SVN and Active Directory

["Gronde, Christopher (Contractor)" <Ch...@fincen.gov>]

Has anyone in here successfully integrated SVN with Active Directory for user authentication?  We are currently using FreeIPA and user account management is the bane of my existence.  If anyone has or knows of any documentation for integrating Active Directory with SVN (preferably 1.9 since we are going to upgrade to that version) that would be much appreciated.

V/r
Chris Gronde (CTR)
Navstar, INC.
Linux Systems Administrator
Network Monitoring Engineer
Financial Crimes Enforcement Network (FinCEN)
Technology Solutions and Services Division (TSSD)
Tel: 703-905-3578
Cell: 571-318-7743
Office: 2041K

Re: SVN and Active Directory

[Eric Johnson <er...@tibco.com>]

Absolutely, but by way of using Apache mod_auth_ldap, and AD's LDAP API.

Eric

On 4/19/16 12:53 PM, Gronde, Christopher (Contractor) wrote:
>
> Has anyone in here successfully integrated SVN with Active Directory 
> for user authentication?  We are currently using FreeIPA and user 
> account management is the bane of my existence.  If anyone has or 
> knows of any documentation for integrating Active Directory with SVN 
> (preferably 1.9 since we are going to upgrade to that version) that 
> would be much appreciated.
>
> V/r
>
> Chris Gronde (CTR)
>
> Navstar, INC.
>
> Linux Systems Administrator
>
> Network Monitoring Engineer
>
> Financial Crimes Enforcement Network (FinCEN)
>
> Technology Solutions and Services Division (TSSD)
>
> Tel: 703-905-3578
>
> Cell: 571-318-7743
>
> Office: 2041K
>

Re: SVN and Active Directory

[Cathy Mullican <cm...@gmail.com>]

Yes, after much hair-pulling and some trauma, I got the svn client on
Ubuntu authenticating to a VisualSVN server via AD. Most of the pain
was due to a buggy libserf in the Ubuntu version we're running,
combined with unclear error messages, so as long as you're not working
with Trusty, it should be a lot simpler.

This was the guide I found most helpful, though I didn't need all the
pieces, and it doesn't cover building a patched libserf:
http://www.linuxquestions.org/questions/linuxquestions-org-member-success-stories-23/%5Btutorial%5D-ad-integration-with-ubuntu-14-04-and-winbind-4175516531/

On Tue, Apr 19, 2016 at 12:53 PM, Gronde, Christopher (Contractor)
<Ch...@fincen.gov> wrote:
> Has anyone in here successfully integrated SVN with Active Directory for
> user authentication?  We are currently using FreeIPA and user account
> management is the bane of my existence.  If anyone has or knows of any
> documentation for integrating Active Directory with SVN (preferably 1.9
> since we are going to upgrade to that version) that would be much
> appreciated.
>
>
>
> V/r
>
> Chris Gronde (CTR)
>
> Navstar, INC.
>
> Linux Systems Administrator
>
> Network Monitoring Engineer
>
> Financial Crimes Enforcement Network (FinCEN)
>
> Technology Solutions and Services Division (TSSD)
>
> Tel: 703-905-3578
>
> Cell: 571-318-7743
>
> Office: 2041K
>
>

RE: SVN and Active Directory

[Tony Butt <To...@cea.com.au>]

We use saslauthd with a Kerberos backend to our AD servers, and it works very well. That assumes you are running a linux based Os, of course.
Tony Butt
CEA Technologies

From: jblist@icloud.com [mailto:jblist@icloud.com]
Sent: Wednesday, 20 April 2016 6:22 AM
To: Gronde, Christopher (Contractor)
Cc: users@subversion.apache.org
Subject: Re: SVN and Active Directory



From: jblist@icloud.com<ma...@icloud.com> [mailto:jblist@icloud.com]
Sent: Tuesday, April 19, 2016 4:12 PM
To: Gronde, Christopher (Contractor) <Ch...@fincen.gov>>
Cc: users@subversion.apache.org<ma...@subversion.apache.org>
Subject: Re: SVN and Active Directory


On Apr 19, 2016, at 12:53 PM, Gronde, Christopher (Contractor) <Ch...@fincen.gov>> wrote:

Has anyone in here successfully integrated SVN with Active Directory for user authentication?  We are currently using FreeIPA and user account management is the bane of my existence.  If anyone has or knows of any documentation for integrating Active Directory with SVN (preferably 1.9 since we are going to upgrade to that version) that would be much appreciated.



I have, just recently in fact. The trick is to use SASL with LDAP. I only use authentication at this point and don't use AD groups for authorization.

I'm using a RHEL7 as my svn server which bundles SVN 1.7. I can't imagine the configuration of the server would be drastically different from 1.7 to 1.9.

So far the only burr in the saddle has been making sure the clients support SASL/PLAIN -- most do, but Eclipse with Subclipse was a failure.

As long as you're fine with passing credentials in cleartext, then this will work for you. If you need SSL encryption, then you will probably need to add Apache. Trying to get the RedHat-supplied svn and Apache components to work together was a non-starter, and trying to build everything from source on RHEL didn't work either.

On Apr 19, 2016, at 1:16 PM, Gronde, Christopher (Contractor) <Ch...@fincen.gov>> wrote:

Unfortunately I fear that SSL is going to be a requirement for us.  The client our users have been using is TortoiseSVN.  1.9 isn’t supplied by Red Hat so maybe that is easier to get to play well with apache than 1.7 was for you?


[please bottom post your responses]

We also use TortoiseSVN 1.9 and it supports SASL. It was only subclipse that caused grief.

