SVN
There are many kinds of management tools, such asSVNAdmin2.0
, ,svnWebUI
and , these two interface UIs are more beautiful, but currentlyLDAP
onlyiF.SVNAdmin
tools are integrated with , this article explains how to useiF.SVNAdmin
toolsLDAP
in an environment.
Preface: Introduction to the Environment
software | Version |
---|---|
CentOS | 7.6 |
SVN | 1.7.14 |
HTTPD | 2.4.6-97 |
PHP | 5.4.16 |
SVNAdmin | 1.6.2 |
1. iF.SVNAdmin
Current environment SVN
The server has been installed, and the path is /data/svn
.
1, iF.SVNAdmin Department
# yum install httpd subversion php php-ldap mod_ldap php-json php-xml php-pdo mod_ssl mod_dav_svn -y
# cd /usr/src && wget https://udomain.dl.sourceforge.net/project/ifsvnadmin/svnadmin-1.6.2.zip --no-check-certificate
# unzip svnadmin-1.6.2.zip
# mv svnadmin-1.6.2 /vaw/www/html/
# chmod -R 777 /var/www/html/svnadmin/data/
# chown -R apache:apache /var/www/html/svnadmin/
# chown -R apache:apache /data/svn/
# systemctl enable httpd
# systemctl start httpd
2, iF.SVNAdmin deployment
1. Web interface initialization configuration
Enter in the browser http://10.10.1.30:8085/svnadmin/
to initialize the configuration. I am currently HTTP
changing the listening port of to 8085.
2. LDAP configuration
3. LDAP user and group permission settings
3.1 Add access path
3.2 Add access project permissions to users or groups
3.3 Cancel the user's access to the project
4. Role division of iF.SVNAdmin
When we enable , remember to set super administrator privileges LDAP
for at least one user to prevent the initial admin account from being unable to log in again when logging out. You can set the permission to log in to the management system for the user. There may be two roles we commonly use, a super administrator and an access path administrator. An access path administrator is a role that grants users access to a project.LDAP
iF.SVNAdmin
LDAP
Two, SVN configuration LDAP authentication
SVN
Scenarios for Apache
proxy access via . HTTP
In this scenario, SVN
the access is passed HTTP
and then Apache
authenticated by , so it is only necessary to Apache
integrate LDAP
the authentication on to realize the authentication SVN
of LDAP
.
1. Apache configuration
# cat /etc/httpd/conf.d/subversion.conf
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_user_module moduels/mod_authz_user.so
<Location /repos>
DAV svn
SVNParentPath /data/svn
#<LimitExcept GET PROPFIND OPTIONS REPORT>
AuthType Basic
AuthName "Subversion repository"
AuthzSVNAccessFile /data/svn/test/conf/authz
AuthBasicProvider ldap
#AuthzLDAPAuthoritative on
AuthLDAPURL "ldap://10.10.1.30:389/dc=qualitysphere,dc=github,dc=io?uid?sub?(objectclass=*)"
AuthLDAPBindDN "cn=admin,dc=qualitysphere,dc=github,dc=io"
AuthLDAPBindPassword "123456"
Require ldap-user
#</LimitExcept>
</Location>
2. Test verification
3. Summary
LDAP
Once synchronized, the original local accounts and groups will be cleared, leaving onlyLDAP
the users or groups in . Even if you directlyauth
add other user access rights in the file and thensvn
access it through the protocol, as long as you synchronize, these configurations will be cleaned up.iF.SVNAdmin
The authority control is not detailed enough. The administrator of the current access path can set the access authority of all projects. Normally, we want to authorize a certain user to manage a certain project, so that it is convenient to authorize the project leader to control the authority of the project.- If your LDAP database has more than 1000 users and groups, but you only receive 1001 entities, you need to update your PHP version to 5.4. Previous PHP versions did not support fetching more than 1001 entities from an LDAP server.
Reference:
https://blog.csdn.net/qq_25854057/article/details/125296480
http://svnadmin.insanefactory.com/documentation/#ldap