WordPress.com. Chiudi sessione / Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione / Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione / Modifica )

Google+ photo

Stai commentando usando il tuo account Google+. Chiudi sessione / Modifica )

Connessione a %s...

Iscriviti

Ricevi al tuo indirizzo email tutti i nuovi post del sito.

%d blogger cliccano Mi Piace per questo: