Showing posts from November, 2017

Subversion + HTTP with AD authentication, local authorization, on RHEL7

I wanted our users to be able to user their AD credentials for SVN access. I first thought about putting everything in AD, including two groups for each repo (one read, one write), but I ended up only using AD for authentication, leaving the permissions to a local file since there is only one SVN server.

That is how the apache conf file looks like:

<VirtualHost *:443>
  ServerName servername.domain

  ## Vhost docroot
  DocumentRoot "/var/www/html"

  ## Directories, there should at least be a declaration for /var/www/html

  <Location "/repos">
    Require valid-user
    Require ldap-user
    Dav svn
    AuthType Basic
    AuthName "Use your Windows Credentials"
    AuthBasicProvider file ldap
    AuthUserFile /etc/httpd/conf/auth-conf-svn
    AuthLDAPURL "ldap://DC1/dc=example,dc=domain?sAMAccountName?sub?(objectClass=*)"
    AuthLDAPBindDN "user@domain"
    AuthLDAPBindPassword "password"
    SVNParentPath /var/www/svn