div*_*gon 6 svn apache mod-auth
我正在使用Httpd设置SVN存储库.目前,我的存储库可以通过Httpd获得,但任何人都可以签出并提交.我想使用Microsoft Active Directory身份验证限制提交操作.
我正在使用以下内容subversion.conf.
<Location /repos>
DAV svn
# Directory containing all repository for this path
SVNParentPath /srv/svn/repositories
# List repositories colleciton
SVNListParentPath On
# Enable WebDAV automatic versioning
SVNAutoversioning On
# Repository Display Name
SVNReposName "RepositoryName"
# Do basic password authentication in the clear
AuthType Basic
# The name of the protected area or "realm"
AuthName "RepositoryName"
# Make LDAP the authentication mechanism
AuthBasicProvider ldap
# Make LDAP authentication is final
AuthzLDAPAuthoritative off
# Active Directory requires an authenticating DN to access records
#AuthLDAPBindDN "ou=people,o=example,dc=com"
# The LDAP query URL
AuthLDAPURL "ldap://example.com:389/DC=com,DC=example,ou=people?uid(objectClass=*)" NONE
# Read access to everyone
Satisfy Any
# Require a valid user
Require valid-user
# Authorization file
AuthzSVNAccessFile /subversion/apache2/auth/repos.acl
# Limit write permission to list of valid users.
#<LimitExcept GET PROPFIND OPTIONS REPORT>
# Require SSL connection for password protection.
# SSLRequireSSL
#AuthType Basic
#AuthName "Authorization Realm"
#AuthUserFile /etc/httpd/conf/.htpasswd
#Require valid-user
#</LimitExcept>
</Location>
使用上述配置,它每次都会请求凭据.此外,提供时,存储库不可访问.在提供正确的凭据后,我收到500内部服务器错误.
我确实检查了日志文件,但没有任何内容表明实际原因.
为了允许公共阅读/结账,您需要取消注释<LimitExcept>指令之间的位并注释Require valid-user它上面的单独行.
该指令<LimitExcept GET PROPFIND OPTIONS REPORT>告诉里面的一切并不适用于任何服务器GET,PROPFIND,OPTIONS或REPORT请求到资源库,这是用于检查出/读回购.换句话说,如果你将这些代码放在你的Apache配置中,那么除了提到的方法之外,它只需要一个有效的用户(例如,如果PUT提交请求,它将需要一个有效的用户):
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
在你的情况下,它应该看起来像这样(我只是略微修改你的发布配置,假设除了强制登录问题是正确的(我没有LDAP服务器来测试它).注意替换example.com你AuthLDAPURL的真实服务器主办):
<Location /repos>
DAV svn
# Directory containing all repository for this path
SVNParentPath /srv/svn/repositories
# List repositories colleciton
SVNListParentPath On
# Enable WebDAV automatic versioning
SVNAutoversioning On
# Repository Display Name
SVNReposName "RepositoryName"
# Do basic password authentication in the clear
AuthType Basic
# The name of the protected area or "realm"
AuthName "RepositoryName"
# Make LDAP the authentication mechanism
AuthBasicProvider ldap
# Make LDAP authentication is final
AuthzLDAPAuthoritative off
# Active Directory requires an authenticating DN to access records
#AuthLDAPBindDN "ou=people,o=example,dc=com"
# The LDAP query URL
AuthLDAPURL "ldap://example.com:389/DC=com,DC=example,ou=people?uid(objectClass=*)" NONE
# Authorization file
AuthzSVNAccessFile /subversion/apache2/auth/repos.acl
# Limit write permission to list of valid users.
<LimitExcept GET PROPFIND OPTIONS REPORT>
SSLRequireSSL
Require valid-user
</LimitExcept>
</Location>
只要你把它Require valid-user放在里面LimitExcept,一切都应该按照你想要的方式工作.您可以将其余的身份验证配置放在Location指令之间的任何位置.
好的。我完成了第一部分。
参考此处6. Access control lists的部分,我在文件中添加了只读访问权限。AuthzSVNAccessFile
# Authorization file
AuthzSVNAccessFile /srv/svn/repos.acl
/srv/svn/repos.acl文件内容
[/]
* = r
现在,我的所有存储库都可以匿名访问。现在还剩下提交部分。
现在,当我提交时,我收到以下消息。
Commit failed (details follow):
Server sent unexpected return value (500 Internal Server Error) in response to
MKACTIVITY request for '/repos/project1/!svn/act/783d45f7-ae05-134d-acb0-f36c007af59d'
| 归档时间: |
|
| 查看次数: |
4830 次 |
| 最近记录: |