Configure Apache/SVN/LDAP on Ubuntu

Info

If using SVN in an environment that leverages LDAP for authentication then it may be benficial to integrate SVN authentication with LDAP. This can be accomplished via a few Apache modules. This article will walk you through the basic steps of configuring Apache/SVN/LDAP on Ubuntu.

Install the Pre-requisites pieces

  • Run the following commands in ubuntuapache_ubuntu_svn_ldap

sudo apt-get update

sudo apt-get install apache2

sudo a2enmod ldap

sudo a2enmod authnz_ldap

sudo service apache2 restart

sudo apt-get install subversion

sudo apt-get install libapache2-svn

Configure dav_svn in Apache

  • Edit the /etc/apache2/mods-available/dav_svn.conf file with your favorite editor
  • Copy in the following section

<Location /repos/Repository1>

DAV svn

SVNPath /var/svn/repos/Repository1

SVNListparentPath on

SVNAutoversioning on

AuthType Basic

AuthName “SVN”

AuthBasicProvider ldap

  • Next we are going to add the AuthLDAPURL parameter. This is an LDAP query string which tells Apache where to look for users and what property of the user Apache should use for the username. In this example, I’m pointing to DomainController1 and I’m looking in the Users OU of the Contoso.com domain. I’m also telling it to use the sAMAccountName as the username.

AuthLDAPURL “ldap://DomainController1/OU=Users,DC=Contoso,DC=com?sAMAccountName?sub?(objectClass=*)”

  • This next parameter is optional and tells Apache that in order for users to authenticate they must be part of a specific group. In my example I’m targeting the group named SVN which lives under the Groups OU in the Contoso.com domain.

Require ldap-group CN=SVN,OU=Groups,DC=Contoso,DC=com

  • The last two parameters provide authentication for Apache to connect to LDAP and perform the queries. Without these none of the authentication will work. The first parameter, AuthLDAPBindDN, points Apache to the location of the account to bind to LDAP. The second paramter, AuthLDAPBindPassword, instructs Apache to use this password for the bind account.

AuthLDAPBindDN “CN=LDAP User,Users,DC=Contoso,DC=com”

AuthLDAPBindPassword BindPassword

  • Lastly we close the location tag

</Location>

  • Save and close the file
  • Run one last command to restart Apache

sudo service apache2 restart

  • Now LDAP authentication is configured for the repository you specified in the dav_svn.conf file. You can make multiple location entries into the dav_svn.conf file if you required authentication for multiple repositories.

2 thoughts to “Configure Apache/SVN/LDAP on Ubuntu”

  1. Looks like it’s doesen’t work for me. I’ve done this for my ldap and svn, but when i try to look repo via web, there even no auth dialog!
    ­čÖü

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.