SubVersion + Apache2.2.4 + OpenLDAP2.3.32 实现权限认证
这里记载一下相关的配置,特别是mod_authnz_ldap模块的配置,Apache2.0的认证模块为mod_auth_ldap,Apache2.2已经改变为mod_authnz_ldap,配置也有不同:
(1) OpenLDAP的编译安装,版本2.3.32
# cd openldap-2.3.32
# ./configure --prefix=/usr/local/openldap --enable-bdb=no
# make depend
# make
# make install
(2) Apache2.2.4的编译安装,版本2.2.4
需要先编译安装 apr-1.2.8 和 apr-util-1.2.8
# cd apr-1.2.8
# ./configure --prefix=/usr/local/apr
# make
# make install
# cd apr-util-1.2.8
# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr --with-ldap --with-ldap-include=/usr/local/openldap/include --with-ldap-lib=/usr/local/openldap/lib
# make
# make install
编译安装好后,开始编译安装Apache2.2.4
# cd httpd-2.2.4
# ./configure --prefix=/usr/local/apache2 --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-so --enable-ldap -- enable-authnz-ldap --enable-dav
# make
# make install
(3) 配置httpd.conf
增加SubVersion的虚拟主机,在httpd.conf里取消下面行的注释:
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
编辑conf/extra/httpd-vhosts.conf文件
<VirtualHost *:80>
ServerAdmin admin@gehouse.cn
DocumentRoot /home/svn
ServerName svn.gehouse.cn
ErrorLog logs/svn.gehouse.cn-error_log
LogLevel warn
CustomLog logs/svn.gehouse.cn-access_log common
<Location "/">
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative off
AuthName "TianXing Tech IT Server"
AuthLDAPURL "ldap://ldap.gehouse.cn/ou=people,dc=gehouse,dc=cn?cn?sub?(objectClass=*)" NONE
Require valid-user
</Location>
<Location "/sandbox">
DAV svn
# SVNListParentPath on
# SVNParentPath /home/svn/sandbox
SVNPath /home/svn/sandbox
# SVNIndexXSLT /xslt/svnindex.xsl
</Location>
<Location "/projects">
DAV svn
SVNListParentPath on
SVNParentPath /home/svn/projects
<LimitExcept GET PROPFIND OPTIONS REPORT>
require ldap-group ou=dev,dc=gehouse,dc=cn
</LimitExcept>
</Location>
</VirtualHost>
