当前位置: 文江博客话题详情

Apache LDAP 身份验证 Redmine

发布于 2024-12-08 02:54:22 字数 593 浏览 1 评论 0原文

我在 Apache 服务器 (RHEL 6.1) 上设置了 Redmine。我还有一个在 /var/svn 运行的 Subversion 服务器。我为我的 subversion 配置了正确的 LDAP 身份验证,因此当有人访问 subversion 存储库时(通过命令行:svn checkout/update/commit,或通过 http://myserver.com/svn/project),它会提示输入用于对 LDAP 服务器进行身份验证的用户名和密码。

但是:在 Redmine 中浏览项目页面时,我看到出现“存储库”选项卡(并且它链接到正确的地址: http://myserver.com/svn/project)。但是当我导航到此选项卡时,它显示“404 在存储库中找不到条目或修订”。我有一种感觉,404 是由于 Redmine 无法针对 LDAP 进行身份验证而产生的。所以我的问题是如何允许 Redmine 进入该目录,但其他人都需要通过 LDAP 进行身份验证?

原文

I have Redmine setup on an Apache server (RHEL 6.1). I also have a subversion server running at /var/svn. I have the proper LDAP authentication for my subversion configured, so when someone accesses the subversion repository (either via command line: svn checkout/update/commit, or through http://myserver.com/svn/project), it prompts for a username and password that authenticates against the LDAP server.

However: When browsing the project's page in Redmine, I see the "Repository" tab appear (and it links to the proper address: http://myserver.com/svn/project). But when I navigate to this tab, it displays "404 The entry or revision was not found in the repository". I have a feeling that the 404 is coming from Redmine not being able to authenticate against LDAP. So my question is how to allow Redmine into that directory, but everyone else needs to be authenticated against LDAP?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

信仰 2024-12-15 02:54:22

我已经弄清楚了我的问题并提出了一个相当简单的解决方案。我的假设是正确的 - 因为 Redmine 不知道如何处理 LDAP 请求,所以它抛出了 404。

下面是允许 Redmine(或在同一服务器上运行的任何服务)通过身份验证过程的正确 Apache 配置:

<Location /svn>
    # The following two lines allow for any request made by this machine through
    #  We do this to allow Redmine to have access without needing to authenticate against LDAP
    # NOTE: The IP address MUST be the one given by DHCP - the loop-back (127.0.0.1) will NOT WORK
    Order allow,deny
    Allow from ACTUAL_IP_ADDRESS (example: 123.45.67.100)


    # The following authenticates against LDAP for any request NOT made by the same server
    # This includes anyone attempting to access:
    #       http://myserver.com/svn/*
    #  either via web-browser, or svn command
    #
    # Tell apache this is a subversion repository
    DAV svn
    # Where the subversion repository list exists on the file system
    SVNParentPath "/var/svn"
    # What kind of authentication 
    AuthType Basic
    AuthName "Restricted Subversion Content"
    AuthBasicProvider ldap
    AuthLDAPBindDN "YOUR_BIND_DN"
    AuthLDAPBindPassword "YOUR_BIND_PASSWORD"
    AuthLDAPURL "YOUR_LDAP_URL"
    # Require a valid-LDAP user (if not from the allowed IP address)
    Require valid-user

    # This line (very important) tells Apache that the request needs to follow AT LEAST
    # one of the following:
    #       - The request is from the IP address listed above
    #       - All others MUST authenticate using LDaP
    # If we wanted BOTH to be required (not in our case), we would use "Satisfy All"
    Satisfy Any

我希望这可以帮助其他正在寻找类似解决方案的人!

I have figured out my problem and came up with a fairly simple solution. My assumption was correct - because Redmine didn't know how to handle the LDAP request, it threw a 404.

Below is the proper Apache configuration to allow Redmine (or any service running on the same server) through the authentication process:

<Location /svn>
    # The following two lines allow for any request made by this machine through
    #  We do this to allow Redmine to have access without needing to authenticate against LDAP
    # NOTE: The IP address MUST be the one given by DHCP - the loop-back (127.0.0.1) will NOT WORK
    Order allow,deny
    Allow from ACTUAL_IP_ADDRESS (example: 123.45.67.100)


    # The following authenticates against LDAP for any request NOT made by the same server
    # This includes anyone attempting to access:
    #       http://myserver.com/svn/*
    #  either via web-browser, or svn command
    #
    # Tell apache this is a subversion repository
    DAV svn
    # Where the subversion repository list exists on the file system
    SVNParentPath "/var/svn"
    # What kind of authentication 
    AuthType Basic
    AuthName "Restricted Subversion Content"
    AuthBasicProvider ldap
    AuthLDAPBindDN "YOUR_BIND_DN"
    AuthLDAPBindPassword "YOUR_BIND_PASSWORD"
    AuthLDAPURL "YOUR_LDAP_URL"
    # Require a valid-LDAP user (if not from the allowed IP address)
    Require valid-user

    # This line (very important) tells Apache that the request needs to follow AT LEAST
    # one of the following:
    #       - The request is from the IP address listed above
    #       - All others MUST authenticate using LDaP
    # If we wanted BOTH to be required (not in our case), we would use "Satisfy All"
    Satisfy Any

I hope this helps someone else looking for a similar solution!

回复 原文
~没有更多了~

关于作者

梦里泪两行

暂无简介

0 文章
0 评论
22 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

已经忘了多久

文章 0 评论 0

15867725375

文章 0 评论 0

LonelySnow

文章 0 评论 0

走过海棠暮

文章 0 评论 0

轻许诺言

文章 0 评论 0

信馬由缰

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文