Simplest Enterprise Continuous Integration Solutions

Saturday, September 14, 2013

Enterprise Linux: WebDav Subversion configuration with authentication and authorization

An example about how to configure WebDav Subversion with authentication and authorization

Requirements:

1. /svn/acme/trunk has been configured with Read/Write access (authorization) for all of users under dev_eng LDAP group (authentication)
2. require to congiure an outsourcing development under /svn/acme/branches/outsourcing with only Read/Write access (authorization) for all of users under outsourcing_dev (authentication)

Configuration procedures:

1. create a new outsourcing_dev LDAP group (for authentication) with all of outsourcing developers
2. create a svn access file for outsourcing_dev Read/Write access (for authorization), /etc/httpd/conf.d/svn-access-control with contents as below
[groups]
outsourcing_dev = user1, user2

[acme_outsourcing:/branches/outsourcing]
@outsourcing_dev = rw
3. insert outsourcing_dev under /etc/httpd/conf.d/subversion.conf
# acme outsourcing repository
<Location "/svn/acme-outsourcing">
        DAV svn
        SVNPath /svn/repositories/acme
        SVNReposName "Subversion Repository [acme-outsourcing]"
        AuthzSVNAccessFile /etc/httpd/conf.d/svn-access-control

# Specify the type of authentication system to use.
        AuthType Basic

# Specify the authorization realm for use in HTTP authentication.
        AuthName "ACME Subversion Repository"

# Specify the authentication provider for this location.
        AuthBasicProvider ldap

# Prevent other authentication modules from authenticating the user if this one fails.
        AuthzLDAPAuthoritative on

# Specify the LDAP server, the base DN, the attribute to use in the search,
# as well as the extra search filter to use.
        AuthLDAPURL "ldap://acme:389/OU=Corp Accounts,DC=acme,DC=com?sAMAccountName?sub?(objectClass=*)" NONE

# Specify the DN to bind with during the search phase.
        AuthLDAPBindDN "CN=srv-svn-ldap,OU=No-logon-rights,OU=Generic,OU=Corp Accounts,DC=acme,DC=com"

# Specify the password to bind with during the search phase.
        AuthLDAPBindPassword uCG4Q79hkG

# Require a valid user.
        Require ldap-group CN=acme_outsourcing,OU=Distribution,OU=Corp Groups,DC=acme,DC=com
</Location>


4. restart Apache Web service

No comments:

Post a Comment