SVN Server with Apache LDAP Authentication

You will need to install apache plus various subversion tools.  Follow the /usr/share/doc/packages/subversion/README.SuSE for more details.

  1. Modify /etc/sysconfig/apache2 to have values below.  The import lines are: APACHE_CONF_INCLUDE_FILES, APACHE_MODULES, and APACHE_SERVER_FLAGS
    DOC_SERVER="no"
    APACHE_CONF_INCLUDE_FILES="custom/listen.conf"
    APACHE_CONF_INCLUDE_DIRS=""
    APACHE_MODULES="actions alias auth_basic authn_file authz_host authz_groupfile authz_default authz_user authn_dbm autoindex cgi dir env expires include log_config mime negotiation setenvif ssl suexec dav dav_svn authnz_ldap authz_svn ldap python php5"
    APACHE_SERVER_FLAGS="SSL SVN_DOC"
    APACHE_HTTPD_CONF=""
    APACHE_MPM=""
    APACHE_SERVERADMIN=""
    APACHE_SERVERNAME=""
    APACHE_START_TIMEOUT="2"
    APACHE_SERVERSIGNATURES="on"
    APACHE_LOGLEVEL="warn"
    APACHE_ACCESS_LOG="/var/log/apache2/access_log combined"
    APACHE_ACCESS_LOG="/var/log/apache2/access_log combined"
    APACHE_SERVERTOKENS="OS"
    APACHE_EXTENDED_STATUS="off"
    APACHE_BUFFERED_LOGS="off"
    APACHE_TIMEOUT="300"
  2. Modify the default /etc/apache2/listen.conf and comment out all lines since our custom listen.conf will do the trick

      Create a custom folder and our listen.conf file

      # mkdir /etc/apache2/custom

      # cp /etc/apache2/listen.conf /etc/apache2/custom/

      # vi /etc/apache2/custom/listen.conf (replace 192.168.1.1 with the ip address of the interface ip that apache is listening on.

      Listen 192.168.1.1:80
      <IfDefine SSL>
          <IfDefine !NOSSL>
              <IfModule mod_ssl.c>
                  Listen 192.168.1.1:443
              </IfModule>
          </IfDefine>
      </IfDefine>
      NameVirtualHost *:80
      NameVirtualHost *:443
  3. Copy the template /etc/apache2/vhost.d/vhost.template file to a new .conf file with the domain name you are using
      # cp /etc/apache2/vhost.d/vhost.template /etc/apache2/vhost.d/svn.example.conf
    <VirtualHost *:80>
    		ServerName svn.example.com
    		ServerAlias subversion.example.com
    		ServerAlias subversion
    		ServerAlias svn
    		DocumentRoot /srv/www/vhosts/svn.example.com/http
    		ErrorLog /var/log/apache2/svn.example.com-error_log
    		CustomLog /var/log/apache2/svn.example.com-access_log combined
    		HostnameLookups Off
    		UseCanonicalName Off
    		ServerSignature On
    		Include /etc/apache2/custom/subversion.conf
    		ScriptAlias /cgi-bin/ "/srv/www/vhosts/svn.example.com/cgi-bin/"
    		<Directory "/srv/www/vhosts/svn.example.com/cgi-bin">
    			AllowOverride None
    			Options +ExecCGI -Includes
    			Order allow,deny
    			Allow from all
    		</Directory>
    		<Directory "/srv/www/vhosts/svn.example.com/http">
    			Options Indexes FollowSymLinks
    			AllowOverride AuthConfig
    			Order allow,deny
    			Allow from all
    		</Directory>
    </VirtualHost>
    1. Now do the same for ssl. Copy the template /etc/apache2/vhost.d/vhost-ss.template file to a new .conf file with the domain name you are using
      # cp /etc/apache2/vhost.d/vhost-ss.template /etc/apache2/vhost.d/svn.example-ssl.conf

      <IfDefine SSL>
      <IfDefine !NOSSL>
      <VirtualHost *:443>
      		ServerName svn.example.com:443
      		ServerAlias subversion.example.com:443
      		ServerAlias subversion:443
      		ServerAlias svn:443
      		DocumentRoot "/srv/www/vhosts/svn.example.com/https"
      		ErrorLog /var/log/apache2/svn.example.com-ssl-error_log
      		CustomLog /var/log/apache2/svn.example.com-ssl-access_log combined
      		HostnameLookups Off
      		UseCanonicalName Off
      		ServerSignature On
      		Include /etc/apache2/custom/subversion.conf
      		SSLEngine on
      		SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
      		SSLCertificateFile /etc/apache2/ssl.crt/server.crt
      		SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
      		<Files ~ "\.(cgi|shtml|phtml|php3?)$">
      			SSLOptions +StdEnvVars
      		</Files>
      		<Directory "/srv/www/vhosts/svn.example.com/cgi-bin">
      			SSLOptions +StdEnvVars
      		</Directory>
      		SetEnvIf User-Agent ".*MSIE.*" \
      		nokeepalive ssl-unclean-shutdown \
      		downgrade-1.0 force-response-1.0
      		<Directory "/srv/www/vhosts/svn.example.com/https">
      			Options Indexes FollowSymLinks
      			AllowOverride AuthConfig
      			Order allow,deny
      			Allow from all
      		</Directory>
      		CustomLog /var/log/apache2/ssl_request_log  ssl_combined
      </VirtualHost>
      </IfDefine>
      </IfDefine>
    2. Create the template folders
      # mkdir -p /srv/www/vhosts/example.com/http
      # mkdir -p /srv/www/vhosts/example.com/https
      # mkdir -p /srv/www/vhosts/example.com/cgi-bin
      # chown -R wwwrun:www /srv/www/vhosts/example.com
    3. Copy the template folders to svn.ok.ubc.ca
      # cp -a /srv/www/vhosts/example.com /srv/www/vhosts/svn.ok.ubc.ca
    4. Create a dummy certificate (there are a million ways to do this, this is just the quickest)
      # /usr/bin/gensslcert
    5. Create a custom /etc/apache2/custom/subversion.conf file
      <IfModule mod_dav_svn.c>
      <Location /svn/>
      		DAV svn
      		SVNParentPath /srv/svn/repositories
      		SVNListParentPath on
      		AuthzSVNAccessFile /etc/apache2/custom/svn.access
      		Satisfy Any
      		Require valid-user
      		AuthName "SVN Repositories"
      		AuthType Basic
      		AuthBasicProvider ldap
      		AuthzLDAPAuthoritative Off
      		AuthLDAPURL ldap://ldap.example.com:389/o=example.com?uid?sub?(objectClass=posixAccount)
      </Location>
      </IfModule>
    6. Make the default svn repository
      # mkdir -p /srv/svn/repositories
    7. Create an svn.access file (based off name in the subversion.conf file)
      # vi /etc/apache2/custom/svn.access

      		[groups]
      		root = user1, user2
      		prja = user3
      		prjb = user5, user5, user6
      		[/]
      		root = rw
      		* = r
      		[proa]
      		@prja = rw
      		* =
      		[projb]
      		@prjb = rw

      The above example with give users in the group root full rw to all repositories and the * = r means all repositories can be read by everyone (including anonymous). “proja” only allows users in the group prja rw access and disables anonymous reads (overrides the [/] setting). “projb” allows users in the “prjb” group rw access.

    8. Check the config files
      # apachectl configtest
    9. Register apache and start it up
      # chkconfig apache2 on
      # rcapache2 start
    10. Make the default svn repository
      # mkdir /srv/svn/repositories