svn-docker icon indicating copy to clipboard operation
svn-docker copied to clipboard

Published 20 hours ago verified publisher icon elleFlorio

LDAP Authentification

Open Rincewind34 opened this issue 3 years ago • 3 comments

The svn admin interface packaged does support (with a little fixing -- see issues in their repository) LDAP; including groups and access to repository paths, so all in all pretty powerful.

In order for the svn checkout to work through the apache server created here, you'd need to update the configuration. We did that in our configuration (not possible to create a pull request though) but feel free to contact me incase you have any troubles. It was a very straight forward fix with a little bit of googling.

Rincewind34 avatar Feb 11 '22 11:02 Rincewind34

Thank you @Rincewind34 , I'll have a look as soon as possible! 😉

elleFlorio avatar May 19 '22 20:05 elleFlorio

@Rincewind34 can you please provide this "little fixing" you mentioned in

The svn admin interface packaged does support (with a little fixing -- see issues in their repository) LDAP; including groups and access to repository paths, so all in all pretty powerful

I am struggeling for quite some time now, getting this to work. I'm planning on authenticate users via group membership in ldap. Do I need to change the webdav AuthType from basic base to ldap? `/etc/subversion # cat /etc/apache2/conf.d/dav_svn.conf LoadModule dav_svn_module /usr/lib/apache2/mod_dav_svn.so LoadModule authz_svn_module /usr/lib/apache2/mod_authz_svn.so

<Location /svn> DAV svn SVNParentPath /home/svn SVNListParentPath On AuthType Basic AuthName "Subversion Repository" AuthUserFile /etc/subversion/passwd AuthzSVNAccessFile /etc/subversion/subversion-access-control Require valid-user`

JgdKdoFhr avatar Jun 14 '22 06:06 JgdKdoFhr

Here is how I did it, just authentication no authorization, directly in the container.

Get in:

docker exec -ti svn-server sh

Install apache ldap mod:

apk update
apk add apache2-ldap

Activate ldap module, in /etc/apache2/httpd.conf add:

LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

Then in /etc/apache2/conf.d/dav_svn.conf:

LoadModule dav_svn_module /usr/lib/apache2/mod_dav_svn.so
LoadModule authz_svn_module /usr/lib/apache2/mod_authz_svn.so

<Location /svn>
  DAV svn
  SVNParentPath /home/svn
  SVNListParentPath On
  SVNPathAuthz off
  AuthType Basic
  AuthBasicProvider ldap
  AuthName "SVN login"
  AuthLDAPURL "ldap://ldap-server:389/ou=a,dc=b?sAMAccountName?sub?(objectClass=user)"
  AuthLDAPBindDN bindUser
  AuthLDAPBindPassword binderUserPwd
  Require valid-user
  </Location>

Of course, the ldap url needs to be adjusted to your situation (ou's, dc's, levels, the actual attribute for the user etc). Hope this helps

koen-serneels avatar Aug 16 '22 16:08 koen-serneels

I am sorry but I could not give this repo the love it deserves. 😞 So I decided to archive it and make it read only, so people can fork and apply their changes.

Thank you for taking the time to rise an issue! ❤️

elleFlorio avatar Dec 04 '23 21:12 elleFlorio