![Ubuntu has pretty good HOWTOs for quite a few things. Here’s one for Subversion. The following is my common setup on an Ubuntu 8.04 installation with Apache and ActiveDirectory used […]](https://www.ipaul.com/wp-content/uploads/2009/08/ntfingerprint-350x300.jpg "Subversion with Apache and ActiveDirectory Authentication")
Ubuntu has pretty good HOWTOs for quite a few things. Here’s one for Subversion.
The following is my common setup on an Ubuntu 8.04 installation with Apache and ActiveDirectory used for authentication.
To start, install the subversion package
Add a new group called ‘subversion’, then add the ‘www-data’ user to the group.
user@computer:$ sudo adduser www-data subversion
Make a new subversion directory
Create a shell script to automate the tasks of creating new SVN repositories. You can add other setup tasks here too, such as post-commit hooks, etc. Save this file as ~/create-svn-repo.sh:
#! /bin/sh if [ $# -lt 1 ]; then echo You must supply the name of a svn repository to add. exit 0 fi echo Creating SVN Repository: sudo svnadmin create /var/svn/$1 sudo chown -R www-data:subversion /var/svn/$1 sudo chmod -R g+rws /var/svn/$1 echo SVN Repository Creation Completed |
Grant permission to execute the script:
Now you can create as many SVN repositories as you desire with the following command, replacing myproject with your own:
Create a new file as root for Apache at /etc/apache2/sites-available/svn:
<Location /svn> DAV svn SVNParentPath /var/svn AuthType Basic AuthName "My SVN Repository" AuthBasicProvider ldap AuthzLDAPAuthoritative on AuthLDAPBindDN "CN=SVN,OU=Service Accounts,DC=mydomain,DC=com" AuthLDAPBindPassword ReplaceWithSVNPassword AuthLDAPURL "ldap://NameOfActiveDirectoryServer:389/DC=mydomain,DC=com?sAMAccountName?sub?(objectClass=person)" NONE Require valid-user Require ldap-group CN=Subversion,OU=Groups,DC=mydomain,DC=com SVNListParentPath On </Location> |
You will need to create a service account for Subversion(Apache) to use to log into ActiveDirectory. You should also create a Group to put AD Subversion users into. Since the Apache site file contains the password of the service account, you should limit the permissions of this file and then enable the site and authentication module and reload Apache:
user@computer:$ sudo a2ensite svn
user@computer:$ sudo a2enmod authnz_ldap
user@computer:$ sudo /etc/init.d/apache2 force-reload
At this point, you should be able to use a web browser to visit http://mymachine/svn/ which will require you to authenticate. Once authenticated, you should be able to view your Subversion repositories.
We could have Apache connect using ldaps over a secure connection, but that requires certain requirements such as certificates in order to connect to the AD server and is beyond the scope of this blog. There’s a possibility I may include a future blog entry on that if there was enough demand for it. I also plan on having a future post on running a dynamic backup of your svn repositories to a cifs share.
UPDATE: if you have problems connecting to your LDAP server at the top level (DC, instead of a OU, for example) and receiving the following error: [ldap_search_ext_s() for user failed][Operations error], modify the ldap.conf file and add “REFERRALS off”. ActiveDirectory has some top level links that apparently cannot be processed correctly. Alternately, set up an OU to hold all of your users.
Thank you for another wonderful post. The place else could anybody get
that kind of information in such an ideal manner of writing?
I have a presentation subsequent week, and I am at the search
for such information.