Sunday, January 20, 2013

Configuring LDAP authentication into SVN on AIX

On last week, I have successfully configure Windows Active Directory authentication in our's new SVN server for the whole group of people. I'm feeling so great that I manage to configure this on a UNIX machine, AIX 7.1. Two components required on this setup, subversion, and Apache server. To ensure the correct version has to be install for AIX, I download all dependencies from this site. The installation was handle by rpm, every dependencies are install into /opt/freeware directory, basically not much worry on this, just use the default installation settings.

To configure the Subversion to have HTTP access will require Apache server to do this job for me. Once the Apache server has been installed, additional configuration need to be done on this file, httpd-subversion.conf located at /opt/freeware/etc/httpd/conf/extra. The same file can be used for Active Directory/LDAP authentication configuration, it is just right inside the same < Location > section. 
       DAV svn
       SVNParentPath /u01/svn
       SVNListParentPath off
       AuthType Basic
       AuthName "Huahsin Source Code Repository"
       AuthBasicProvider file ldap
       AuthBasicAuthoritative off
       AuthUserFile /opt/freeware/etc/httpd/conf/svn_auth_file
       AuthzLDAPAuthoritative off
       AuthLDAPURL "ldap://,dc=java?sAMAccountName?sub"
       AuthLDAPBindDN "CN=TestUser,OU=javagroup,DC=intralab,DC=java"
       AuthLDAPBindPassword Test123
       require valid-user
Assuming I'm connecting to an Active Directory server having this IP and port,, and the JAVA developer locate in the domain java.intranet will be granted access into the SVN. Thus the configuration will look like this.
Extra note on AuthLDAPBindDN and AuthLDAPBindPassword, this is the user account that dedicate for the SVN to get pass into Active Directory server authentication, without this the rest of the authentication will not get pass. AuthBasicProvider file ldap giving an option that first will look for the authentication inside /opt/freeware/etc/httpd/conf/svn_auth_file, if the user wasn't there, look into the Active Directory/LDAP server.

No comments: