Active Directory Authentication to a Subversion Repository

From Notes

Jump to: navigation, search

Pre-requisites:

  • apache 2.2
  • mod_authnz_ldap
  • mod_dav_svn
  • mod_authz_svn

The following example uses SSL to protect credentials passed over the network: 

LDAPTrustedMode SSL
LDAPTrustedGlobalCert CA_BASE64 /etc/pki/tls/certs/ms_cert.pem
LDAPVerifyServerCert Off 

<Location /repos>
  DAV svn
  SVNParentPath /var/www/svn
  SVNListParentPath on

  # Limit write permission to list of valid users.
  <LimitExcept GET PROPFIND OPTIONS REPORT>
   SSLRequireSSL
   Options None
   Allow from all
   AuthName "SVN AD Auth"
   AuthType Basic
   AuthBasicProvider ldap
   AuthLDAPUrl "ldaps://ad.dc.com/ou=<people>,dc=example,dc=com?sAMAccountName?sub?(&(objectClass=user)(!(objectClass=computer)))"
   AuthLDAPBindDN "CN=SVN Auth Account,ou=Service Accounts,dc=example,dc=com"
   AuthLDAPBindPassword "<password>"
   AuthzLDAPAuthoritative off
   require ldap-group cn=svn_devs,ou=groups,dc=example,dc=com
  </LimitExcept>
</Location>
Retrieved from "http://www.itsecureadmin.com/wiki/index.php/Active_Directory_Authentication_to_a_Subversion_Repository"
Personal tools