Thursday, October 29, 2009

Installing subversion Server with LDAP on Ubuntu 9.04

A very popular version control is Subversion. However, many times subversion requires integration with other systems and protocols. First, Subversion can take advantage of apache to allow remote access and Second we need some kind of authentication and authorization. The following process will help you to put all this together ina very quick and easy way.

I assume you have a LDAP server already set up.
Install Apache, and Subvervion:

# apt-get install apache2 subversion libapache2-svn subversion-tools

Edit dav_svn.conf

#vi /etc/apache2/mods-available/dav_svn.conf

The file should have nothing enabled, so we need to add our configuration  
The following configuration uses LDAP authetication and SVN authorization.
On LDAP, users on svngroup GROUP will have access to the repository.

        DAV svn
        SVNParentPath /svn
        AuthzSVNAccessFile /svn/aclfile
        AuthName "Subversion Repos"
        AuthType Basic
        AuthBasicProvider ldap
        AuthzLDAPAuthoritative   on
        AuthLDAPURL ldap://ldap:389/ou=People,dc=example,dc=com?uid
        AuthLDAPGroupAttribute memberUid
        AuthLDAPGroupAttributeIsDN off
        Require ldap-group cn=svngroup,ou=Groups,dc=example,dc=com

Enabling module for LDAP authentication 

#a2enmod authnz_ldap


#/etc/init.d/apache2 start

Create the aclfile on /svn to set up the authorization for Repositories.

sysadmin = user


Create the test repo.

#cd /svn
#svnadmin create test

Then you can test access to your SVN with your browser.



Get the latest package from website.

# apt-get install websvn

Follow the configuration screen and done

Then edit the following file.

#vi /etc/websvn/

Comment $config->addRepository("repos 1", "file:///svn");

and Save

Now you can access your repos on http://svn-server/websvn/
However we should put some security.

Go and Edit /etc/websvn/apache.conf and add the Authetication with LDAP.

   AuthName "WEBSVN "
   AuthType Basic
   AuthBasicProvider ldap
   AuthzLDAPAuthoritative   on
   AuthLDAPURL ldap://ldap:389/ou=People,dc=example,dc=com?uid
   # Require valid-user
   AuthLDAPGroupAttribute memberUid
   AuthLDAPGroupAttributeIsDN off
   Require ldap-group cn=svndev,ou=Groups,dc=example,dc=com

save and Restart Apache.

No comments:

Post a Comment