当前位置: 文江博客话题详情

SVN + SASL +活动目录:如何

发布于 2024-08-12 11:46:06 字数 312 浏览 10 评论 0原文

我正在尝试设置 SVN 以针对 ActiveDirectory 进行身份验证。我知道如果您将 SVN 设置为使用 Apache 提供服务,这是可能的,但这样做会带来太多开销,并且 SVN 运行速度太慢。通过阅读 SVN 文档,听起来现在应该可以(因为 SASL 在 1.5 中集成到 SVN 中)配置 SVN 以针对 ActiveDirectory 进行身份验证,而无需使用 Apache。不幸的是,SVN 和 SASL 的文档非常通用,缺乏帮助其正常工作的细节。

有人得到这个工作吗?如果您可以提供一些示例配置文件或高级步骤来为我自己(以及可能的其他人)指明正确的方向,那将是一个巨大的帮助。

原文

I'm trying to set up SVN to authenticate against an ActiveDirectory. I know this is possible if you set up SVN to be served using Apache, but doing so introduces too much overhead, and SVN runs too slow. From reading the SVN docs, it sounds like it should now be possible (since SASL was integrated into SVN in 1.5) to configure SVN to authenticate against ActiveDirectory without using Apache. Unfortunately the documentation from SVN and SASL is extremely generic, and lacks specifics to help get this working properly.

Has anyone gotten this working? It would be a huge help if you could provide some sample configuration files, or high-level steps to point myself (and likely others) in the right direction on this.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

牵你手 2024-08-19 11:46:06

启用 SASL 的 SVN(在 Debian v7 机器上),使用 Active Directory(在另一台服务器上)

请注意,我已经设置了 samba 和 winbind,其中包括 libsasl2-2,因此还获得了启动可执行文件以及 svnserve 和模块(svn plain 所需)或其他)机制来工作,(仅供参考)将它们放入 /usr/lib/x86_64-linux-gnu/sasl2/libplain.so):

sudo apt-get install sasl2-bin svnserve libsasl2-modules

sudo pico /etc/default/saslauthd

START=no 更改为 START= yes,以及 MECHANISMS="pam"MECHANISMS="ldap",以及 THREADS=0(不是 5),以及删除最后一行中 /run 前面的 /var,使其变为 OPTIONS="-c -m /run/saslauthd";控制x,y,输入

sudo pico /etc/saslauthd.conf

添加以下内容(注意:您可能需要在dc=系列前面添加“ou=folder”):

ldap_servers: ldap://hostname.of.server<br />
ldap_search_base: dc=hostname,dc=of,dc=server<br />
ldap_bind_dn: cn=usernamehere,dc=hostname,dc=of,dc=server<br />
ldap_bind_pw: password<br />
ldap_filter: samaccountname=%u<br />
sudo /etc/init.d/saslauthd start

运行sudo testaslauthd -u usernamehere -p password来测试ldap setup 和 cat /var/log/auth.log 查看日志。

将以下行添加到文件 /usr/lib/sasl2/svn.conf

pwcheck_method: saslauthd
mech_list: plain

创建存储库:

mkdir /data
svnadmin create /data/repohere

假设之前有某种“svnadmin dump /data/repohere >/data/repohere.dump”
svnadmin 加载 /data/repohere

pico /data/repohere/conf/svnserve.conf

取消注释(删除前导井号前导空格);并且,修改 anon-access 和 authz-db (请注意,我将 authz 放在 /data 中,以便我的多个存储库共享它):

anon-access = none<br />
auth-access = write<br />
authz-db = ../../authz<br />
use-sasl = true<br />
pico /data/authz

添加以下内容:

[groups]<br />
whatever = username1,username2<br />
[/]<br />
@whatever = rw<br />

在启动时安排 svnserve (抱歉,找不到一个,所以手动制作一):

sudo cp /etc/init.d/skeleton /etc/init.d/svnserve
sudo chmod 755 /etc/init.d/svnserve
sudo update-rc.d svnserve defaults
sudo pico /etc/init.d/svnserve

将DESC更改为“subversion server”,将NAME更改为“svnserve”,去掉DAEMON的“sbin”中的“s”(使其只是/bin/),将DAEMON_ARGS更改为“-d -r / data --log-file /var/log.svn.log"

sudo /etc/init.d/svnserver start

测试你最喜欢的 svn 客户端(例如 TortoiseSVN)!

