问题
I have an SVN server, and I'd like to use our LDAP server for user authentication. Right now I'm specifying usernames and passwords per repository, which is working OK, but more people are deciding to use this server. And I really shouldn't have access to their passwords. I'd like to use LDAP to authenticate users, and I want to grant access rights to a whole domain rather than specify users individually.
Some (gruesome) details:
- SVN is running on a windows XP machine. :-(
- I have both svnserve and http access, but the latter is a very minor concern.
- I have minimal LDAP knowledge (which is probably why I'm asking this question.)
Finally, if this is a bad idea entirely, or if there's a better solution I would be interested in hearing it.
Thanks!
回答1:
svnserve is used whenever you access URLs starting with svn://. All URLs that start with http:// or https:// are handled by Apache. All Subversion clients should be able to handle both of them, and TortoiseSVN doesn't have a problem with them for sure.
Change your Apache config to something like this:
<Location /svn>
AuthName "My repository"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain MYDOMAIN
SSPIOmitDomain On
SSPIOfferBasic On
SSPIUsernameCase lower
Require valid-user
DAV svn
SVNListParentPath on
SVNParentPath D:/path/to/repos
AuthzSVNAccessFile D:/path/to/accessfile
</Location>
来源:https://stackoverflow.com/questions/3841275/use-ldap-for-svn-user-authentication