【採坑】Ldap+Apache+Svn整合訪問
阿新 • • 發佈:2018-12-16
一、背景
二、步驟(此步驟基於docker容器中部署,與宿主機部署沒什麼太大差異)
1.啟動一個centos容器(此處不多做介紹)
docker run --name centos3 -d harbor-registry.ipaychat.com/centos/centos:v3 /usr/sbin/init
6bfecad6f188240e7e04c41b3c422c1ff4b4b95403e6b4339ae84355c5ad343e
##注意: 此處如不執行/usr/sbin/init 之後容器中啟動服務會報錯
2.安裝cyrus-sasl認證包
yum install -y *sasl*
3.配置ldap訪問模式
sed -i 's#MECH=shadow#MECH=ldap#g' /etc/sysconfig/saslauthd
##驗證是否修改成功
grep -i mech /etc/sysconfig/saslauthd
# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled with the ablity to use.
MECH=ldap
4.編輯saslauthd.conf檔案,預設不存在,需要自己新增,具體內容依照ldap服務端配置
cat /etc/saslauthd.conf
ldap_servers: ldap://xxxx
ldap_port: 389
ldap_version: 3
ldap_password_attr: userPassword
ldap_auth_method: bind
ldap_filter: uid=%[email protected]
ldap_search_base: ou=xxx,dc=xxx,dc=xxx
log_level: 7
##注意:ldap_filter後加@xxx.com是因為帶@企業使用者無法正常登陸,配置該項後,賬號/密碼:xxx/123456,而不是[email protected] /123456
5.驗證ldap是否配置成功
testsaslauthd -uwusheng -pxxxx
0: OK "Success."
6.配置svn通過ldap驗證,在ldap伺服器中新增svn.conf檔案,預設沒有該檔案,需要自己新增
cat /etc/sasl2/svn.conf
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
7.新建svn倉庫
##測試,如資料夾不存在則建立即可
svnadmin create /opt/svn/svntest
##此時 svntest倉庫已經建立
8.svn伺服器中修改svn伺服器配置
sed -i '[email protected]# use-sasl = [email protected] = [email protected]' /opt/svn/svntest/conf/svnserve.conf
##一般來說,將/opt/svn/svntest/conf/svnserve.conf以下配置去除註釋
anon-access = read
auth-access = write
9.啟動svn服務
svnserve -d -r /opt/svn
ps -ef | grep svnserve
10.下載httpd服務
yum install httpd subversion mod_dav_svn -y
11.配置subversion
cp /etc/httpd/conf.modules.d/10-subversion.conf /etc/httpd/conf.d/subversion.conf
cat /etc/httpd/conf.d/subversion.conf
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
LoadModule dontdothat_module modules/mod_dontdothat.so
<VirtualHost *:80>
<Location /svn/>
DAV svn
SVNParentPath /opt/svn
SVNListParentPath On
AuthzSVNAccessFile /opt/svn/svntest/conf/authz
AuthBasicProvider ldap
AuthType Basic
AuthName "Subversion repository"
AuthLDAPURL "ldap://xxx:389/ou=fuliao,dc=example,dc=com?uid?sub?(objectClass=*)"
AuthLDAPBindDN "cn=admin,dc=example,dc=com"
AuthLDAPBindPassword "xxx"
Require valid-user
</Location>
</VirtualHost>
12.啟動httpd服務
[[email protected] /]# systemctl start httpd
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
[[email protected] /]# systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2018-10-18 03:29:58 UTC; 5s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 392 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 391 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 391 (code=exited, status=1/FAILURE)
Oct 18 03:29:58 6bfecad6f188 httpd[391]: [Thu Oct 18 03:29:58.259931 2018] [so:warn] [pid 391] AH01574: module authz_svn_module is already loaded, skipping
Oct 18 03:29:58 6bfecad6f188 httpd[391]: [Thu Oct 18 03:29:58.259945 2018] [so:warn] [pid 391] AH01574: module dontdothat_module is already loaded, skipping
Oct 18 03:29:58 6bfecad6f188 httpd[391]: AH00526: Syntax error on line 12 of /etc/httpd/conf.d/subversion.conf:
Oct 18 03:29:58 6bfecad6f188 httpd[391]: Unknown Authn provider: ldap
Oct 18 03:29:58 6bfecad6f188 systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Oct 18 03:29:58 6bfecad6f188 kill[392]: kill: cannot find process ""
Oct 18 03:29:58 6bfecad6f188 systemd[1]: httpd.service: control process exited, code=exited status=1
Oct 18 03:29:58 6bfecad6f188 systemd[1]: Failed to start The Apache HTTP Server.
Oct 18 03:29:58 6bfecad6f188 systemd[1]: Unit httpd.service entered failed state.
Oct 18 03:29:58 6bfecad6f188 systemd[1]: httpd.service failed.
##解決方法:
yum -y install mod_ldap
##重啟httpd
systemctl restart httpd