Configure SVN Server with Apache & LDAP Authentication
Installation
[[email protected] ~]# yum install mod_authz_ldap mod_dav_svn subversion
The first thing to do is to install the packages I mentioned above. If you don't have Apache installed already, it'll go ahead and drag that down as well.
When you install from yum, there's a longer list than the two packages above that will automatically resolve themselves. Some other things will be installed automatically. Depending on your packages, your mileage may vary.
Configurations
1. Apache
Before you delve into the deep end, you need to ensure Apache is set up first. I'm assuming this is a virgin installation, so if you already have Apache things going…be careful what you change. I'm also going to explain setting this up with basic password protection. You can easily let this out, however, if you want to allow access to the repos from everyone.
First thing is make sure you open up /etc/httpd/conf/httpd.conf and at least change the ServerName directive. If you need more help or more complex configurations, then consult the Apache docs please.
[root@mylinuxtips.info ~] vim /etc/httpd/conf/httpd.conf — Edit what you need and save the file
NameVirtualHost IP-Address
<VirtualHost svn.sush.com>
ServerAdmin [email protected]
DocumentRoot /var/www/svn/repos/
ServerName svn.sush.com
ErrorLog logs/svn.sush.com-error_log
CustomLog logs/svn.sush.com-access_log common
Include /etc/httpd/subversion/subversion.conf
<Directory "/var/www/svn/repos/">
Options Indexes
</Directory>
</VirtualHost>
Browse to your machine on the network and see if you get your test page, which you should: http://yourmachine. Working? Great, let's move along to more fun things.
4.2. Subversion's Apache configs
The next step is to setup some settings within Apache so Subversion and Apache play nice together. Get yourself to the example configuration file Subversion installed for you.
[root@mylinuxtips.info ~] cd /etc/httpd/conf.d/
[root@mylinuxtips.info ~] mkdir /etc/httpd/subversion
[root@mylinuxtips.info ~] mv subversion.conf /etc/httpd/subversion
[root@mylinuxtips.info ~] cd /etc/httpd/subversion
[root@mylinuxtips.info ~] vim subversion.conf
# Make sure you uncomment the following if they are commented out
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
# Add the following to allow a basic authentication and point Apache to where the actual
# repository resides.
<Location /repos>
# Enable Subversion
DAV svn
# Directory containing all repository for this path
SVNParentPath /var/www/svn/repos
# Define the parent path
SVNListParentPath On
# Enable AutoVersioning
SVNAutoversioning On
# Do basic password authentication in the clear
AuthType Basic
# The name of the protected area or "realm"
AuthName "Your Subversion Repository"
# LDAP Authentication & Authorization is final; do not check other databases
AuthzLDAPAuthoritative on
# Authentication Provider is LDAP
AuthBasicProvider ldap
# The LDAP query URL
# Format: scheme://host:port/basedn?attribute?scope?filter
# The URL below will search for all objects recursively below the basedn
# and validate against the sAMAccountName attribute
AuthLDAPURL "ldap://server.sush.com:389/DC=sush,DC=com?uid?sub?(objectClass=*)"
AuthLDAPGroupAttribute memberUid;
# Require authentication for this Location
Require valid-user
# Access file for Subversion Repository
AuthzSVNAccessFile /etc/httpd/svnauthz.conf
Allow from all
</Location>
Configure your repository
The next thing you need to do is to create the actual repository from which you will check in and out your files. This is simple to do with some of the included svn tools.
[root@mylinuxtips.info ~] cd /var/www/ — Or wherever you placed your path above
[root@mylinuxtips.info ~] mkdir svn
[root@mylinuxtips.info ~] cd svn
[root@mylinuxtips.info ~] svnadmin create repos
[root@mylinuxtips.info ~] chown -R apache.apache repos
[root@mylinuxtips.info ~] service httpd restart
Go test out whether or not you can access your repository from a web browser: http://yourmachine/repos. You should get a popup box asking for a username and password. If so, type in your credentials and you should be displayed with a Revision 0:/ page. If so, that's it for setting up a repo. If you want multiple repos, check out the docs from the links provides above. This sets up one repository and shows you how to start using them. Speaking of, let's move on to just that.
You can then create /etc/httpd/subversion/svnauthz.conf This file consist of sections of the following form:
[reponame:repopath]
user = access
Where access can be r (read), rw (read-write), or empty (no access at all). The default ACL is to give users no access to a repository. Suppose that there is a repository named framework to which you would like to give john read access, and joe read and write access. You could then add the following section:
[framework:/]
john = r
joe = rw
It is also possible to create groups in a section named groups, groups are then prefixed with the 'at' sign (@) in the access control lists. For instance:
[groups]
staff = joe, george
[framework:/]
john = r
@staff = rw
If you would like to make all repositories readable to all users, you can add a section for the root directory of every repository:
[/]
* = r
Nice
Nice !