Return-Path: X-Original-To: apmail-subversion-users-archive@minotaur.apache.org Delivered-To: apmail-subversion-users-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7015419E2D for ; Tue, 19 Apr 2016 20:12:42 +0000 (UTC) Received: (qmail 25767 invoked by uid 500); 19 Apr 2016 20:12:41 -0000 Delivered-To: apmail-subversion-users-archive@subversion.apache.org Received: (qmail 25733 invoked by uid 500); 19 Apr 2016 20:12:41 -0000 Mailing-List: contact users-help@subversion.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@subversion.apache.org Received: (qmail 25723 invoked by uid 99); 19 Apr 2016 20:12:41 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Apr 2016 20:12:41 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 1D3891A0610 for ; Tue, 19 Apr 2016 20:12:41 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.179 X-Spam-Level: * X-Spam-Status: No, score=1.179 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=icloud.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id LqSQOLUQGfYO for ; Tue, 19 Apr 2016 20:12:39 +0000 (UTC) Received: from pv33p04im-asmtp002.me.com (pv33p04im-asmtp002.me.com [17.143.181.11]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 1922A5F474 for ; Tue, 19 Apr 2016 20:12:38 +0000 (UTC) Received: from process-dkim-sign-daemon.pv33p04im-asmtp002.me.com by pv33p04im-asmtp002.me.com (Oracle Communications Messaging Server 7.0.5.36.0 64bit (built Sep 8 2015)) id <0O5W00800CSBK700@pv33p04im-asmtp002.me.com> for users@subversion.apache.org; Tue, 19 Apr 2016 20:12:22 +0000 (GMT) Received: from lethe.bwi.bestwestern.com (unknown [206.201.173.136]) by pv33p04im-asmtp002.me.com (Oracle Communications Messaging Server 7.0.5.36.0 64bit (built Sep 8 2015)) with ESMTPSA id <0O5W0007EDGIEI00@pv33p04im-asmtp002.me.com>; Tue, 19 Apr 2016 20:12:20 +0000 (GMT) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2016-04-19_13:,, signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 clxscore=1015 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1510270003 definitions=main-1604190341 Content-type: multipart/alternative; boundary="Apple-Mail=_2B1685B1-7F06-46FB-80FF-B19F75026248" MIME-version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: SVN and Active Directory From: jblist@icloud.com In-reply-to: <2909CC7109523F4BA968E7A201471B773FA9E8DE@hqexdb01.hqfincen.gov> Date: Tue, 19 Apr 2016 13:12:18 -0700 Cc: "users@subversion.apache.org" Message-id: References: <2909CC7109523F4BA968E7A201471B773FA9E8DE@hqexdb01.hqfincen.gov> To: "Gronde, Christopher (Contractor)" X-Mailer: Apple Mail (2.3124) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icloud.com; s=4d515a; t=1461096742; bh=120D9lPucO8HFkkg/PF6LHVUhAE4HpPNr4jWRWxDwDs=; h=Content-type:MIME-version:Subject:From:Date:Message-id:To; b=VPLCrO72gC27tjkgZCya1T4mn2gyG3P/H8uJSSTOSsHM73qDd8waUmWeJTW8cszVS aLB0Y64uqS+URysiwPjukvPTl92PrGSjO1Q8qivBcN9CY/NxK+PGrfYO87n3LxP33s +GFPtL5Gr2oYdp+eV7+tn9PQ3Dlia5hup2NwgJ44J3zRpSrGhLZz2OYuz8Z/JOPHP0 I2ar7RCRddpqY5GyqMlf8JpC4ERrAq59elm4KLUZXg1vXAGnWPnDmeNVIs1G04gq0o M6HIrR/cfE5CdXiq+30ZOurQMQ3g+3RchHDvMu86lyRQ6tYcaUE4so+6PAoiaANRWd hZvCW3q961S3w== --Apple-Mail=_2B1685B1-7F06-46FB-80FF-B19F75026248 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii > On Apr 19, 2016, at 12:53 PM, Gronde, Christopher (Contractor) = wrote: >=20 > Has anyone in here successfully integrated SVN with Active Directory = for user authentication? We are currently using FreeIPA and user = account management is the bane of my existence. If anyone has or knows = of any documentation for integrating Active Directory with SVN = (preferably 1.9 since we are going to upgrade to that version) that = would be much appreciated. > =20 > V/r > Chris Gronde (CTR) > Navstar, INC. > Linux Systems Administrator > Network Monitoring Engineer > Financial Crimes Enforcement Network (FinCEN) > Technology Solutions and Services Division (TSSD) > Tel: 703-905-3578 > Cell: 571-318-7743 > Office: 2041K I have, just recently in fact. The trick is to use SASL with LDAP. I = only use authentication at this point and don't use AD groups for = authorization. I'm using a RHEL7 as my svn server which bundles SVN 1.7. I can't = imagine the configuration of the server would be drastically different = from 1.7 to 1.9. So far the only burr in the saddle has been making sure the clients = support SASL/PLAIN -- most do, but Eclipse with Subclipse was a failure. As long as you're fine with passing credentials in cleartext, then this = will work for you. If you need SSL encryption, then you will probably = need to add Apache. Trying to get the RedHat-supplied svn and Apache = components to work together was a non-starter, and trying to build = everything from source on RHEL didn't work either. --Apple-Mail=_2B1685B1-7F06-46FB-80FF-B19F75026248 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii
On Apr 19, 2016, at 12:53 PM, Gronde, Christopher = (Contractor) <Christopher.Gronde@fincen.gov> wrote:

Has anyone in here = successfully integrated SVN with Active Directory for user = authentication?  We are currently using FreeIPA and user account = management is the bane of my existence.  If anyone has or knows of = any documentation for integrating Active Directory with SVN (preferably = 1.9 since we are going to upgrade to that version) that would be much = appreciated.
 
V/r
Chris Gronde (CTR)
Navstar, INC.
Linux = Systems Administrator
Network Monitoring Engineer
Financial Crimes Enforcement Network = (FinCEN)
Technology Solutions and Services Division (TSSD)
Tel: = 703-905-3578
Cell: 571-318-7743
Office: = 2041K


I have, just recently in = fact. The trick is to use SASL with LDAP. I only use authentication at = this point and don't use AD groups for authorization.

I'm using a RHEL7 as my = svn server which bundles SVN 1.7. I can't imagine the configuration of = the server would be drastically different from 1.7 to 1.9.

So far the only burr in = the saddle has been making sure the clients support SASL/PLAIN -- most = do, but Eclipse with Subclipse was a failure.

As long as you're fine with passing = credentials in cleartext, then this will work for you. If you need SSL = encryption, then you will probably need to add Apache. Trying to get the = RedHat-supplied svn and Apache components to work together was a = non-starter, and trying to build everything from source on RHEL didn't = work either.

= --Apple-Mail=_2B1685B1-7F06-46FB-80FF-B19F75026248--