2012年2月17日 星期五

Apache + SVN (Subversion) + AD (ActiveDirectory) authentication

Reference: http://blog.csdn.net/bamboo_ding/article/details/4283259

Install Apache, SVN first. Please read this page.

Edit Apache httpd.conf

  • Enable these modules (delete #)
    • LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
    • LoadModule ldap_module modules/mod_ldap.so
    • LoadModule authz_user_module modules/mod_authz_user.so
  • Add Location to the bottom of  httpd.conf as following
<Location /> 
  DAV svn 
  SVNParentPath "D:\SVNProj" 
  # how to authenticate a user 
  AuthBasicProvider ldap
  AuthzLDAPAuthoritative on
  AuthType Basic 
  AuthName "Subversion repository" 
  AuthLDAPURL "ldap://myhost.example.com:389/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)" NONE
  AuthLDAPBindDN "LDAPadmin@example.com"
  AuthLDAPBindPassword "my-passwd"
  # only authenticated users may access the repository 
  Require valid-user 
  # our access control policy 
  AuthzSVNAccessFile "D:\SVNProj\authz.ini" 
</Location>

Create an new account LDAPadmin in AD.

2015/7/23 update
configure multiple LDAP server
Reference:
Redundant LDAP servers in Apache
Apache Module mod_authn_core

<AuthnProviderAlias ldap ldap1>
 AuthLDAPURL "ldap://myhost1.example.com:389/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)" NONE
  AuthLDAPBindDN "LDAPadmin@example.com"
  AuthLDAPBindPassword "my-passwd"
</AuthnProviderAlias>
<AuthnProviderAlias ldap ldap2>
 AuthLDAPURL "ldap://myhost2.example.com:389/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)" NONE
  AuthLDAPBindDN "LDAPadmin@example.com"
  AuthLDAPBindPassword "my-passwd"
</AuthnProviderAlias>

<Location />
  DAV svn

  SVNParentPath "D:\SVNProj"

  # how to authenticate a user
  AuthType Basic
  AuthName "Subversion repository"

  AuthBasicProvider ldap1 ldap2
  LDAPReferrals Off

  # only authenticated users may access the repository
  Require valid-user

  # our access control policy
  AuthzSVNAccessFile "D:\SVNProj\authz.ini"
</Location>

沒有留言:

張貼留言