LDAP Authentication in subversion for Ubuntu 16.04


Please check the below link for basic subversion set up in ubuntu

https://nithinkk.wordpress.com/2017/02/01/subversion-in-nutshell/

 

Prerequisite

Subversion – Apache2 -Ubuntu 16.04 -LDAP server

 

The Lightweight Directory Access Protocol (LDAP)

LDAP, or Lightweight Directory Access Protocol, is a protocol for managing related information from a centralized location through the use of a file and directory hierarchy.

It functions in a similar way to a relational database in certain ways, and can be used to organize and store any kind of information. LDAP is commonly used for centralized authentication.

In this guide I will cover how to integrate LDAP Authentication to Apache Subversion (SVN) in Ubuntu

 

Introduction

Before we start we need to set up and install below packages

Update Repo

 sudo apt-get update

Install Apache

 sudo apt-get install apache2

Install Subversion

 sudo apt-get install subversion libapache2-mod-svn libapache2-svn libsvn-dev

Enable  dav_svn in Apache

sudo a2enmod dav sudo a2enmod dav_svn

Restart the server

sudo service apache2 restart

Configuring DAV SVN for LDAP Authentication

Edit the file /etc/apache2/mods-enabled/dav_svn.conf and insert the below configuration


<location /svn>
 DAV svn
 
 #Edit your Parent path of SVN if you have multiple repos
 SVNParentPath /home/svn 
 
 #Creating User restriction for repos
 AuthzSVNAccessFile /etc/apache2/dav_svn.auth 

 # Use LDAP auth against an active directory
 AuthName "Enter your LDAP credentials"
 AuthType Basic
 AuthBasicProvider ldap
 AuthLDAPBindDN "CN=ldap,OU=developer,DC=your_domain,DC=edu"
 AuthLDAPBindPassword your_password
 AuthLDAPURL ldap://192.168.26.2:389/OU=developer,DC=your_domain,DC=edu?sAMAccountName?sub?(objectClass=*) NONE

Require ldap-attribute objectClass=user
</location>

Enabling ldap module

 
sudo a2enmod ldap

sudo a2enmod authnz_ldap

sudo a2enmod headers

sudo service apache2 restart

 

Create SVN Repository

You can create repo using svnadmin command and create svnusers group and add permissions


sudo svnadmin create /home/svn/repo

sudo addgroup svnusers

sudo adduser administrator svnusers

sudo adduser www-data svnusers
sudo chgrp -R svnusers /home/svn
sudo chmod -R g+w /home/svn
sudo service apache2 restart

Repository access to LDAP User

After creating SVN repos we need to give LDAP user restrictions to our repo.

Create a authentication file /etc/apache2/dav_svn.auth and add below configuration


[groups]
admin = niks
group1 = raj, ram, tom
group2 = tom
group3 = ram

###################################
[/]
* = r
@admin = rw
###################################Only tom can access
[repo1:/]
* = 
tom = rw
###################################Access by admin and group1
[repo2:/]
* =
@admin = rw
@group1 = rw
################################### Access by group2 &1 and admin
[repo3:/]
* =
@admin = rw
@group2 = rw
@group1 = r
################################### Read access to all and write access to admin
[repo4:/]
* = r
@admin = rw

###################################

Now restart Apache with

 sudo service apache2 restart

 

You are now ready to use your new subversion repository with LDAP account with custom user/group directory restrictions.

 

 

 

Advertisements

7 thoughts on “LDAP Authentication in subversion for Ubuntu 16.04

Add yours

  1. Hello, appreciate the guide, very helpful. Can you assist with the following forbidden access errors?
    From web browser i am getting: Forobidden you do not have permission to access /svn/repo1 on this server, and the same via tortoiseSVN.

    I have checked my my SVN Access file and that seems to be correct.

    1. Could you please share the config file.

      Only if you have multiple repositories, you should use SVNParentPath. Else please use SVNPath /home/svn

      You can mail me at — > n i t h i n k k 1 (at) gMaiL

      1. Thanks for the quick reply.

        I discovered that i had the dav_svn.authz file spelt without the z (auth)!

        Just about to create multiple repositories now so i’ll look at the SVNParentPath option, thanks for the heads up on that.

  2. This tutorial works perfect, every time, thanks for publishing.
    I have a particular set of users who want this but has to be running on Centos. However, I can not get svn to serve over http and authenticate to ldap.
    Have you managed this, or have any pointers.?
    Many thanks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: