LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 08-03-2010, 04:58 PM   #1
yield
LQ Newbie
 
Registered: Aug 2007
Location: Montreal, Quebec, Canada
Distribution: Debian Etch/Solaris 10/Ubuntu
Posts: 3

Rep: Reputation: 0
Question Apache/SVN LDAP authentification


Hi There,

I am looking to build a new SVN server with LDAP autehntification in our entreprise. I already did that in smaller corporations but at that time I had total controll over the MS AD server we where using.

As for now, I don't. And what I need is : AuthLDAPBindPassword "SecretPass".
I know they wont give it me for obvious reason...

Now, is there any other way to use that type of configuration without the master AD password ? Or is there any way to get that kind of pass for a specific OU section ?

I know that is more of a MS product question kind of but since some peoples here probably faced that issue...

Here is the config I would use in my Apache config file :

Quote:
<Location /repos>
# Enable Subversion
DAV svn

# Directory containing all repository for this path
SVNParentPath /absolute/path/to/directory/containing/your/repositories

# LDAP Authentication & Authorization is final; do not check other databases
AuthLDAPAuthoritative on

# Do basic password authentication in the clear
AuthType Basic

# The name of the protected area or "realm"
AuthName "Your Subversion Repository"

# Active Directory requires an authenticating DN to access records
# This is the DN used to bind to the directory service
# This is an Active Directory user account
AuthLDAPBindDN "CN=someuser,CN=Users,DC=your,DC=domain"

# This is the password for the AuthLDAPBindDN user in Active Directory
AuthLDAPBindPassword somepassword

# The LDAP query URL
# Format: scheme://host:port/basedn?attribute?scope?filter
# The URL below will search for all objects recursively below the basedn
# and validate against the sAMAccountName attribute
AuthLDAPURL "ldap://your.domain:389/DC=your,DC=domain?sAMAccountName?sub?(objectClass=*)"

# Require authentication for this Location
Require valid-user
</Location>
Regards,
 
Old 08-03-2010, 05:25 PM   #2
zirias
Member
 
Registered: Jun 2010
Posts: 361

Rep: Reputation: 59
Did you try mod_auth_sspi? Instead of directly accessing the AD via LDAP, it uses windows' own authentication mechanisms. Working great for my svn repo in the company

edit: it requires the machine running apache is a win32 host and member of the domain you want to authenticate with...

Last edited by zirias; 08-03-2010 at 05:28 PM.
 
Old 08-04-2010, 03:56 AM   #3
saifkhan123
Member
 
Registered: Apr 2009
Distribution: Red Hat/CentOS
Posts: 108

Rep: Reputation: 19
Quote:
Originally Posted by zirias View Post
Did you try mod_auth_sspi? Instead of directly accessing the AD via LDAP, it uses windows' own authentication mechanisms. Working great for my svn repo in the company

edit: it requires the machine running apache is a win32 host and member of the domain you want to authenticate with...
OP is trying to make SVN work on Linux, and the mod_auth_sspi only works with Windows, so its not the case.

To make ldap authentication work, you should make a normal user (no special privilege) in the AD so that it can traverse the AD, because you cannot traverse AD anonymously. For your reference i have mentioned below my SVN running config in Apache, i have made a user named "access" in AD just for using it with SVN LDAP authentication process.

My running config for SVN and LDAP is

Code:
#18
<Location /SVNrepo>
DAV svn
SVNPath /var/SVN
AuthzSVNAccessFile /etc/svn-acl
AuthType Basic
AuthName "My Source Repo"
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL "ldap://domain controller/OU=domain controllers,DC=my,DC=com?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "access@my.com"
AuthLDAPBindPassword "password of user access@my.com"
require ldap-group CN=All,OU=Domain Controllers,DC=my,DC=com
</Location>
 
Old 08-04-2010, 08:54 AM   #4
yield
LQ Newbie
 
Registered: Aug 2007
Location: Montreal, Quebec, Canada
Distribution: Debian Etch/Solaris 10/Ubuntu
Posts: 3

Original Poster
Rep: Reputation: 0
Hi saifkhan123,

Thank you verry much. This is exactly what I was looking for !
will try that ASAP and let you guy's know.

Best Regards !
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
svn+ldap+sasl2 problem under CentOS52 myhnet Linux - Server 1 06-30-2009 04:53 PM
SVN + LDAP + Apache in Debian Can't open file /db/txn-current-lock Permission denied Ricio Linux - General 3 06-14-2009 04:46 PM
anon svn read-only over apache: '.svn/entries': No such file hedpe Linux - Software 2 04-29-2009 06:31 AM
Apache 2.2 and mysql authentification zhjim Linux - Software 1 05-15-2007 02:46 AM
authentification via ldap abd_bela Debian 1 01-20-2007 01:00 AM


All times are GMT -5. The time now is 03:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration