Integration SVN with HTTPD and LDAP
Subversion Architecture
HTTP
To network your repository over HTTP, you basically need four components, available in two packages. You’ll need Apache httpd 2.0 or newer, the mod_dav DAV module that comes with it, Subversion, and the mod_dav_svn
filesystem provider module distributed with Subversion. Once you have all of those components, the process of networking your repository is as simple as:
- Getting httpd up and running with the mod_dav module
- Installing the mod_dav_svn backend to mod_dav, which uses Subversion’s libraries to access the repository
- Configuring your httpd.conffile to export (or expose) the repository
mod_dav_svn
mod_dav_svn Configuration Directives — Apache configuration directives for serving Subversion repositories through the Apache HTTP Server.
mod_authz_svn
mod_authz_svn Configuration Directives — Apache configuration directives for configuring path-based authorization for Subversion repositories served through the Apache HTTP Server.
LDAP
This module provides authentication front-ends such as mod_auth_basic to authenticate users through an ldap directory.
mod_authnz_ldap
supports the following features:
- Known to support the OpenLDAP SDK (both 1.x and 2.x), Novell LDAP SDK and the iPlanet (Netscape) SDK.
- Complex authorization policies can be implemented by representing the policy with LDAP filters.
- Uses extensive caching of LDAP operations via mod_ldap.
- Support for LDAP over SSL (requires the Netscape SDK) or TLS (requires the OpenLDAP 2.x SDK or Novell LDAP SDK).
Sample Configure of SVN, HTTP, LDAP
Load Module to support SVN
modify /etc/httpd/conf.d/subversion.conf:
LoadModule dav_module modules/mod_dav.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
Basic Config
The easiest way to authenticate a client is via the HTTP Basic authentication mechanism, which simply uses a username and password to verify a user’s identity. Apache provides the htpasswd utility for managing files containing usernames and passwords.
create a password file:
$ htpasswd -c -m /apps/svnroot/passwd harry
New password: *****
Re-type new password: *****
Adding password for user harry
$ htpasswd -m /apps/svnroot/passwd sally
New password: *******
Re-type new password: *******
Adding password for user sally
modify /etc/httpd/conf.d/subversion.conf:
<Location /svn>
DAV svn
SVNParentPath /apps/svnroot/
AuthzSVNAccessFile /apps/svnroot/authz.conf
AuthType Basic
AuthName "Subversion welcome to svn"
AuthUserFile /apps/svnroot/passwd
Require valid-user
</Location>
Load Module to support LDAP
modify /etc/httpd/conf/httpd.conf:
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
modify /etc/httpd/conf.d/subversion.conf:
<Location /IT>
DAV svn
SVNParentPath /apps/svnroot/
AuthType Basic
AuthName "Subversion Repository"
# Auth by LDAP
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://192.168.1.111:389/dc=test-it,dc=net?mail?sub"
AuthLDAPBindDN "cn=it,ou=admin,dc=test-it,dc=net"
AuthLDAPBindPassword "itpassword"
# Auth by passwd file
# AuthUserFile /apps/svnroot/passwd
AuthzSVNAccessFile /apps/svnroot/authz_svn
Require valid-user
</Location>
An RFC 2255 URL which specifies the LDAP search parameters to use. The syntax of the URL is
ldap://host:port/basedn?attribute?scope?filter