SVN 通过 Windows AD 域认证
subversion SVN程序
cyrus-sasl 链接AD认证服务
Red Hat Enterprise Linux Server release 6.2 (Santiago)
PS:账户还是通过本地 authz 文件控制,密码通过 AD 认证,红色是需要修改和注意的地方
一、安装SVN依赖程序
[codes=txt][root@selboo ~]# yum install subversion cyrus-sasl[/codes]
二、Svn配置
1、创建 selboo 项目
[codes=txt][root@selboo ~]# cd /opt/
[root@selboo opt]# svnadmin create selboo[/codes]
2、修改 selboo 项目 配置文件
[codes=txt][root@selboo opt]# cat selboo/conf/svnserve.conf
[general]
anon-access = none
auth-access = write
authz-db = authz
realm = SELBOO
[sasl]
use-sasl = true[/codes]
3、authz
[codes=txt][root@selboo opt]# cat selboo/conf/authz
[groups]
admin = selboo,root,administrator
[/]
@admin = rw[/codes]
具体根据自己结构进行配置
4、启动SVN
[codes=txt][root@selboo opt]# svnserve -d --config-file /opt/selboo/conf/svnserve.conf -r /opt/ --log-file /var/log/svn.log
[root@selboo opt]# netstat -tnlp | grep 3690
tcp 0 0 0.0.0.0:3690 0.0.0.0:* LISTEN 18920/svnserve [/codes]
三、cyrus-sasl
1、saslauthd.conf
[codes=txt][root@selboo opt]# cat /etc/saslauthd.conf
ldap_servers: ldap://192.168.1.100
ldap_default_domain: selboo.com.cn
ldap_search_base: DC=selboo,DC=com,DC=cn
ldap_bind_dn: administrator@selboo.com.cn
ldap_bind_pw: 123456
ldap_deref: never
ldap_restart: yes
ldap_scope: sub
ldap_use_sasl: no
ldap_start_tls: no
ldap_version: 3
ldap_auth_method: bind
ldap_filter: sAMAccountName=%u
ldap_password_attr: userPassword
ldap_timeout: 10
ldap_cache_ttl: 30
ldap_cache_mem: 32768[/codes]
2、saslauthd
修改 saslauthd ldap
[codes=txt][root@selboo opt]# cat /etc/sysconfig/saslauthd
# Directory in which to place saslauthd's listening socket, pid file, and so
# on. This directory must already exist.
SOCKETDIR=/var/run/saslauthd
# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled with the ablity to use.
MECH=ldap
# Options sent to the saslauthd. If the MECH is other than "pam" uncomment the next line.
# DAEMONOPTS=--user saslauth
# Additional flags to pass to saslauthd on the command line. See saslauthd(8)
# for the list of accepted flags.
FLAGS=[/codes]
3、svn.conf
新建svn.conf 文件 用于 sasl 域 svn 整合
[codes=txt][root@selboo opt]# cat /etc/sasl2/svn.conf
pwcheck_method: saslauthd
auxprop_plugin: ldap
mech_list: PLAIN LOGIN
ldapdb_mech: PLAIN LOGIN[/codes]
4、验证 sasl 是否正常
[codes=txt][root@selboo ~]# testsaslauthd -u root -p 1234556
0: OK "Success."[/codes]
5、启动saslauthd
[codes=txt][root@selboo opt]# /etc/init.d/saslauthd start
[root@selboo opt]# ps aux | grep saslauthd | grep -v grep
root 1440 0.0 0.1 9624 1760 ? Ss Mar29 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a ldap
root 1441 0.0 0.1 9624 1728 ? S Mar29 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a ldap
root 1442 0.0 0.1 9624 1724 ? S Mar29 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a ldap
root 1443 0.0 0.1 9624 1728 ? S Mar29 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a ldap
root 1444 0.0 0.1 9624 1724 ? S Mar29 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a ldap[/codes]
PS:密码认证是方便了,但是本地修改 authz 就不太方便,推荐使用 IF.SVNAdmin 通过web直接修改 下篇文章会介绍
