SVN + SASL + ActiveDirectory:如何 [英] SVN + SASL + ActiveDirectory: How to
问题描述
我正在尝试设置 SVN 以针对 ActiveDirectory 进行身份验证.我知道如果您将 SVN 设置为使用 Apache 提供服务,这是可能的,但这样做会引入太多开销,并且 SVN 运行速度太慢.通过阅读 SVN 文档,听起来现在应该可以(因为 SASL 在 1.5 中集成到 SVN 中)配置 SVN 以在不使用 Apache 的情况下针对 ActiveDirectory 进行身份验证.不幸的是,来自 SVN 和 SASL 的文档非常通用,并且缺乏帮助使其正常工作的细节.
I'm trying to set up SVN to authenticate against an ActiveDirectory. I know this is possible if you set up SVN to be served using Apache, but doing so introduces too much overhead, and SVN runs too slow. From reading the SVN docs, it sounds like it should now be possible (since SASL was integrated into SVN in 1.5) to configure SVN to authenticate against ActiveDirectory without using Apache. Unfortunately the documentation from SVN and SASL is extremely generic, and lacks specifics to help get this working properly.
有人搞定这个吗?如果您可以提供一些示例配置文件或高级步骤来为我自己(可能还有其他人)指明正确的方向,那将是一个巨大的帮助.
Has anyone gotten this working? It would be a huge help if you could provide some sample configuration files, or high-level steps to point myself (and likely others) in the right direction on this.
推荐答案
启用 SASL 的 SVN(在 Debian v7 机器上),使用 Active Directory(在另一台服务器上)
SVN with SASL enabled (on a Debian v7 box), using Active Directory (on another server)
请注意,我已经设置了 samba 和 winbind,其中包括 libsasl2-2,因此还获得了启动可执行文件和 svnserve 和模块(需要 svn plain(或其他)机制工作,这(仅供参考)将它们放在/usr/lib/x86_64-linux-gnu/sasl2/libplain.so):
note that I already setup samba and winbind, which included libsasl2-2 so also get the startup executable and svnserve and modules (needed for svn plain (or other) mechanism to work, which (just FYI) puts them in /usr/lib/x86_64-linux-gnu/sasl2/libplain.so):
sudo apt-get install sasl2-bin svnserve libsasl2-modules
sudo pico /etc/default/saslauthd
将 START=no 更改为 START=yes,将 MECHANISMS="pam" 更改为 MECHANISMS="ldap" 和 THREADS=0 (不是 5),并从最后一行中删除 /run 前面的 /var 使其成为OPTIONS="-c -m/run/saslauthd";控制x,y,回车
change START=no to START=yes, and MECHANISMS="pam" to MECHANISMS="ldap", and THREADS=0 (not 5), and remove the /var in front of /run from the last line so that it's OPTIONS="-c -m /run/saslauthd"; control x, y, enter
sudo pico /etc/saslauthd.conf
添加以下内容(注意:您可能需要在 dc= 系列前面添加一个ou=folder"):
Add the following (note: you may need an "ou=folder" in front of the dc= series):
ldap_servers: ldap://hostname.of.server<br />
ldap_search_base: dc=hostname,dc=of,dc=server<br />
ldap_bind_dn: cn=usernamehere,dc=hostname,dc=of,dc=server<br />
ldap_bind_pw: password<br />
ldap_filter: samaccountname=%u<br />
sudo /etc/init.d/saslauthd start
运行 sudo testsaslauthd -u usernamehere -p password 以测试 ldap 设置和 cat/var/log/auth.log 以查看日志.
Run sudo testsaslauthd -u usernamehere -p password to test the ldap setup and cat /var/log/auth.log to see log.
将以下行添加到文件/usr/lib/sasl2/svn.conf:
pwcheck_method: saslauthd
mech_list: plain
创建存储库:
mkdir /data
svnadmin create /data/repohere
假设某种以前的svnadmin dump/data/repohere >/data/repohere.dump"svnadmin 加载/data/repohere
assuming some sort of previous "svnadmin dump /data/repohere >/data/repohere.dump" svnadmin load /data/repohere
pico /data/repohere/conf/svnserve.conf
取消注释(删除前导井号和前导空格);并且,修改 anon-access 和 authz-db(请注意,我将 authz 放在/data 中,而不是我的多个 repos 共享它):
uncomment (remove the leading pound and the leading space); and, modify anon-access and authz-db (and note that I put authz in /data so than my multiple repos share it):
anon-access = none<br />
auth-access = write<br />
authz-db = ../../authz<br />
use-sasl = true<br />
pico /data/authz
添加以下内容:
[groups]<br />
whatever = username1,username2<br />
[/]<br />
@whatever = rw<br />
在启动时安排 svnserve(抱歉,找不到,所以手动创建一个):
to schedule svnserve on startup (sorry, couldn't find one, so manually make one):
sudo cp /etc/init.d/skeleton /etc/init.d/svnserve
sudo chmod 755 /etc/init.d/svnserve
sudo update-rc.d svnserve defaults
sudo pico /etc/init.d/svnserve
把DESC改成subversion server",把NAME改成svnserve",把DAEMON的sbin"里的s"去掉(改成/bin/),把DAEMON_ARGS改成-d -r/数据 --log-file/var/log.svn.log"
change DESC to "subversion server", change NAME to "svnserve", take out the "s" in the "sbin" of DAEMON (to make it just /bin/), change DAEMON_ARGS to "-d -r /data --log-file /var/log.svn.log"
sudo /etc/init.d/svnserver start
测试你最喜欢的 svn 客户端(例如 TortoiseSVN)!
test your favorite svn client (e.g. TortoiseSVN)!
这篇关于SVN + SASL + ActiveDirectory:如何的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
