LDAP Authentification - Githubissues

elleFlorio / svn-docker

Lightweight Docker image to build a container running an SVN server

MIT License

145 stars 106 forks source link

LDAP Authentification #37

Closed Rincewind34 closed 7 months ago

Rincewind34 commented 2 years ago

The svn admin interface packaged does support (with a little fixing -- see issues in their repository) LDAP; including groups and access to repository paths, so all in all pretty powerful.

In order for the svn checkout to work through the apache server created here, you'd need to update the configuration. We did that in our configuration (not possible to create a pull request though) but feel free to contact me incase you have any troubles. It was a very straight forward fix with a little bit of googling.

elleFlorio commented 2 years ago

Thank you @Rincewind34 , I'll have a look as soon as possible! 😉

JgdKdoFhr commented 2 years ago

@Rincewind34 can you please provide this "little fixing" you mentioned in

The svn admin interface packaged does support (with a little fixing -- see issues in their repository) LDAP; including groups and access to repository paths, so all in all pretty powerful

I am struggeling for quite some time now, getting this to work. I'm planning on authenticate users via group membership in ldap. Do I need to change the webdav AuthType from basic base to ldap? `/etc/subversion # cat /etc/apache2/conf.d/dav_svn.conf LoadModule dav_svn_module /usr/lib/apache2/mod_dav_svn.so LoadModule authz_svn_module /usr/lib/apache2/mod_authz_svn.so

<Location /svn> DAV svn SVNParentPath /home/svn SVNListParentPath On AuthType Basic AuthName "Subversion Repository" AuthUserFile /etc/subversion/passwd AuthzSVNAccessFile /etc/subversion/subversion-access-control Require valid-user`

koen-serneels commented 1 year ago

Here is how I did it, just authentication no authorization, directly in the container.

Get in:

docker exec -ti svn-server sh

Install apache ldap mod:

apk update
apk add apache2-ldap

Activate ldap module, in /etc/apache2/httpd.conf add:

LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so

Then in /etc/apache2/conf.d/dav_svn.conf:

LoadModule dav_svn_module /usr/lib/apache2/mod_dav_svn.so
LoadModule authz_svn_module /usr/lib/apache2/mod_authz_svn.so

<Location /svn>
  DAV svn
  SVNParentPath /home/svn
  SVNListParentPath On
  SVNPathAuthz off
  AuthType Basic
  AuthBasicProvider ldap
  AuthName "SVN login"
  AuthLDAPURL "ldap://ldap-server:389/ou=a,dc=b?sAMAccountName?sub?(objectClass=user)"
  AuthLDAPBindDN bindUser
  AuthLDAPBindPassword binderUserPwd
  Require valid-user
  </Location>

Of course, the ldap url needs to be adjusted to your situation (ou's, dc's, levels, the actual attribute for the user etc). Hope this helps

elleFlorio commented 7 months ago

I am sorry but I could not give this repo the love it deserves. 😞 So I decided to archive it and make it read only, so people can fork and apply their changes.

Thank you for taking the time to rise an issue! ❤️