subversion-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Butt <Tony.B...@cea.com.au>
Subject RE: SVN and Active Directory
Date Tue, 19 Apr 2016 22:47:10 GMT
We use saslauthd with a Kerberos backend to our AD servers, and it works very well. That assumes
you are running a linux based Os, of course.
Tony Butt
CEA Technologies

From: jblist@icloud.com [mailto:jblist@icloud.com]
Sent: Wednesday, 20 April 2016 6:22 AM
To: Gronde, Christopher (Contractor)
Cc: users@subversion.apache.org
Subject: Re: SVN and Active Directory



From: jblist@icloud.com<mailto:jblist@icloud.com> [mailto:jblist@icloud.com]
Sent: Tuesday, April 19, 2016 4:12 PM
To: Gronde, Christopher (Contractor) <Christopher.Gronde@fincen.gov<mailto:Christopher.Gronde@fincen.gov>>
Cc: users@subversion.apache.org<mailto:users@subversion.apache.org>
Subject: Re: SVN and Active Directory


On Apr 19, 2016, at 12:53 PM, Gronde, Christopher (Contractor) <Christopher.Gronde@fincen.gov<mailto:Christopher.Gronde@fincen.gov>>
wrote:

Has anyone in here successfully integrated SVN with Active Directory for user authentication?
 We are currently using FreeIPA and user account management is the bane of my existence. 
If anyone has or knows of any documentation for integrating Active Directory with SVN (preferably
1.9 since we are going to upgrade to that version) that would be much appreciated.



I have, just recently in fact. The trick is to use SASL with LDAP. I only use authentication
at this point and don't use AD groups for authorization.

I'm using a RHEL7 as my svn server which bundles SVN 1.7. I can't imagine the configuration
of the server would be drastically different from 1.7 to 1.9.

So far the only burr in the saddle has been making sure the clients support SASL/PLAIN --
most do, but Eclipse with Subclipse was a failure.

As long as you're fine with passing credentials in cleartext, then this will work for you.
If you need SSL encryption, then you will probably need to add Apache. Trying to get the RedHat-supplied
svn and Apache components to work together was a non-starter, and trying to build everything
from source on RHEL didn't work either.

On Apr 19, 2016, at 1:16 PM, Gronde, Christopher (Contractor) <Christopher.Gronde@fincen.gov<mailto:Christopher.Gronde@fincen.gov>>
wrote:

Unfortunately I fear that SSL is going to be a requirement for us.  The client our users have
been using is TortoiseSVN.  1.9 isn’t supplied by Red Hat so maybe that is easier to get
to play well with apache than 1.7 was for you?


[please bottom post your responses]

We also use TortoiseSVN 1.9 and it supports SASL. It was only subclipse that caused grief.

I would suggest looking to a packager like wanDisco for your svn 1.9 server. They could probably
help getting Subversion+Apache working without having to build from source. Also, since Apache
2.4 natively supports AD authentication, you might get everything you need without having
to rely on RedHat.


Mime
View raw message