httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leo Donahue - RDSA IT <>
Subject [users@httpd] some questions on configuring SSL and LDAP
Date Fri, 27 Sep 2013 18:52:08 GMT
Would someone be willing to nitpick this configuration?

The goal is setting up a self-signed certificate and enabling SSL and LDAP authentication
for a subversion repository.
This configuration is located in subversion.conf
The version of Apache httpd in this subversion product is:  2.2.25

This configuration is working, but I was hoping someone might spot something I've missed or
perhaps suggest some best practices?

# VirtualHost is set to: 8443 for SSL
<VirtualHost *:8443>
KeepAlive On

# This directive toggles the usage of the SSL/TLS Protocol Engine. This should be used inside
a <VirtualHost> section to enable SSL/TLS for a that virtual host.
SSLEngine On
SSLCertificateFile "C:\Program Files (x86)\Subversion\Apache2\ssl\apache.crt"
SSLCertificateKeyFile "C:\Program Files (x86)\Subversion\Apache2\ssl\apache.key"

# The <Location> directive limits the scope of the enclosed directives by URL, in this
case the URL of /svn
<Location /svn>

  DAV svn
  SVNParentPath "C:\repositories"

 # Let the users browse the parent path /svn
  SVNListParentPath on

  # SVNParentPath and authz fix
  RedirectMatch ^(/svn)$ $1/

  # Authentication: LDAP
  Order deny,allow
  Deny from All
  AuthName "my auth name"
  AuthType Basic
  AuthBasicProvider ldap

  # AuthzLDAPAuthoritative must be explicitly set because the default setting is "on" and
authentication attempts for valid-user will fail otherwise.
  AuthzLDAPAuthoritative off

  # Note: We are only looking for users that belong to a certain OU of yadda1
  AuthLDAPURL "ldap://servername.domain:389/OU=yadda1,OU=yadda,DC=domain,DC=organization,DC=gov?sAMAccountName?sub?(objectClass=*)"
  AuthLDAPBindDN "CN=AD Query Account,OU=Service Accounts,OU=dept,DC=domain,DC=organization,DC=gov"
  AuthLDAPBindPassword bind_password

  # If AuthzLDAPAuthoritative was set to 'on', then you can list required users in the following
  #Require user "me" "someotheruser"

  # Grants access to any user that has successfully authenticated during the search/bind phase
  Require valid-user

  # Allows the request if any requirement is met (authentication OR access), can use 'all'
to force both requirements
  Satisfy any

  # Authorization: Path-based access control; authenticated users can access paths for read/write
specfied in this file.
  AuthzSVNAccessFile "C:\svn_passwd\svn-auth.authz"

  SVNAutoversioning on

# Enable Subversion logging
CustomLog logs/subversion.log combined



View raw message