I have been working with LDAP recently, and almost all systems need to be integrated with LDAP. At first, the technology was enthusiastic, followed by the details of LDAP. Finally, one day, almost all LDAP-based applications have been integrated. At this moment, I also realized how convenient it is for account management to use LDAP in enterprises. Naturally, I want to integrate all the systems I have access to into LDAP. It's confusing! Hurry up and sort out the Apache + SVN + LDAP system! For development servers, if only
I have been working with LDAP recently, and almost all systems need to be integrated with LDAP. At first, the technology was enthusiastic, followed by the details of LDAP. Finally, one day, almost all LDAP-based applications have been integrated. At this moment, I also realized how convenient it is for account management to use LDAP in enterprises. Naturally, I want to integrate all the systems I have access to into LDAP. It's confusing! Hurry up and sort out the Apache + SVN + LDAP system!
For development servers, even though only subersion is available, svn can be accessed through svn: // host/svn. However, such access method is inconvenient, especially for Internet access, we integrate WebDAV in Apache so that svn can be accessed through http: // host/svn. However, if svn is accessed through the Internet directly, we use SSL and https: // host/svn access to svn; of course, if many people want to use svn, svn account management will become a headache! How can this problem be solved? Account allocation and password change are all troublesome. LDAP solves this problem!
Before building the Apache + SVN + LDAP service, run the ldapSearch command to check the LDAP service connection:
Ldapsearch-h ldap.zlex.org-p389-X-B"Cn = users, dc = zlex, dc = org"-DSnowolf@zlex.org"-W11111111
Brief description:
-HHost address
-PPort Number (389 by default)
-XSimple authorization
-BBaseDN
-DBindDN: This is the user account of the State.
-WExplicitly enter the password
-WEnter Password implicitly
This is based on the method of binding a user account to access the LDAP service. If you can access LDAP anonymously, this is easier and more secure!
If the connection is successful, you can obtain a bunch of LDAP information for this account. If www.linuxidc.com fails, you can only consult the LDAP Service Provider!
PS: this month, I was killed by the LDAP service. My colleagues in charge of LDAP service maintenance did not know how to configure LDAP connections in related applications. I can only hit it by mistake. I tried one parameter test.
If your Ubuntu cannot use this command, run the following command to install it!
Sudo apt-get install ldap-utils
In Ubuntu, to build Apache + SVN + LDAP, in addition to completing the construction of Apache + SVN service, you only need to append the ldap module to build the service quickly.
If you do not know which apache modules are related to ldap, you can use this command to find the related modules:
Sudo apt-cache search apache2 ldap
Note:
Libapache2-mod-ldap-userdir-Apache module that provides UserDir lookups via LDAP
Libapache2-mod-vhost-ldap-Apache 2 module for Virtual Hosting from LDAP
Now, it's easy to directly install the relevant modules:
Sudo apt-get install libapache2-mod-ldap-userdir libapache2-mod-vhost-ldap
Next, modify the SVN configuration file:
Sudo vi/etc/apache2/mod-available/dav_svn.conf
FindAuthType Basic, AppendAuthBasicProvider ldapAnd comment outAuthUserFile.
The following is a configuration snippet:
- AuthType Basic
- AuthName"Subversion Repository"
- # Use LDAP to verify user identity and discard Password text
- # AuthUserFile/etc/apache2/dav_svn.passwd
- AuthzSVNAccessFile/etc/apache2/dav_svn.authz
- # LDAP service configuration
- AuthBasicProvider ldap
- AuthzLDAPAuthoritative off
- # LDAP connection
- AuthLDAPURL"Ldap: // ldap.zlex.org/dcw.zlex,dcw.org? SAMAccountName? Sub? (ObjectClass = user )"
- # Federated users
- AuthLDAPBindDNSnowolf@zlex.org"
- # Fixed password
- AuthLDAPBindPassword"11111111"
- Require valid-user
The LDAP service does not yet know how to build it. I know little about the LDAP service, and I cannot understand the meaning of each parameter in depth. Building an LDAP service will be my next technical benchmark!