Friday, August 19, 2016

integration_svn_ldapauthentication_centos

Installing/Configuring CentOS

Install CentOS with default partition and make sure you have web server (http package) with PHP support installed. Once the installation is finished and you are logged in as root, I suggest that you install the latest updates by running
[root@svn ~]# yum update
Install subversion and mod_dav_svn packages
[root@svn ~]# yum install subversion mod_dav_svn enscript php-ldap
encrypt package is used by WebSVN for code highlighting and formatting.

Active Directory/LDAP Configuration

 If your LDAP deployment doesn’t support anonymous bind, create a user in LDAP which can be used to bind and perform queries. By default, anonymous LDAP operations, except root DSE searches and binds are not permitted on Windows 2003 domain controllers. As my deployment involves Windows 2003 based domain controller, I created a user named ‘LDAP User‘ (Logon Name ‘ldapuser‘) in Users container.
Before proceeding with rest of the setup, its a good idea to test the bind using the user which will be used for binding and search queries. I used a free utility available from Softerra named LDAP Browser which is available for free download at:

http://www.softerra.com/download.htm

In rest of the setup, I will use imaginary domain called domain.example.com. My user principal name will be ldapuser@domain.example.com and the distinguished name for the same will be
CN=LDAP User,CN=Users,DC=domain,DC=example,DC=com.


The FQDN for active directory domain server is adserver.domain.example.com.
WebSVN Configuration
Create a directory which will hold the SVN repositories. I used /var/www/ for this purpose
mkdir -p /var/www/svn 
 
 
 
Next, download the latest WebSVN package from http://www.websvn.info
 
[root@svn ~]# cd /usr/local/src
 
   [root@svn ~]# wget http://websvn.tigris.org/files/documents/1380/45918/websvn 2.2.1.tar.gz
 
   [root@svn ~]# tar zxvf websvn-2.2.1.tar.gz
 
   [root@svn ~]# mv websvn-2.2.1 /var/www/
   [root@svn ~]# cd /var/www/
==
           [root@svn ~]# ls
 
[root@svn ~]# cd /etc/httpd/conf.d/
 
[root@svn ~]# vim websvn.conf
 
Add the below line  
Alias /websvn /var/www/websvn

<Location "/">
AuthBasicProvider ldap
    AuthType Basic
   AuthzLDAPAuthoritative off
   AuthName "Subversion Repository Web Browsing"
   AuthLDAPURL "ldap://ldap.domainname.com:3268/DC=xx,DC=xx,DC=xx,DC=xx?sAMAccountName?sub?(objectClass=*)" NONE
   #AuthLDAPBindDN "CN=LDAP User,CN=Users,DC=domain,DC=example,DC=com"
   AuthLDAPBindDN "CN=xx,OU=Application Mail,DC=xx,DC=xx,DC=xx,DC=xx"
   AuthLDAPBindPassword xxxxxx
 
    require valid-user
     </Location>


    And save the file
 
     [root@svn ~]# service httpd restart


       Next, create the new configuration file for WebSVN from default configuration files ships with the package.


cd /var/www/websvn/include
cp distconfig.php config.php
You can edit the config.php file according to your environment. For every repository, you have add the parent path to directory which holds the repositories. In my case, /srv/svn is the directory which will hold all the repositories so I added the below line to config.php
$config-&gt;parentPath('/var/www/svn');

$extEnscript[".pl"] = "perl";
$extEnscript[".py"] = "python";
$extEnscript[".sql"] = "sql";
$extEnscript[".java"] = "java";
$extEnscript[".html"] = "html";
$extEnscript[".xml"] = "html";
$extEnscript[".thtml"] = "html";
$extEnscript[".tpl"] = "html";
$extEnscript[".sh"] = "bash";

Restart the apache service for changes to take effect
service httpd restart
Lets create a repository which we can use for testing.
[root@svn ~]# svnadmin create --fs-type fsfs /var/www/svn/testing20100121

Try accessing the alias using the URL http://<hostname>/websvn and if things work out good, you should have access to your repositories through WebSVN interface.

Configuring WebDAV

Configuring WebDAV access for subversion requires mod_dav_svn module which we already installed in previous steps. Installing mod_dav_svn RPM also creates configuration file subversion.conf under /etc/httpd/conf.d directory.
To use WebDAV for SVN repositories, repository directory should be owned by web server user (apache). Change the ownership of our test SVN repository to apache user
[root@svn ~]# chown -R apache.apache /var/www/svn/testing20100121

Next, edit subversion.conf file and
vim /etc/httpd/conf.d/subversion.conf
add the following lines.
   <Location />
 
DAV svn
SVNParentPath /var/www/svn
 
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative off
AuthName "Subversion Repository Web Browsing"
AuthLDAPURL "ldap://ldap.domain name.com:3268/DC=xx,DC=xx,DC=xx,DC=xx?sAMAccountName?sub?(objectClass=*)" NONE
#AuthLDAPBindDN "CN=LDAP User,CN=Users,DC=domain,DC=example,DC=com"
AuthLDAPBindDN "CN=xx,OU=Application Mail,DC=xx,DC=xx,DC=xx,DC=xx"
AuthLDAPBindPassword xxx
 
require valid-user
 
</Location>
 
 
 
.
Lets, restart the apache service for changes to take effect
 service httpd restart
 
 
 

 






 


[r




















Posted by



at







































No comments:















Post a Comment


















        

      









Subscribe to:
Post Comments (Atom)