You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Leo Donahue - RDSA IT <Le...@mail.maricopa.gov> on 2013/09/27 20:52:08 UTC
[users@httpd] some questions on configuring SSL and LDAP
Would someone be willing to nitpick this configuration?
The goal is setting up a self-signed certificate and enabling SSL and LDAP authentication for a subversion repository.
This configuration is located in subversion.conf
The version of Apache httpd in this subversion product is: 2.2.25
This configuration is working, but I was hoping someone might spot something I've missed or perhaps suggest some best practices?
# VirtualHost is set to: 8443 for SSL
<VirtualHost *:8443>
KeepAlive On
# This directive toggles the usage of the SSL/TLS Protocol Engine. This should be used inside a <VirtualHost> section to enable SSL/TLS for a that virtual host.
SSLEngine On
SSLCertificateFile "C:\Program Files (x86)\Subversion\Apache2\ssl\apache.crt"
SSLCertificateKeyFile "C:\Program Files (x86)\Subversion\Apache2\ssl\apache.key"
# The <Location> directive limits the scope of the enclosed directives by URL, in this case the URL of /svn
<Location /svn>
DAV svn
SVNParentPath "C:\repositories"
# Let the users browse the parent path /svn
SVNListParentPath on
# SVNParentPath and authz fix http://subversion.tigris.org/issues/show_bug.cgi?id=2753
RedirectMatch ^(/svn)$ $1/
# Authentication: LDAP
Order deny,allow
Deny from All
AuthName "my auth name"
AuthType Basic
AuthBasicProvider ldap
# AuthzLDAPAuthoritative must be explicitly set because the default setting is "on" and authentication attempts for valid-user will fail otherwise.
AuthzLDAPAuthoritative off
# Note: We are only looking for users that belong to a certain OU of yadda1
AuthLDAPURL "ldap://servername.domain:389/OU=yadda1,OU=yadda,DC=domain,DC=organization,DC=gov?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "CN=AD Query Account,OU=Service Accounts,OU=dept,DC=domain,DC=organization,DC=gov"
AuthLDAPBindPassword bind_password
# If AuthzLDAPAuthoritative was set to 'on', then you can list required users in the following directive
#Require user "me" "someotheruser"
# Grants access to any user that has successfully authenticated during the search/bind phase
Require valid-user
# Allows the request if any requirement is met (authentication OR access), can use 'all' to force both requirements
Satisfy any
# Authorization: Path-based access control; authenticated users can access paths for read/write specfied in this file.
AuthzSVNAccessFile "C:\svn_passwd\svn-auth.authz"
SVNAutoversioning on
</Location>
# Enable Subversion logging
CustomLog logs/subversion.log combined
</VirtualHost>
Leo