Once you have Subversion and Apahce installed, you’ll need to configure Apache to work with Subversion. However, the first step is to ensure Apache will start on its own with no configuration changes.
- Open your Services management console
- Locate the Apache service (Apache2.2 for example)
- Start the service. If there is a problem, you will get a warning or error message.
Before we start, you’ll need to make sure you have all required software installed. You will need Subversion 1.5 or greater and Apache installed. I recommend downloading the Collabnet Subversion Client and Server package for windows.
Svn authorization via ldap/ad
have a problem here.
I have a domain (AD), i need to login SVN users via AD.
Svn works with file auth. just fine. If i try to login with any domain user it rejects and apache logs shows “Password mismatch”.
httpd-vhosts.conf <VirtualHost *:80> ServerAdmin email@example.com DocumentRoot "/usr/local/www/svn" ServerName svn ServerAlias svn.domain.ru ErrorLog "/var/log/svn.error.log" CustomLog "/var/log/svn.access.log" common <Location /> DAV svn SVNParentPath /usr/local/www/svn SVNListParentPath on AuthType Basic AuthName "SVN Server" AuthBasicProvider ldap AuthLDAPURL "ldap://10.20.3.30:389/DC=domain,DC=ru?sAMAccountName?sub?(objectClass=*)" NONE AuthLDAPBindDN "CN=svnr,OU=SVN,DC=domain,DC=ru" AuthLDAPBindPassword 123 Require valid-user </Location> </VirtualHost>
If i try to use ldapsearch i get this:
ldapsearch -h 10.20.3.30 -D "CN=svnr,OU=SVN,DC=domain,DC=ru" -b "dc=domain,dc=ru" -x -W Enter LDAP Password: ldap_bind: Invalid credentials (49) additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
Debug of ldapsearch -d5
Thanks for help!
Ok i made it, i changed AuthLDAPBindDN from
firstname.lastname@example.org and it works, i have no idea why previous configuration not working, if you explain me i will be grateful.
Svnserve on windows with active directory authentication
Be aware that file:// access is not recommended for SVN repositories, its more for admin tools. The problem with the file access is that you have no server in the middle to make sure all writes are written correctly. So stop using it ASAP.
Svnserve (or Apache) is much better but you will have the same performance issues – its not going to get better because your network uses http or svn protocols instead of smb. If your access is slow today, it’ll still be slow unless you do something about your network or filesystem (or whatever else is making it slow).
However, migrating to Apache or Svnserve is worth doing in itself.
There is an issue with svnserve and the sasl libraries, as mentioned on the svn mailing list recently. The problem is that svn protocol doesn’t allow plain text but plain text auth only is allowed by the saslauthd. End result – it just doesn’t work, and is a known issue.
Its not all bad though, if you’re running on Windows, just install VisualSVN Server. Its a top piece of packaging, and provides you with an Apache install, running as a windows service complete with snap-in management, and active directory authentication with just one click of a radio button during installation. You can even put acls on directories or files in the repo.
If not, I’d still recommend Apache as the configuration for it is better documented, and it does support LDAP auth (which works with AD). There’s plenty of blog posts describing how to do this.
Performance of http instead of svn will be slower, but I doubt you’ll notice it unless you install both side-by-side and checkout/commit a large directory. Try it – you can serve an Apache-served repo with Svnserve at the same time. (though I’d verify that claim before putting it into practice).