Using Apache + Subversion for AD authentication

Recently, because of the source code version control issues, so decided to use SVN to version control, and related to user rights, decided to use AD authentication method to control user access, so spent a lot of time to study this thing, and finally small results, first recorded, consolidated, also in case later forget.

The whole process is roughly four steps:

1. Installing Apache (http://httpd.apache.org/download.cgi)

2. Installing Subversion (http://subversion.tigris.org/)

3. Installing TortoiseSVN(http://tortoisesvn.tigris.org/)

4. Configuration

Before I go into detail, let me say a few of my current software versions:

apache_2.2.11

Subversion-1.6.2

TortoiseSVN-1.6.2.16344

OK, let's start with the concrete steps.

1. Installing Apache

This step is still relatively simple, basically is the way next down, here need to mention is: one to note the version and SVN version is consistent, the second is to Apache installation, the directory can be changed under, such as D:/apache, of course, this does not affect the configuration behind, just convenient.

2. Install Subversion

As above, choose a simple directory such as (d:/subversion), pay attention to the version is OK, the installation process and need to exercise what heart.

3. Installing TortoiseSVN

This is a third-party Windows graphical tool, which can be used to perform simple operations, of course, if enough cattle, or like Subversion command, this is not necessary.

4. Configuration Files

This is the top priority of this article, the following description of my configuration, because I am just a success is OK, did not continue to drill down to the meaning, so here only describe the configuration of my success after the appearance, perhaps there are other ways, or more detailed configuration scheme, here is filtered.

1): Configure SVN. By modifying the Apache configuration file, svn can be accessed via HTTP first, so here we find the Apache configuration file httpd.conf (d:/apache/conf), which is configured as follows:

#取消这两行的注释 LoadModule dav_module modules/mod_dav.so LoadModule dav_fs_module modules/mod_dav_fs.so #加上这两行, where absolute paths are used, Easy to upgrade, do not copy so many DLL files #D:/subversion is the installation directory of Subversion, according to the actual situation modified LoadModule Dav_svn_module "d:/subversion/bin/mod_dav_ Svn.so "LoadModule authz_svn_module" d:/subversion/bin/mod_authz_svn.so "

2): Enable LDAP module for authentication

#在httpd find these two lines in the. conf file, uncomment LoadModule authnz_ldap_module modules/mod_authnz_ldap.so LoadModule ldap_module modules/ Mod_ldap.so #找到这一行, uncomment #这一行在后面配置的时候, if set require Valid-user, is required LoadModule authz_user_module modules/mod_authz_ User.so

3): Configure related permissions

Erection we have built a repository under D:/SVN, and you can create one with tortoisesvn or SVN commands, such as repository.

The following continues to modify the httpd.conf file to complete the functionality of integrated AD authentication.

#在httpd. conf at the end of the Add this section <Location/svn> #启用SVN, set the path of the validation DAV svn svnparentpath d:/svn #启用LDAP验证 authbasicprovider LDAP AuthType Basic authzldapauthoritative on AuthName "My Subversion Server" # The LDAP query URL # format: Scheme://host:port/bas Edn?attribute?scope?filter # Specific information, surf the Internet to check it, not wordy Authldapurl "ldap://myhost.example.com:389/dc=example,dc=com?" Samaccountname?sub? (objectclass=*) "NONE #使用下面的两种格式都OK的 #注意这里的CN使用的是AD中对应的Display Name #可以通过后面参考文件中的browser来查看用户对应的cn #AuthLDAPBindDN" Cn=cresting ding,cn=users,dc=example,dc=com "Authldapbinddn" cding@example.com "Authldapbindpassword" Test "# If you use Valid-user here, you must enable the above mentioned mod_authz_user.so Require valid-user #Require ldap-user "cding" </Location>

OK, restart Apache, and then find a machine to try it.

Note: When prompted to enter the user name and password, the user name as long as the data cding OK, do not need to enter the Example/cding

Reference files:

http://www.jejik.com/articles/2007/06/apache_and_subversion_authentication_with_microsoft_active_directory/

Http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html

Http://www.filewatcher.com/m/Browser282b2.zip.658370.0.0.html