SubVersion + Apache2.2.4 + OpenLDAP2.3.32 实现权限认证

SubVersion 通过HTTP协议访问代码库,可以通过设置Apache的认证方式来设置访问权限。

这里记载一下相关的配置,特别是mod_authnz_ldap模块的配置,Apache2.0的认证模块为mod_auth_ldap,Apache2.2已经改变为mod_authnz_ldap,配置也有不同:

(1) OpenLDAP的编译安装,版本2.3.32

# cd openldap-2.3.32
# ./configure --prefix=/usr/local/openldap --enable-bdb=no
# make depend
# make
# make install

(2) Apache2.2.4的编译安装,版本2.2.4

需要先编译安装 apr-1.2.8 和 apr-util-1.2.8

# cd apr-1.2.8
# ./configure --prefix=/usr/local/apr
# make
# make install

# cd apr-util-1.2.8
# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr --with-ldap --with-ldap-include=/usr/local/openldap/include --with-ldap-lib=/usr/local/openldap/lib
# make
# make install

编译安装好后,开始编译安装Apache2.2.4

# cd httpd-2.2.4
# ./configure --prefix=/usr/local/apache2 --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-so --enable-ldap -- enable-authnz-ldap --enable-dav
# make
# make install

(3) 配置httpd.conf

增加SubVersion的虚拟主机,在httpd.conf里取消下面行的注释:

# Virtual hosts
Include conf/extra/httpd-vhosts.conf

编辑conf/extra/httpd-vhosts.conf文件
< VirtualHost  * : 80 >
    ServerAdmin [email protected]
    DocumentRoot 
/ home / svn 
    ServerName svn.gehouse.cn
    ErrorLog logs
/ svn.gehouse.cn - error_log
    LogLevel warn
    CustomLog logs
/ svn.gehouse.cn - access_log common
    
< Location  " / " >  
       AuthBasicProvider ldap
       AuthType Basic
       AuthzLDAPAuthoritative off
       AuthName 
" TianXing Tech IT Server "
       AuthLDAPURL 
" ldap://ldap.gehouse.cn/ou=people,dc=gehouse,dc=cn?cn?sub?(objectClass=*) "  NONE
       Require valid
- user
    
</ Location >
    
< Location  " /sandbox " >
       DAV svn
#       SVNListParentPath on
#       SVNParentPath 
/ home / svn / sandbox
       SVNPath 
/ home / svn / sandbox
#       SVNIndexXSLT 
/ xslt / svnindex.xsl
    
</ Location >
    
< Location  " /projects " >
       DAV svn
       SVNListParentPath on
       SVNParentPath 
/ home / svn / projects
       
< LimitExcept GET PROPFIND OPTIONS REPORT >
          require ldap
- group ou = dev,dc = gehouse,dc = cn
       
</ LimitExcept >
    
</ Location >
</ VirtualHost >

你可能感兴趣的:(subversion)