Subversion Via Apache
Basic Auth
Assuming you have apache set up, and you have subversion installed, go get the svn-apache library
aptitude install libapache2-svn
now you should see 3 new mods starting with dav enabled, and one dav_svn.conf file
ls -l /etc/apache2/mods-enabled/
make sure your servername is set correctly
grep -i servername /etc/apache2/apache2.conf
now edit /etc/apache2/mods-enabled/dav_svn.conf, here is mine for reference
# Dav_svn.conf - Example Subversion/Apache configuration
#
# For details and further options see the Apache user manual and
# the Subversion book.
# <Location URL> ... </Location>
# URL controls how the repository appears to the outside world.
# In this example clients access the repository as http://hostname/svn/
<Location /svn>
# Uncomment this to enable the repository,
DAV svn
# Set this to the path to your repository
SVNPath /home/data/svn-repo/
# The following allows for basic http authentication. Basic authentication
# should not be considered secure for any particularly rigorous definition of
# secure.
# Uncomment the following 3 lines to enable Basic Authentication
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /etc/apache2/digest/dav_svn.passwd
# Uncomment the following line to enable Authz Authentication
# AuthzSVNAccessFile /etc/apache2/dav_svn.authz
# The following three lines allow anonymous read, but make
# committers authenticate themselves.
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>
Now create the hashed password for basic authentication, anyone can read, but this authentication is only for submitting
htpasswd2 -c /etc/apache2/digest/dav_svn.passwd ericp
now restart apache
sudo /usr/sbin/apache2ctl graceful
LDAP Auth
Goal, make the directory /svn/ require a user name and password, using a central ldap server. Just like before, you need to have apache set up, go get the svn-apache library
aptitude install libapache2-svn
now you should see 3 new mods starting with dav enabled, and one dav_svn.conf file
ls -l /etc/apache2/mods-enabled/
ok first make sure you have the mods, auth_ldap, I'm using Debian so it is installed with apache2-common deb.
ls -l /etc/apache2/mods-available/auth_ldap.load
Now make sure its linked in, again with debain this just requires a soft link, other distros will need to make conf changes to their http.conf
ln -s /etc/apache2/mods-available/auth_ldap.load /etc/apache2/mods-enabled/auth_ldap.load
Now we need to change the directory settings. With Debian these setting are in /etc/apache2/mod-enabled/dav_svn.conf. Check out Apache LDAP Authentication for details. The usernames and passwords are stored in LDAP. See Installing Open LDAP to get that set up.
# dav_svn.conf - Example Subversion/Apache configuration
#
# For details and further options see the Apache user manual and
# the Subversion book.
# <Location URL> ... </Location>
# URL controls how the repository appears to the outside world.
# In this example clients access the repository as http://hostname/svn/
<Location /svn>
# Uncomment this to enable the repository,
DAV svn
# Set this to the path to your repository
SVNPath /home/data/svn-repo/
# The following allows for basic http authentication. Basic authentication
# should not be considered secure for any particularly rigorous definition of
# secure.
# Uncomment the following 3 lines to enable Basic Authentication
#AuthType Basic
#AuthName "Subversion Repository"
#AuthUserFile /etc/apache2/digest/dav_svn.passwd
# Comment the following 3 liens to disable LDAP Authentication
AuthType Basic
AuthName "Subversion Repository"
AuthLDAPURL ldap://localhost/ou=people,dc=example,dc=org
# Uncomment the following line to enable Authz Authentication
# AuthzSVNAccessFile /etc/apache2/dav_svn.authz
# The following three lines allow anonymous read, but make
# committers authenticate themselves.
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>
Now restart
sudo /usr/sbin/apache2ctl graceful
all done test it out! http://localhost/svn/
