Prerequisite: Complete the basic installation of SVN
First, install SASL related components
# Yum install-y cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain
Second, view the SASL version and the authentication module provided
# saslauthd-v
Third, modify the SASL user authentication mode for LDAP
# Cp/etc/sysconfig/saslauthd/etc/sysconfig/saslauthd.save # sed-i ' s/mech=pam/mech=ldap/'/ETC/SYSCONFIG/SASLAUTHD
Iv. Modify the SASL configuration file (new if not present)
# vi/etc/saslauthd.conf (The following information is configured according to the LDAP Service)ldap_servers:ldap://192.168.1.2ldap_bind_dn:cn=chengdu , dc=sichuan,dc=comldap_bind_pw:xxxxxxldap_search_base:dc=sichuan,dc=comldap_filter:uid=% 3Ldap_auth_method:bindldap_mech:DIGEST-32786
V. Restart the SASL service to test
# systemctl Restart SASLAUTHD # testsaslauthd-u User-p password
Six, modify the configuration file svn.conf, does not exist the new, currently do not know the role of this file
# vi/etc/sasl2/svn.conf Pwcheck_method:saslauthdmech_list:plain Login
Seven, restart the SASL service, and do the SVN related configuration
# Cat svnserve.conf [General]anon-access = Noneauth-access = write#password-db = passwd Authz-db ==/opt/svn/migu/spms[sasl]use-SASL = True
Eight, testing
Currently switched to LDAP authentication, theSVN service no longer calls the passwd file and no longer uses the user in Authz, but the permissions control of the LDAP user needs to be set in Authz.
A) take a user of LDAP as an example (chenhongyuwx),Authz do not modify permissions, use this user to access
Log in using the password for login SPMs
Login failed with no access permission
b) Authz read-only permission to CHENHONGYUWX, access using this user
Log in with the password of login SPMs, log in successfully, explain chenhongyuwx have Read permission, meet the configuration requirements
Upload file, use chenhongyuwx user commit failed, because chenhongyuwx only read permission, no write permission, meet the configuration requirements
c) Authz permission to read and write to chenhongyuwx, accessed using this user
Uploading the file, using chenhongyuwx user commit succeeds because Authz has read and write permissions set for it.
LDAP authentication configuration for SVN under CentOS