Posts Tagged ‘apache2’

SVN LDAP Authentication on Apache

aprile 14, 2009 Lascia un commento

Thanks to this link I’ve successfully implemented the LDAP Authentication against a Microsoft Active Directory LDAP for Subversion Access via Apache2.

Thanks to the power and flexibility of Apache the configuration is really straightforward.

Install and configure Apache to serve the URL of the repository you want, for example (SSL is preferable to clear text http).

Enable the DAV modules and the authnz_ldap extension.

Create an account in your AD to get access to the Directory (in this example ldap.svn). Create a Group in your AD (in this example SVNAllowed) where place the SVN-enabled users.

Add to the configuration of the Virtual Host this block:

<Location "/">
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative off
AuthName "My SVN Repository"
AuthLDAPURL "ldap://,DC=com?sAMAccountName?sub?(objectClass=*)" NONE
AuthLDAPBindDN ""
require valid-user

<Location /svn>
DAV svn
SVNParentPath /svn
SVNListParentPath On

# Check if the user is in this LDAP Group:
require ldap-group CN=SVNAllowed,CN=Users,DC=mycompany,DC=com

And you are done!

Now every access to will be authenticated against the AD backend. Access to will be accessible only by the users in the group SVNAllowed.

You can also define fine-grained access to some repository (not included in this example).

Beware that Apache’ mod_ldap will cache the user credentials for a default value of 600 seconds. See the manual page of the module for more options.