Wednesday, September 12, 2007

Subversion on windows with AD authentication

Today i have finished testing Subversion to authenticate with Active Directory.

I've tested this for a few days now and it seems to work just fine!

Well, lets look at it!!!!

First i installed Apache on my server (version 2.0.58)

Then installation of Subversion 1.4.5 on windows

Now we have to configure subversion to run as a service in windows. The following will do that for you:
D:\SVNrepos>sc create svnserve binpath= "\"C:\Program Files\Subversion\bin\svnserve.exe\" --service -r D:\SVNrepos" isplayname= "Subversion Server" depend= Tcpip start= auto

This will create a service named Subversion Server that points to the folder D:\SVNRepos, where my repositorys will be created.

Now we have to enable som modules in apache for this to work:
You have to add these rows to the conf-file for apache, the modules for subversion may allredy be there.

LoadModule dav_svn_module "C:/Program Files/Subversion/bin/mod_dav_svn.so"
LoadModule authz_svn_module "C:/Program Files/Subversion/bin/mod_authz_svn.so"
LoadModule ldap_module modules/util_ldap.so
LoadModule auth_ldap_module modules/mod_auth_ldap.so


Then you add the follwing at the bottom of the apache conf-file.
Be sure to edit the different paths, so it accurate with you're environment



explenation:
SVNPath D:/SVNrepos/test
this is the path to your repository

AuthLDAPBindDN "CN=apache_bind,OU=IT,OU=GTB,OU=SE,DC=sweden,DC=europe,DC=com"
this is the DN to a user that needs to bind with AD. DO NOT use a user with admin rights since the password is in the conf-file in clear text

AuthLDAPBindPassword !password1
The password for user apache_bind

Require group CN=SVN_Test,OU=Groups,OU=SE,DC=sweden,DC=europe,DC=com
This is the group that has access to this repository. Add you're users in this group if they need access.


If you have other repositorys, you just copy everything and change a few things:




Now you can connect to the repository thru a webbrowser http://servername/subversion/test
Authenticate with your AD-login and password

If you use a client to checkout files, use this url and then login

Now I just have to implement this in our live environment.


Hope it helps someone
Good Luck!!!
Posted by at
Labels:

1 comment:

Anonymous said...

Great instruction devils76.
Now we run this configuration to.......:-)

September 20, 2007 at 9:20 AM

Post a Comment

Subscribe to: Post Comments (Atom)

Counter

Web Counters