I would suggest looking to a packager like wanDisco for your svn 1.9 server. They could probably help getting Subversion+Apache working without having to build from source. Also, since Apache 2.4 natively supports AD authentication, you might get everything you need without having to rely on RedHat.

Re: SVN and Active Directory

[jb...@icloud.com]

>  
> From: jblist@icloud.com [mailto:jblist@icloud.com] 
> Sent: Tuesday, April 19, 2016 4:12 PM
> To: Gronde, Christopher (Contractor) <Ch...@fincen.gov>
> Cc: users@subversion.apache.org
> Subject: Re: SVN and Active Directory
>  
>  
> On Apr 19, 2016, at 12:53 PM, Gronde, Christopher (Contractor) <Christopher.Gronde@fincen.gov <ma...@fincen.gov>> wrote:
>  
> Has anyone in here successfully integrated SVN with Active Directory for user authentication?  We are currently using FreeIPA and user account management is the bane of my existence.  If anyone has or knows of any documentation for integrating Active Directory with SVN (preferably 1.9 since we are going to upgrade to that version) that would be much appreciated.
>  
>  
>  
> I have, just recently in fact. The trick is to use SASL with LDAP. I only use authentication at this point and don't use AD groups for authorization.
>  
> I'm using a RHEL7 as my svn server which bundles SVN 1.7. I can't imagine the configuration of the server would be drastically different from 1.7 to 1.9.
>  
> So far the only burr in the saddle has been making sure the clients support SASL/PLAIN -- most do, but Eclipse with Subclipse was a failure.
>  
> As long as you're fine with passing credentials in cleartext, then this will work for you. If you need SSL encryption, then you will probably need to add Apache. Trying to get the RedHat-supplied svn and Apache components to work together was a non-starter, and trying to build everything from source on RHEL didn't work either.

> On Apr 19, 2016, at 1:16 PM, Gronde, Christopher (Contractor) <Ch...@fincen.gov> wrote:
> 
> Unfortunately I fear that SSL is going to be a requirement for us.  The client our users have been using is TortoiseSVN.  1.9 isn’t supplied by Red Hat so maybe that is easier to get to play well with apache than 1.7 was for you?



[please bottom post your responses]

We also use TortoiseSVN 1.9 and it supports SASL. It was only subclipse that caused grief.

I would suggest looking to a packager like wanDisco for your svn 1.9 server. They could probably help getting Subversion+Apache working without having to build from source. Also, since Apache 2.4 natively supports AD authentication, you might get everything you need without having to rely on RedHat.

RE: SVN and Active Directory

["Gronde, Christopher (Contractor)" <Ch...@fincen.gov>]

Unfortunately I fear that SSL is going to be a requirement for us.  The client our users have been using is TortoiseSVN.  1.9 isn't supplied by Red Hat so maybe that is easier to get to play well with apache than 1.7 was for you?

From: jblist@icloud.com [mailto:jblist@icloud.com]
Sent: Tuesday, April 19, 2016 4:12 PM
To: Gronde, Christopher (Contractor) <Ch...@fincen.gov>
Cc: users@subversion.apache.org
Subject: Re: SVN and Active Directory


On Apr 19, 2016, at 12:53 PM, Gronde, Christopher (Contractor) <Ch...@fincen.gov>> wrote:

Has anyone in here successfully integrated SVN with Active Directory for user authentication?  We are currently using FreeIPA and user account management is the bane of my existence.  If anyone has or knows of any documentation for integrating Active Directory with SVN (preferably 1.9 since we are going to upgrade to that version) that would be much appreciated.



I have, just recently in fact. The trick is to use SASL with LDAP. I only use authentication at this point and don't use AD groups for authorization.

I'm using a RHEL7 as my svn server which bundles SVN 1.7. I can't imagine the configuration of the server would be drastically different from 1.7 to 1.9.

So far the only burr in the saddle has been making sure the clients support SASL/PLAIN -- most do, but Eclipse with Subclipse was a failure.

As long as you're fine with passing credentials in cleartext, then this will work for you. If you need SSL encryption, then you will probably need to add Apache. Trying to get the RedHat-supplied svn and Apache components to work together was a non-starter, and trying to build everything from source on RHEL didn't work either.

Re: SVN and Active Directory

[jb...@icloud.com]

> On Apr 19, 2016, at 12:53 PM, Gronde, Christopher (Contractor) <Ch...@fincen.gov> wrote:
> 
> Has anyone in here successfully integrated SVN with Active Directory for user authentication?  We are currently using FreeIPA and user account management is the bane of my existence.  If anyone has or knows of any documentation for integrating Active Directory with SVN (preferably 1.9 since we are going to upgrade to that version) that would be much appreciated.
>  
> V/r
> Chris Gronde (CTR)
> Navstar, INC.
> Linux Systems Administrator
> Network Monitoring Engineer
> Financial Crimes Enforcement Network (FinCEN)
> Technology Solutions and Services Division (TSSD)
> Tel: 703-905-3578
> Cell: 571-318-7743
> Office: 2041K


I have, just recently in fact. The trick is to use SASL with LDAP. I only use authentication at this point and don't use AD groups for authorization.

I'm using a RHEL7 as my svn server which bundles SVN 1.7. I can't imagine the configuration of the server would be drastically different from 1.7 to 1.9.

So far the only burr in the saddle has been making sure the clients support SASL/PLAIN -- most do, but Eclipse with Subclipse was a failure.

As long as you're fine with passing credentials in cleartext, then this will work for you. If you need SSL encryption, then you will probably need to add Apache. Trying to get the RedHat-supplied svn and Apache components to work together was a non-starter, and trying to build everything from source on RHEL didn't work either.