SVN with SASL enabled (on a Debian v7 box), using Active Directory (on another server)

note that I already setup samba and winbind, which included libsasl2-2 so also get the startup executable and svnserve and modules (needed for svn plain (or other) mechanism to work, which (just FYI) puts them in /usr/lib/x86_64-linux-gnu/sasl2/libplain.so):

sudo apt-get install sasl2-bin svnserve libsasl2-modules

sudo pico /etc/default/saslauthd

change START=no to START=yes, and MECHANISMS="pam" to MECHANISMS="ldap", and THREADS=0 (not 5), and remove the /var in front of /run from the last line so that it's OPTIONS="-c -m /run/saslauthd"; control x, y, enter

sudo pico /etc/saslauthd.conf

Add the following (note: you may need an "ou=folder" in front of the dc= series):

ldap_servers: ldap://hostname.of.server<br />
ldap_search_base: dc=hostname,dc=of,dc=server<br />
ldap_bind_dn: cn=usernamehere,dc=hostname,dc=of,dc=server<br />
ldap_bind_pw: password<br />
ldap_filter: samaccountname=%u<br />
sudo /etc/init.d/saslauthd start

Run sudo testsaslauthd -u usernamehere -p password to test the ldap setup and cat /var/log/auth.log to see log.

Add following lines to a file /usr/lib/sasl2/svn.conf:

pwcheck_method: saslauthd
mech_list: plain

Create repository:

mkdir /data
svnadmin create /data/repohere

assuming some sort of previous "svnadmin dump /data/repohere >/data/repohere.dump"
svnadmin load /data/repohere

pico /data/repohere/conf/svnserve.conf

uncomment (remove the leading pound and the leading space); and, modify anon-access and authz-db (and note that I put authz in /data so than my multiple repos share it):

anon-access = none<br />
auth-access = write<br />
authz-db = ../../authz<br />
use-sasl = true<br />
pico /data/authz

add the following:

[groups]<br />
whatever = username1,username2<br />
[/]<br />
@whatever = rw<br />

to schedule svnserve on startup (sorry, couldn't find one, so manually make one):

sudo cp /etc/init.d/skeleton /etc/init.d/svnserve
sudo chmod 755 /etc/init.d/svnserve
sudo update-rc.d svnserve defaults
sudo pico /etc/init.d/svnserve

change DESC to "subversion server", change NAME to "svnserve", take out the "s" in the "sbin" of DAEMON (to make it just /bin/), change DAEMON_ARGS to "-d -r /data --log-file /var/log.svn.log"

sudo /etc/init.d/svnserver start

test your favorite svn client (e.g. TortoiseSVN)!

回复 原文
扛起拖把扫天下 2024-08-19 11:46:06

使用 VisualSVN Server 在 Windows 上运行 SVN

Run SVN on windows using VisualSVN Server

回复 原文
梦境 2024-08-19 11:46:06

我在其中一封邮件中找到了这篇文章列表。下次我尝试使其正常工作时,我将参考此信息。下面我将其引用以供参考。

我刚刚尝试让 svnserve + SASL 在 Windows 上工作,使用
来自 Mark Phippard 的帮助,并且有一些补充/更正
svn.serverconfig.svnserve.sasl 部分需要。

  1. 你谈论了 subversion.conf 文件,但至少在 Windows 上它
    称为 svn.conf。

  2. 在 Windows 下,数据库文件的默认名称是 sasldb2
    位于 C:\CMU。如果您没有在 svn.conf 中指定任何内容,则为
    当尝试进行身份验证时,SASL 将在其中查找它
    颠覆。