cyrus-sasl 链接AD认证服务
Red Hat Enterprise Linux Server release 6.2 (Santiago)
PS:账户还是通过本地 authz 文件控制,密码通过 AD 认证,红色是需要修改和注意的地方
一、安装SVN依赖程序
[codes=txt][root@selboo ~]# yum install subversion cyrus-sasl[/codes]
二、Svn配置
1、创建 selboo 项目
[codes=txt][root@selboo ~]# cd /opt/
[root@selboo opt]# svnadmin create selboo[/codes]
2、修改 selboo 项目 配置文件
[codes=txt][root@selboo opt]# cat selboo/conf/svnserve.conf
[general]
anon-access = none
auth-access = write
authz-db = authz
realm = SELBOO
[sasl]
use-sasl = true[/codes]
3、authz
[codes=txt][root@selboo opt]# cat selboo/conf/authz
[groups]
admin = selboo,root,administrator
[/]
@admin = rw[/codes]
具体根据自己结构进行配置
4、启动SVN
[codes=txt][root@selboo opt]# svnserve -d --config-file /opt/selboo/conf/svnserve.conf -r /opt/ --log-file /var/log/svn.log
[root@selboo opt]# netstat -tnlp | grep 3690
tcp 0 0 0.0.0.0:3690 0.0.0.0:* LISTEN 18920/svnserve [/codes]
三、cyrus-sasl
1、saslauthd.conf
[codes=txt][root@selboo opt]# cat /etc/saslauthd.conf
ldap_servers: ldap://192.168.1.100
ldap_default_domain: selboo.com.cn
ldap_search_base: DC=selboo,DC=com,DC=cn
ldap_bind_dn: administrator@selboo.com.cn
ldap_bind_pw: 123456
ldap_deref: never
ldap_restart: yes
ldap_scope: sub
ldap_use_sasl: no
ldap_start_tls: no
ldap_version: 3
ldap_auth_method: bind
ldap_filter: sAMAccountName=%u
ldap_password_attr: userPassword
ldap_timeout: 10
ldap_cache_ttl: 30
ldap_cache_mem: 32768[/codes]
2、saslauthd
修改 saslauthd ldap
[codes=txt][root@selboo opt]# cat /etc/sysconfig/saslauthd
# Directory in which to place saslauthd's listening socket, pid file, and so
# on. This directory must already exist.
SOCKETDIR=/var/run/saslauthd
# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled with the ablity to use.
MECH=ldap
# Options sent to the saslauthd. If the MECH is other than "pam" uncomment the next line.
# DAEMONOPTS=--user saslauth
# Additional flags to pass to saslauthd on the command line. See saslauthd(8)
# for the list of accepted flags.
FLAGS=[/codes]
3、svn.conf
新建svn.conf 文件 用于 sasl 域 svn 整合
[codes=txt][root@selboo opt]# cat /etc/sasl2/svn.conf
pwcheck_method: saslauthd
auxprop_plugin: ldap
mech_list: PLAIN LOGIN
ldapdb_mech: PLAIN LOGIN[/codes]
4、验证 sasl 是否正常
[codes=txt][root@selboo ~]# testsaslauthd -u root -p 1234556
0: OK "Success."[/codes]
5、启动saslauthd
[codes=txt][root@selboo opt]# /etc/init.d/saslauthd start
[root@selboo opt]# ps aux | grep saslauthd | grep -v grep
root 1440 0.0 0.1 9624 1760 ? Ss Mar29 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a ldap
root 1441 0.0 0.1 9624 1728 ? S Mar29 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a ldap
root 1442 0.0 0.1 9624 1724 ? S Mar29 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a ldap
root 1443 0.0 0.1 9624 1728 ? S Mar29 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a ldap
root 1444 0.0 0.1 9624 1724 ? S Mar29 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a ldap[/codes]
PS:密码认证是方便了,但是本地修改 authz 就不太方便,推荐使用 IF.SVNAdmin 通过web直接修改 下篇文章会介绍