You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by ar...@betasystems.com on 2004/10/15 15:27:40 UTC

svn+ssh and LDAP howto




Hi,

I'd asked the following questionone or two times on this list, perhaps some
of developers could give a short answer to it.
(or shall I ask such a question on the developer mailing list?)

is it possible to authenticate users with svn+ssh over LDAP ?

I think about making the ssh service available with pam module to ldap
users!

or do I'm dreaming? :-)


No?
Yes?

would apperciate yor help very much.

Thanx in advance
Arash


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: svn+ssh and LDAP howto, Problem

Posted by ar...@betasystems.com.



David,

thank you for your advice.

I have successfuly setup the svn+ssh with ldap authentication (over PAM).

The LDAP users but need at least a .bashrc file with the PATH to svn*
binaries with umask 002 set in their /home directory on SVN- Server,
although, all of the users have the PATH set to the svn* binaries
(specified in /etc/profile/).

That means my users don't have an account on the server, but must have the
.bashrc file on the Server.

So the workaround was to create a /home/<ssh user name> directory on the
Server for each user and put a .bashrc file into it and write:

export="/path/to/svn* binaries/:$PATH"

If I don't create the .bashrc file, an try to checkout with TortoiseSVN the
error is:

### Unable to write to standard output

### Error * Connection closed unexpectedly

and with the commandline client I get:

bash: line 1: svnserve: command not found
subversion/libsvn_ra_svn/marshal.c:251: (apr_err=210002)
svn: Connection closed unexpectedly

but the svnserve is lying in the PATH !


it sounds some how crazzy for me.

--> did You or somebody else encountered this porblem?
--> is this a feature or a bug, or am I missing something?

Best Regards
Arash




                                                                           
             David Ripton                                                  
             <dripton@ripton.n                                             
             et>                                                        To 
                                       users@subversion.tigris.org         
             16.10.2004 02:53                                           cc 
                                                                           
                                                                   Subject 
                                       Re: svn+ssh and LDAP howto          
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           




On 2004.10.15 17:27:40 +0000, ark-d@betasystems.com wrote:
> is it possible to authenticate users with svn+ssh over LDAP ?
>
> I think about making the ssh service available with pam module to ldap
> users!

First you have to setup an LDAP server and get your users and passwords
configured in it.  OpenLDAP works fine.  See its docs.

Then you need to configure your OS to allow logins via LDAP.  That's
quite easy with modern Linux distributions that come with PAM already
setup to support LDAP logins -- you probably just have to change a
few lines in /etc/ldap.conf

Once you have LDAP logins working, and svn+ssh working, then you should
find that the LDAP users can use svn+ssh just like the local /etc/passwd
users, with no extra integration necessary.  That's the whole point of
PAM (and the similar schemes in other modern OS).

--
David Ripton    dripton@ripton.net

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: svn+ssh and LDAP howto

Posted by David Ripton <dr...@ripton.net>.
On 2004.10.15 17:27:40 +0000, ark-d@betasystems.com wrote:
> is it possible to authenticate users with svn+ssh over LDAP ?
> 
> I think about making the ssh service available with pam module to ldap
> users!

First you have to setup an LDAP server and get your users and passwords
configured in it.  OpenLDAP works fine.  See its docs.

Then you need to configure your OS to allow logins via LDAP.  That's
quite easy with modern Linux distributions that come with PAM already 
setup to support LDAP logins -- you probably just have to change a
few lines in /etc/ldap.conf 

Once you have LDAP logins working, and svn+ssh working, then you should
find that the LDAP users can use svn+ssh just like the local /etc/passwd 
users, with no extra integration necessary.  That's the whole point of
PAM (and the similar schemes in other modern OS).

-- 
David Ripton    dripton@ripton.net

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org