Last updated on 2009-02-16@22:43. The company I work for had finally realized the benefits of a decent source code versioning system so after a short evaluation they settled on Subversion. To make user management easier they also wanted to use Microsoft Active Directory, so I set off on a quest to make Apache talk to our Active Directory 2003 server for authentication. Before I explain to you how I set this all up on Debian Etch I have to get something off my chest first. Sensitive people may want to skip the next paragraph.

Microsoft Active Directory is a bit-rotten crock that should have never seen the light of day. After two full days of waving dead chickens at it, trying to make any sense of it’s irrational behavior I would love nothing more than to pick it up and throw it off the roof of our building, BofH style, aiming it at the PHB that bought it in the first place. Or it’s programmer. Whomever passes by first. It’s API only vaguely resembles LDAP after at least three bottles of whiskey or one pan galactic gargle blaster and squinting really, really hard. Fortunately our management has seen the light of day after this little misadventure and in a few months we’re migrating to Open-Xchange.

Right. That’s settled. Back to making it work because we need Subversion before we have migrated to Open-Xchange. Let’s start off by installing a bunch of software that we need: apache2, subversion and libapache2-svn. Make sure that the correct modules are enabled by symlinking then from /etc/apache2/mod-enabled to /etc/apache2/mods-available. Here are the relevant files:

  1. $ ls -al /etc/apache2/mods-enabled
  2. alias.load -> ../mods-available/alias.load
  3. auth_basic.load -> ../mods-available/auth_basic.load
  4. authnz_ldap.load -> /etc/apache2/mods-available/authnz_ldap.load
  5. authz_default.load -> ../mods-available/authz_default.load
  6. authz_user.load -> ../mods-available/authz_user.load
  7. dav.load -> ../mods-available/dav.load
  8. dav_svn.conf -> ../mods-available/dav_svn.conf
  9. dav_svn.load -> ../mods-available/dav_svn.load
  10. ldap.load -> ../mods-available/ldap.load

Apache2 on Debian Etch ships with mod_authnz_ldap instead of mod_auth_ldap, so if most of the online tutorials for LDAP authentication did not work for you, that’s why. mod_authnz_ldap works just a little bit different. I am going to implement things in such a way that makes it easy to test your configuration in between. First we get Active Directory working and then we look at Subversion.

Active Directory authentication

Start off by creating a directory where later on you will host Subversion repositories and create a basic Apache configuration for it. For ease of testing make sure that you can view directory indexes. I chose to put my repositories under /var/lib/svn and I will use a virtual server for it. Create a new configuration file /etc/apache2/sites-available/svn and symlink it from /etc/apache2/sites-enabled/.

Update: You should not point your DocumentRoot to the directory that contains all your repositories. If you do that then Apache will not know if it should handle those himself of if he should hand it over to the Subversion module. That is why in these examples the DocumentRoot to /var/lib/svn/htdocs.

  1. NameVirtualHost *
  2. <VirtualHost *>

  3. « »

    Tags: , ,
    Comments RSS feed

Leave a Comment: