Setting up Apache and Subversion to use LDAP (Windows Active Directory) group authentication

Question

I am attempting to setup Apache httpd with LDAP access for Subversion, and need a bit of help:

What I want to do is use a group for access. If you are a member of th

Answer 1

If you're using Apache 2.2, this is actually pretty easy. Make sure you configure Apache to have both mod_ldap and mod_authnz_ldap enabled.

Here is the minimum needed for AD ldap authentication and authorization:

<Location /path/to/repo/>
    AuthType basic
    AuthName "My Repository"
    AuthBasicProvider ldap
    AuthLDAPURL "ldap://ldap.example.com:3268/dc=example,dc=com?sAMAccountName" NONE
    AuthLDAPBindDN "DN of service account allowed to search"
    AuthLDAPBindPassword "Password of service account allowed to search"
    Require ldap-group DN of group allowed access to repo
</Location>

For the ldap-group, don't surround the DN with quotation marks. By specifying port 3268, you will be connecting to the global catalog. I found this works much better because Apache won't get a bunch of referrals.