SubVersion 通过HTTP协议访问代码库,可以通过设置Apache的认证方式来设置访问权限。
这里记载一下相关的配置,特别是mod_authnz_ldap模块的配置,Apache2.0的认证模块为mod_auth_ldap,Apache2.2已经改变为mod_authnz_ldap,配置也有不同:
(1) OpenLDAP的编译安装,版本2.3.32
# cd openldap-2.3.32
# ./configure --prefix=/usr/local/openldap --enable-bdb=no
# make depend
# make
# make install
(2) Apache2.2.4的编译安装,版本2.2.4
需要先编译安装 apr-1.2.8 和 apr-util-1.2.8
# cd apr-1.2.8
# ./configure --prefix=/usr/local/apr
# make
# make install
# cd apr-util-1.2.8
# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr --with-ldap --with-ldap-include=/usr/local/openldap/include --with-ldap-lib=/usr/local/openldap/lib
# make
# make install
编译安装好后,开始编译安装Apache2.2.4
# cd httpd-2.2.4
# ./configure --prefix=/usr/local/apache2 --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-so --enable-ldap -- enable-authnz-ldap --enable-dav
# make
# make install
(3) 配置httpd.conf
增加SubVersion的虚拟主机,在httpd.conf里取消下面行的注释:
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
编辑conf/extra/httpd-vhosts.conf文件
<
VirtualHost
*
:
80
>
ServerAdmin [email protected]
DocumentRoot
/
home
/
svn
ServerName svn.gehouse.cn
ErrorLog logs
/
svn.gehouse.cn
-
error_log
LogLevel warn
CustomLog logs
/
svn.gehouse.cn
-
access_log common
<
Location
"
/
"
>
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative off
AuthName
"
TianXing Tech IT Server
"
AuthLDAPURL
"
ldap://ldap.gehouse.cn/ou=people,dc=gehouse,dc=cn?cn?sub?(objectClass=*)
"
NONE
Require valid
-
user
</
Location
>
<
Location
"
/sandbox
"
>
DAV svn
# SVNListParentPath on
# SVNParentPath
/
home
/
svn
/
sandbox
SVNPath
/
home
/
svn
/
sandbox
# SVNIndexXSLT
/
xslt
/
svnindex.xsl
</
Location
>
<
Location
"
/projects
"
>
DAV svn
SVNListParentPath on
SVNParentPath
/
home
/
svn
/
projects
<
LimitExcept GET PROPFIND OPTIONS REPORT
>
require ldap
-
group ou
=
dev,dc
=
gehouse,dc
=
cn
</
LimitExcept
>
</
Location
>
</
VirtualHost
>