LDAP Authentication in subversion for Ubuntu 16.04


Please check the below link for basic subversion set up in ubuntu

https://nithinkk.wordpress.com/2017/02/01/subversion-in-nutshell/

 

Prerequisite

Subversion – Apache2 -Ubuntu 16.04 -LDAP server

 

The Lightweight Directory Access Protocol (LDAP)

LDAP, or Lightweight Directory Access Protocol, is a protocol for managing related information from a centralized location through the use of a file and directory hierarchy.

It functions in a similar way to a relational database in certain ways, and can be used to organize and store any kind of information. LDAP is commonly used for centralized authentication.

In this guide I will cover how to integrate LDAP Authentication to Apache Subversion (SVN) in Ubuntu

 

Introduction

Before we start we need to set up and install below packages

Update Repo

 sudo apt-get update

Install Apache

 sudo apt-get install apache2

Install Subversion

 sudo apt-get install subversion libapache2-mod-svn libapache2-svn libsvn-dev

Enable  dav_svn in Apache

sudo a2enmod dav sudo a2enmod dav_svn

Restart the server

sudo service apache2 restart

Configuring DAV SVN for LDAP Authentication

Edit the file /etc/apache2/mods-enabled/dav_svn.conf and insert the below configuration


<location /svn>
 DAV svn
 
 #Edit your Parent path of SVN if you have multiple repos
 SVNParentPath /home/svn 
 
 #Creating User restriction for repos
 AuthzSVNAccessFile /etc/apache2/dav_svn.auth 

 # Use LDAP auth against an active directory
 AuthName "Enter your LDAP credentials"
 AuthType Basic
 AuthBasicProvider ldap
 AuthLDAPBindDN "CN=ldap,OU=developer,DC=your_domain,DC=edu"
 AuthLDAPBindPassword your_password
 AuthLDAPURL ldap://192.168.26.2:389/OU=developer,DC=your_domain,DC=edu?sAMAccountName?sub?(objectClass=*) NONE

Require ldap-attribute objectClass=user
</location>

Enabling ldap module

 
sudo a2enmod ldap

sudo a2enmod authnz_ldap

sudo a2enmod headers

sudo service apache2 restart

 

Create SVN Repository

You can create repo using svnadmin command and create svnusers group and add permissions


sudo svnadmin create /home/svn/repo

sudo addgroup svnusers

sudo adduser administrator svnusers

sudo adduser www-data svnusers
sudo chgrp -R svnusers /home/svn
sudo chmod -R g+w /home/svn
sudo service apache2 restart

Repository access to LDAP User

After creating SVN repos we need to give LDAP user restrictions to our repo.

Create a authentication file /etc/apache2/dav_svn.auth and add below configuration


[groups]
admin = niks
group1 = raj, ram, tom
group2 = tom
group3 = ram

###################################
[/]
* = r
@admin = rw
###################################Only tom can access
[repo1:/]
* = 
tom = rw
###################################Access by admin and group1
[repo2:/]
* =
@admin = rw
@group1 = rw
################################### Access by group2 &1 and admin
[repo3:/]
* =
@admin = rw
@group2 = rw
@group1 = r
################################### Read access to all and write access to admin
[repo4:/]
* = r
@admin = rw

###################################

Now restart Apache with

 sudo service apache2 restart

 

You are now ready to use your new subversion repository with LDAP account with custom user/group directory restrictions.

 

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: