Using LDAP to authenticate users

[Reagan Penner <Re...@pmc-sierra.com>]

Hi all,

I am new to the Subversion and apache space. With that said I have managed to get subversion and apache built and installed on my linux (rhel 3.0) desktop.

I have setup Location directive in httpd.conf and have apache running. I created a repository and imported some source. I am able to checkout this repository via the httpd interface.

So now what I would like to do is add in some authentication and authorization. We would like to use LDAP to authenticate out users. The problem is that I can't seem to find any good source of documentation on the Tigris site that would walk me through configuring the system with LDAP. I see that the svn book walks through basic httpd authentication but not LDAP/active directory.

Is the subersion community leaving this as an apache task or is there a good howto that someone could point me to?

Thanks in advance - reagan

Reagan Penner
Software & Solutions Group
PMC-Sierra, Inc.
The Concourse Building #227 - 116 Research Drive
Saskatoon, Sk. Canada S7N3R3
Tel  +1-306-651-4910
Fax + 1-306-651-4749

Re: Using LDAP to authenticate users

[Frank Gruman <fg...@verizon.net>]

Frank Gruman wrote:
> Reagan Penner wrote:
> <snip>
>>
>> The problem is that I can't seem to find any good source of 
>> documentation on the Tigris site that would walk me through 
>> configuring the system with LDAP. I see that the svn book walks 
>> through basic httpd authentication but not LDAP/active directory.
>>
>> Is the subersion community leaving this as an apache task or is there 
>> a good howto that someone could point me to?
>>
> </snip>
>
> This is primarily an Apache task.  That is one of the major advantages 
> of being able to host your repository through Apache - you can use any 
> of Apache's authentication/authorization modules.  You can google for 
> a lot of them.  There are two separate modules out there - one is a 
> third-party module and the other is integrated into Apache.  Make sure 
> you use the integrated one.  I am not sure the other is still maintained.
>
> When you set this up, try to use your AD Global Catalog (port 3268) 
> rather than the standard LDAP port of 389.  There is a bug floating 
> out there (http://issues.apache.org/bugzilla/show_bug.cgi?id=26538) 
> that still shows as not resolved when connecting through the standard 
> LDAP method.
>
> Regards,
> Frank
I stand corrected on my previous post.  It looks like Apache MAY have 
resolved the alias referencing issue I noted above.  Check out 
http://httpd.apache.org/docs/2.2/mod/mod_authnz_ldap.html.

Regards,
Frank

Re: Using LDAP to authenticate users

[Frank Gruman <fg...@verizon.net>]

Reagan Penner wrote:
<snip>
>
> The problem is that I can't seem to find any good source of 
> documentation on the Tigris site that would walk me through 
> configuring the system with LDAP. I see that the svn book walks 
> through basic httpd authentication but not LDAP/active directory.
>
> Is the subersion community leaving this as an apache task or is there 
> a good howto that someone could point me to?
>
</snip>

This is primarily an Apache task.  That is one of the major advantages 
of being able to host your repository through Apache - you can use any 
of Apache's authentication/authorization modules.  You can google for a 
lot of them.  There are two separate modules out there - one is a 
third-party module and the other is integrated into Apache.  Make sure 
you use the integrated one.  I am not sure the other is still maintained.

When you set this up, try to use your AD Global Catalog (port 3268) 
rather than the standard LDAP port of 389.  There is a bug floating out 
there (http://issues.apache.org/bugzilla/show_bug.cgi?id=26538) that 
still shows as not resolved when connecting through the standard LDAP 
method.

Regards,
Frank