You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Jan Keirse <ja...@tvh.be> on 2011/09/06 17:23:24 UTC

Betr.: Setting up Jenkins and Subversion for multiple LDAP domains.

 David Weintraub <qa...@gmail.com> schreef op 06/09/2011 17:12:41:

> This is really part of the same question, but it involves both our
> Subversion repository and Jenkins.
> 
> We want to use our Windows Active Directory to log into Jenkins and as
> our permissioning scheme in Subversion. Subversion uses Apache httpd.
> 
> First in Subversion: We have the following setup for the "mfxdomain":
> 
> <Location /src>
>         DAV svn
>         SVNParentPath /opt/cm/svn_repos
>         AuthType basic
>         AuthName "MFX Repository"
>         AuthBasicProvider ldap
>         AuthzLDAPAuthoritative off
>         AuthLDAPURL
> "ldap://mfxdomain.mycompany.com:3268/dc=mycompany,dc=com?sAMAccountName"
> NONE
>         AuthLDAPBindDN "CN=svnuser,OU=Users,DC=mycompany,DC=com"
>         AuthLDAPBindPassword "swordfish"
>         Require valid-user
> </Location>
> 
> This works great. Anyone in the mfxdomain is able to log in. However,
> many of our users are actually in the effdomain, so we need to verify
> a user is either in one of the two domains. How do I set this up? Do I
> need a new <location>, or do I double the AuthLDAP lines?
> 
> In Jenkins, we use the active directory plugin to verify our logins.
> Is it possible to specify two Active Directory domains?
> 

>From my apache httpd.conf:
...
LoadModule authn_alias_module modules/mod_authn_alias.so
...
 <AuthnProviderAlias ldap olddomain>
  AuthLDAPURL "..." NONE
  AuthLDAPBindDN "..."
  AuthLDAPBindPassword "..."
</AuthnProviderAlias>

<AuthnProviderAlias ldap newdomain>
  AuthLDAPURL "..." NONE
  AuthLDAPBindDN "..."
  AuthLDAPBindPassword "..."
</AuthnProviderAlias>

<Location /svn>
  DAV svn
  SVNParentPath C:/Repositories
  AuthType Basic
  AuthName "My Subversion server"
  AuthBasicProvider newdomain olddomain
  AuthzLDAPAuthoritative off 
  AuthzSVNAccessFile c:/repositories/authz
  AuthzForceUsernameCase lower
  SVNIndexXSLT /svn.xsl
  require valid-user
</Location>


> And in both, how do I know if someone is in one domain or the other?
> Do they need to prefix their login with the domain?

I have no idea about that.

Kind Regards,

JAN KEIRSE
ICT-DEPARTMENT
Software quality & Systems: Software Engineer

**** DISCLAIMER ****

http://www.tvh.com/newen2/emaildisclaimer/default.html 

"This message is delivered to all addressees subject to the conditions
set forth in the attached disclaimer, which is an integral part of this
message."