β

Subversion Apache and ActiveDirectory

IT辰逸 131 阅读

目前我们使用Subversion来实现版本管理,大部分开发使用的是Windows,故使用AD来对windows进行一个管理,以致使用Apache 的LDAP mod挂Subversion来进行整合认证。

时间有限,粗糙点就粗糙点了。

#你需要有基本的编译组件支持 再安装下openldap,CentOS应该是这样的#
[root@TZJ-YW-SVN-76 svn-httpd]# yum install openldap-devel

Apache

####APR###
[root@TZJ-YW-SVN-76 svn-httpd]# tar zxf apr-1.3.9.tar.gz
[root@TZJ-YW-SVN-76 svn-httpd]# cd apr-1.3.9
[root@TZJ-YW-SVN-76 apr-1.3.9]# ./configure --prefix=/software/sharelib/apr
[root@TZJ-YW-SVN-76 apr-1.3.9]# make && make install

##APR-UTIL##
[root@TZJ-YW-SVN-76 svn-httpd]# tar jxf apr-util-1.3.9.tar.bz2
[root@TZJ-YW-SVN-76 svn-httpd]# cd apr-util-1.3.9
[root@TZJ-YW-SVN-76 apr-util-1.3.9]# ./configure --prefix=/software/sharelib/apr-util --with-apr=/software/sharelib/apr/bin/apr-1-config --with-ldap
[root@TZJ-YW-SVN-76 apr-util-1.3.9]# make && make install

##HTTPD##
[root@TZJ-YW-SVN-76 svn-httpd]# tar zxf httpd-2.2.8.tar.gz
[root@TZJ-YW-SVN-76 svn-httpd]# cd httpd-2.2.8
[root@TZJ-YW-SVN-76 source]# CC="gcc -m64" CXX="g++ m64" ./configure --prefix=/software/apache2 --with-apr=/software/sharelib/apr/bin/apr-1-config --with-apr-util=/software/sharelib/apr-util/bin/apu-1-config --enable-mods-shared="most dav" --disable-status --enable-authnz-ldap --enable-ldap
[root@TZJ-YW-SVN-76 httpd-2.2.8]# make install

##AutoStartService##
[root@TZJ-YW-SVN-76 apache2]# ln -s /software/apache2/bin/apachectl /etc/init.d/httpd
[root@TZJ-YW-SVN-76 apache2]# ln -s /software/apache2/bin/apachectl /etc/rc3.d/S90httpd
[root@TZJ-YW-SVN-76 apache2]# ln -s /software/apache2/bin/apachectl /etc/rc0.d/K90httpd
[root@TZJ-YW-SVN-76 apache2]# ln -s /software/apache2/bin/apachectl /etc/rc6.d/K90httpd

Subversion

[root@TZJ-YW-SVN-76 svn-httpd]# tar zxf subversion-1.8.9.tar.gz
[root@TZJ-YW-SVN-76 svn-httpd]# cd subversion-1.8.9
[root@TZJ-YW-SVN-76 subversion-1.8.9]# unzip ../sqlite-amalgamation-3071501.zip -d ./
[root@TZJ-YW-SVN-76 subversion-1.8.9]# mv sqlite-amalgamation-3071501/ sqlite-amalgamation
[root@TZJ-YW-SVN-76 subversion-1.8.9]# ./configure --prefix=/software/subversion --with-apr=/software/sharelib/apr --with-apr-util=/software/sharelib/apr-util --with-apxs=/software/apache2/bin/apxs
[root@TZJ-YW-SVN-76 subversion-1.8.9]# make && make install 

##这里的cp mod_{authz_svn,dav_svn} 是整合的重要操作哦##
[root@TZJ-YW-SVN-76 subversion-1.8.9]# cp subversion/mod_authz_svn/.libs/mod_authz_svn.so /software/apache2/modules/
[root@TZJ-YW-SVN-76 subversion-1.8.9]# cp subversion/mod_dav_svn/.libs/mod_dav_svn.so /software/apache2/modules/
[root@TZJ-YW-SVN-76 svn_conf]# useradd subversion

你应该注意下包含#的注释行

[root@TZJ-YW-SVN-76 conf]# pwd
/software/apache2/conf
[root@TZJ-YW-SVN-76 conf]# cat httpd.conf
ServerRoot "/software/apache2"

Listen 80

##原load的不变,新增刚刚cp过来的两个so##
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so


<IfModule !mpm_netware_module>
<IfModule !mpm_winnt_module>

##user 随意##
User subversion
Group subversion

</IfModule>
</IfModule>


ServerAdmin you@example.com

ServerName svn.oa.com:80

DocumentRoot "/software/apache2/htdocs"

<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>


<Directory "/software/apache2/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

<IfModule dir_module>
    DirectoryIndex index.html
</IfModule>

<FilesMatch "^\.ht">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>

ErrorLog "logs/error_log"

LogLevel warn

<IfModule log_config_module>
    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
    LogFormat "%h %l %u %t \"%r\" %>s %b" common

    <IfModule logio_module>
      # You need to enable mod_logio.c to use %I and %O
      LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
    </IfModule>

    CustomLog "logs/access_log" common

</IfModule>

<IfModule alias_module>
    ScriptAlias /cgi-bin/ "/software/apache2/cgi-bin/"
</IfModule>

<IfModule cgid_module>
</IfModule>

<Directory "/software/apache2/cgi-bin">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
</Directory>

DefaultType text/plain

<IfModule mime_module>
    TypesConfig conf/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
</IfModule>

# Load config files from the config directory#
Include svn_conf/*.conf

<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>

subversion.conf

[root@TZJ-YW-SVN-76 conf]# cat ../svn_conf/subversion.conf
<Location />
   DAV svn
   SVNParentPath /data/svn_repos
   SVNListParentPath on

      order allow,deny
      allow from all
      Options Indexes
      AuthzLDAPAuthoritative On

      AuthType basic
      AuthName "SVN UserName and Password | By Domain SVN System"
      AuthBasicProvider ldap

      AuthLDAPURL "ldap://domain.com:3268/dc=domain,dc=com?sAMAccountName?sub?(objectCategory=person)"
      AuthLDAPBindDN "svn@domain.com"
      AuthLDAPBindPassword password
      AuthzSVNAccessFile "/software/apache2/svn_conf/svn.authz"

      #Require ldap-group OU=devops,DC=domain,DC=com

      require valid-user
</Location>

验证SVN 认证 AD

[root@TZJ-YW-SVN-76 conf]# cat /software/apache2/logs/access_log
.255.1.168 - - [11/Sep/2015:16:22:00 +0800] "GET / HTTP/1.1" 401 401
.255.1.168 - itchenyi [11/Sep/2015:16:22:05 +0800] "GET / HTTP/1.1" 200 132
» 转载保留版权: IT辰逸 » 《Subversion Apache and ActiveDirectory》
» 本文链接地址: http://www.ipython.me/centos/subversion-apache-and-activedirectory.html
» 本文版权采取: BY-NC-SA 协议进行授权,转载注明出处。除IT-Tools、News以及特别标注,本站所有文章均为原创。
» 如果喜欢可以: 点此订阅本站
作者:IT辰逸
热爱IT技术与互联网
原文地址:Subversion Apache and ActiveDirectory, 感谢原作者分享。