  3. 但是,您可以通过添加来指定要使用的 SASL 数据库文件
    svn.conf 的另一行,格式为:sasldb_path:
    c:\svn_repository\sasldb 也就是里面一个叫sasldb的文件
    c:\svn_repository

  4. 可以更好地描述注册表项:SearchPath - 目录
    包含 sasl*.dll 插件的路径,例如 saslCRAMMD5.dll (我们不是
    这里讨论的是 libsasl.dll)。 ConfFile - 包含的目录路径
    svn.conf 文件。注意这里的不一致:这是目录
    包含conf文件,而conf中的sasldb_path值
    file 指向数据库文件本身,而不是其包含的目录。

  5. 在Windows上使用saslpasswd2时,需要指定数据库
    显式文件(不认为它会使用 c:\CMU\sasldb2 作为默认值),
    因此,更好的命令行示例是:

saslpasswd2 -c -fc:\svn_repository\sasldb -u 领域用户名

  1. Windows 用户(通常)不会构建自己的程序 - 他们有
    仆人/开发商为他们做这件事;-)那么他们要去哪里
    从哪里获取 saslpasswd2? Open Collab Net有一个方便的svn服务器
    安装程序包含这些程序,甚至安装 svnserve
    一项服务。也许值得一提。不确定您想要什么链接
    提供,因为它目前仅存在于合并跟踪/测试版站点上。

西蒙

I found this post in one of the mailing lists. Next time I try to get this working I'm going to reference this information. I'll quote it below for reference.

I have just tried getting svnserve + SASL working on Windows, with
help from Mark Phippard, and there are a few additions/corrections
needed to the svn.serverconfig.svnserve.sasl section.

  1. You talk about the subversion.conf file, but on Windows at least it
    is called svn.conf.

  2. Under Windows the default name for the database file is sasldb2
    located in C:\CMU. If you do not specify anything in svn.conf, this is
    where SASL will look for it when trying to authenticate for
    Subversion.

  3. However, you can specify the SASL database file to use by adding
    another line to svn.conf, of the form: sasldb_path:
    c:\svn_repository\sasldb That is, a file called sasldb in
    c:\svn_repository

  4. The registry keys could be better described: SearchPath - directory
    path containing the sasl*.dll plugins, e.g. saslCRAMMD5.dll (we're not
    talking about libsasl.dll here). ConfFile - directory path containing
    the svn.conf file. Note the inconsistency here: this is the directory
    containing the conf file, whereas the sasldb_path value in the conf
    file points to the database file itself, not its containing directory.

  5. When using saslpasswd2 on Windows, you need to specify the database
    file explicitly (don't think it will use c:\CMU\sasldb2 as a default),
    so a better example of the command line would be:

saslpasswd2 -c -f c:\svn_repository\sasldb -u realm username

  1. Windows users don't (usually) build their own programs - they have
    servants/developers to do that for them ;-) So where are they gonna
    get saslpasswd2 from? Open Collab Net have a convenient svn server
    installer which includes these programs, and even installs svnserve as
    a service. Might be worth a mention. Not sure what link you would
    provide as it only exists on the merge-tracking/Beta site at present.

Simon

回复 原文
窗影残 2024-08-19 11:46:06

我认为这在技术上是可行的。请参阅链接第 8.GSSAPI 和 Microsoft Technet 文章

我有 SVN 1.6 + SASL 的实践经验,如所述 此处。这对我们来说效果很好。所以我认为你最大的挑战是“联姻”SASL 和 Active Directory。

I think it's technically possible. See the link point 8.GSSAPI and microsoft technet article as well.

I've hands-on experience with SVN 1.6 + SASL as described here. It's works fine for us. So I think your biggest challenge is to "married" SASL and Active directory.

回复 原文
~没有更多了~

关于作者

水中月

暂无简介

文章
评论
27 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

知足的幸福

文章 0 评论 0

我一向站在原地

文章 0 评论 0

慕烟庭风

文章 0 评论 0

秉忠贞之诚 守退让之实

文章 0 评论 0

小兔几

文章 0 评论 0

mb_3y7WUgWY

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文