参考文章
http://solin.blog.51cto.com/11319413/1918718 基本搭建
http://lansgg.blog.51cto.com/5675165/1844836
http://www.361way.com/subversion-apache-ldap/2863.html svn集成ldap
http://jiyude.blog.51cto.com/7582964/1730447 SVN服务器集群(基于LDAP)
http://zengestudy.blog.51cto.com/1702365/1911179
http://ly36843.blog.51cto.com/3120113/1673892 这篇ldap讲的最详细
基本安装
使用web方式访问svn
svn集成ldap,先参照git集成ldap(这个之前做过)
基本安装 svn版本1.6 yum -y install subversion mkdir -p /application/svndata mkdir -p /application/svnpasswd svnserve -d -r /application/svndata/ 启动 lsof -i tcp:3690 svnadmin create /application/svndata/sadoc ll /application/svndata/sadoc/ 配置允许用户solin读写访问 cd /application/svndata/sadoc/conf/ /bin/cp svnserve.conf svnserve.conf.solin$(date +%F) egrep "\-access|\-db =" svnserve.conf # anon-access = read # auth-access = write # password-db = passwd # authz-db = authz [root@node-005 conf]# egrep "\-access|\-db =" svnserve.conf # anon-access = none #不允许匿名访问 # auth-access = write #允许可写 # password-db = /application/svnpasswd/passwd #密码数据库,存放SVN吗 # authz-db = /application/svnpasswd/authz #控制权限的数据库 [root@node-005 conf]# egrep "\-access|\-db =" svnserve.conf # anon-access = read anon-access = none # auth-access = write auth-access = write # password-db = passwd password-db = /application/svnpasswd/passwd # authz-db = authz authz-db = /application/svnpasswd/authz [root@node-005 conf]# diff svnserve.conf.solin2017-04-20 svnserve.conf 12a13 > anon-access = none 13a15 > auth-access = write 20a23 > password-db = /application/svnpasswd/passwd 27a31 > authz-db = /application/svnpasswd/authz 配置authz、passwd证书文件 [root@node-005 conf]# cp authz passwd /application/svnpasswd/ [root@node-005 conf]# ll /application/svnpasswd/ 总用量 8 -rw-r--r-- 1 root root 1080 4月 20 17:22 authz -rw-r--r-- 1 root root 309 4月 20 17:22 passwd [root@node-005 conf]# chmod 700 /application/svnpasswd/* [root@node-005 conf]# ll /application/svnpasswd/ 总用量 8 -rwx------ 1 root root 1080 4月 20 17:22 authz -rwx------ 1 root root 309 4月 20 17:22 passwd vi /application/svnpasswd/authz 添加如下: [groups] bd_sa = solin,test # [/foo/bar] [sadoc:/] # [repository:/baz/fuz] @bd_sa = rw test1 = r vi /application/svnpasswd/passwd 添加如下: [users] solin = bdyun test = bdyun pkill svnserve svnserve -d -r /application/svndata/
使用web方式访问svn yum -y install httpd httpd-devel yum -y install mod_dav_svn mod_auth_mysql vim /etc/httpd/conf/httpd.conf LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule authz_svn_module modules/mod_authz_svn.so <Location /home> DAV svn SVNPath /var/www/html/svna/home </Location> 权限控制 htpasswd -c /etc/svnpwd/svnpwdfile svnpwduser01 mkdir /etc/svnpwd htpasswd -c /etc/svnpwd/svnpwdfile svnpwduser01 AuthType Basic AuthName "svn repos" AuthUserFile /etc/svnpwd/svnpwdfile Require valid-user
svn集成ldap
我的svn是单独一台机器的,ldap一台机器
先参考以前git做的
cd /opt/git/gitlab/config
cat gitlab.yml|grep -v "#"
production: &base
gitlab:
host: 内部域名
email_from: example@example.com
email_display_name: GitLab
email_reply_to: noreply@example.com
default_projects_features:
issues: true
merge_requests: true
wiki: true
snippets: false
incoming_email:
enabled: false
address: "incoming+%{key}@gitlab.example.com"
gravatar:
gitlab_ci:
ldap:
enabled: true
servers:
label: ‘LDAP‘
host: ‘ldap ip‘
port: 389
uid: ‘uid‘
bind_dn: ‘cn=gitlab,ou=People,dc=xx,dc=com‘
password: ‘gitlab密码‘
active_directory: false
allow_username_or_email_login: true
block_auto_created_users: false
base: ‘dc=xx,dc=com‘
user_filter: ‘‘
attributes:
username: [‘uid‘, ‘userid‘, ‘sAMAccountName‘]
email: [‘mail‘, ‘email‘, ‘userPrincipalName‘]
name: ‘cn‘
first_name: ‘givenName‘
last_name: ‘sn‘
omniauth:
enabled: false
allow_single_sign_on: false
block_auto_created_users: true
auto_link_ldap_user: false
providers:
satellites:
path: /opt/git/gitlab-satellites/
timeout: 30
backup:
gitlab_shell:
path: /opt/git/gitlab-shell/
repos_path: /opt/git/repositories/
hooks_path: /opt/git/gitlab-shell/hooks/
secret_file: /opt/git/gitlab/.gitlab_shell_secret
upload_pack: true
receive_pack: true
git:
bin_path: /opt/soft/git/bin/git
timeout: 100
extra:
rack_attack:
git_basic_auth:
development:
<<: *base
test:
<<: *base
gravatar:
enabled: true
gitlab:
host: 内部域名
port: 80
satellites:
path: tmp/tests/gitlab-satellites/
backup:
path: tmp/tests/backups
gitlab_shell:
path: tmp/tests/gitlab-shell/
repos_path: tmp/tests/repositories/
hooks_path: tmp/tests/gitlab-shell/hooks/
issues_tracker:
redmine:
title: "Redmine"
project_url: "http://redmine/projects/:issues_tracker_id"
issues_url: "http://redmine/:project_id/:issues_tracker_id/:id"
new_issue_url: "http://redmine/projects/:issues_tracker_id/issues/new"
ldap:
enabled: true
servers:
main:
label: ldap
host: ldap ip
port: 389
uid: ‘uid‘
base: ‘dc=xx,dc=com‘
user_filter: ‘‘
bind_dn: ‘cn=xx,ou=People,dc=xx,dc=com‘
password: ‘xx密码‘
admin_group: ‘‘
sync_ssh_keys: false
staging:
<<: *baseapache配置
[root@cm1 conf.d]# cat subversion.conf |grep -v "#" LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule authz_svn_module modules/mod_authz_svn.so <Location /svn/> DAV svn SVNListParentPath on SVNParentPath /application/svndata AuthBasicAuthoritative on AuthType Basic AuthName "svn" AuthBasicProvider ldap AuthzLDAPAuthoritative off AuthLDAPURL "ldap://ldap ip:389/ou=People,dc=xx,dc=com?uid?sub?(objectClass=*)" AuthLDAPBindDN "cn=xx,ou=People,dc=xx,dc=com" AuthLDAPBindPassword "xx密码" #xx在ldap服务器上有本地用户 AuthzSVNAccessFile /etc/httpd/conf/svnauthz.conf Require valid-user </Location> cat /etc/httpd/conf/svnauthz.conf [groups] admin = one [/] @admin = rw #[test:/] two = r
最后权限的问题,不知道是否需要chown -R apache.apache /application/*
本文出自 “要有梦想,万一实现了呢” 博客,谢绝转载!
原文:http://szgb17.blog.51cto.com/340201/1934847