Thursday, October 9, 2008

Apache serve Subversion with LDAP authentication

Apache2 modules apache-mod_dav and apache-mod_dav_svn are required to serve Subversion by httpd. I also installed apache-mod_ldap as well as apr-util-dbd-ldap to authenticate against a openldap server.

DAV svn
SVNParentPath /home/apps/svnrepo
SVNListParentPath on
Order deny,allow
Deny from all
allow from 192.168.
AuthType basic
AuthName "Restricted area"
AuthBasicProvider ldap
AuthLDAPBindDN "uid=ldap,dc=example,dc=com"
AuthLDAPBindPassword secret
AuthLDAPURL "ldap://server/ou=people,dc=example,dc=com?uid?one"
Require valid-user

Using ldapi://

OpenLDAP needs to be configured to accept conections via ldapi://, a local unix socket. This is done in the /etc/sysconfig/ldap file. Change the SLAPD URL list to the following:

# SLAPD URL list
SLAPDURLLIST="ldap:/// ldaps:/// ldapi:///"

OpenLDAP will need to be restarted, of course.

A great reference on cyrus SASL and LDAP

No comments: