2012-0224

Subversion and LDAP

Add a Comment[Author: Category: Linux ]

When I started here, we had 12 SVN repositories (and a valid reason for having all 12). Maintaining the user database was really not doable given that setup as each repository had a distinct user database. I had two goals coming into this – make the management of the user database easier, and make new user setup doable by someone without Linux know-how. To do that I decided to tie things into the AD and make use of that for authentication as well as user setup. Here’s a brief overview of how I made it happen. This assumes a CentOS install but should be easily modified for Debian or other platforms.

  1. Create a connector account in your AD that will be used to query username/password. I granted mine admin rights but you’re probably alright without them, it just needs to query.
  2. Create a user group in the AD that will act as a container for authenticated users and the users than require SVN access into that group
  3. Install Apache, PHP, and the mod_dav and mod_dav_svn modules.
  4. Create your SVN repository (svnadmin create /foo/bar/repo)
  5. On CentOS you should get a subversion.conf file that is already generated for you (not sure on Debian and its ilk) that you’ll need to edit. Here’s a template to use. This assumes your domain name is example.com, the group name you create is “svn,” the connector account is called “SVN CONNECTOR”:

    6. LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so

<VirtualHost *:80>
        DocumentRoot /var/www/html/virtualhosts/svn
        ServerName svn.example.com
        ServerAlias svn
        ErrorLog logs/svn.example.com-error_log
        CustomLog logs/svn.example.com-access_log common
        <Location /repository>
                DAV svn
                SVNPath /srv/svn/repository
                AuthBasicProvider ldap
                AuthType Basic
                AuthzLDAPAuthoritative off
                AuthName "This is your SVN Repository"
                AuthLDAPURL "ldap://DC.example.com:3268/DC=example,DC=com?sAMAccountName?sub?(&(&(objectClass=user)(objectCategory=person))(memberof=CN=svn,DC=example,DC=com))"
                AuthLDAPBindDN "CN=SVN CONNECTOR,DC=example,DC=com"
                AuthLDAPBindPassword "your connector password"
                Require valid-user
                Require ldap-group "CN=svn,DC=example,DC=com"
        </Location>

  6. That’s it. Bounce Apache and then test your access to the repository using your domain credentials
Tags: ,
2011-0302

Linux Sys Admin Needed

Add a Comment[Author: Category: Linux ]

A friend of mine’s company is in need of two experienced Linux sys admins (one specifically with a good solid understanding of sendmail and postfix). You can check the two job postings they have here and here. I’ve been to the company before, they’re on my short list of places I’d seek employment if I found myself no longer working at Merrimack. If you’re looking or have friends looking, put them in touch with me and I’ll get them together with my friend.

Tags:
2011-0120

Routing Issue

2 Comments[Author: Category: Tech ]

I’m having an issue with this server I recently setup that is driving me nuts. I have a dual-homed system (no real bastion config, just LAN separation) – eth0 is the internal network, eth1 is the link to the outside world connected through the firewall DMZ. eth1 has an unroutable IP (172.20.x.x) linked to a valid public IP via firewall. The issue is that eth1 goes unresponsive while eth0 is up. Looking at it from the server, all traffic goes to one NIC or the other so that makes sense.

The easy fix is to specify metrics for eth0 and eth1, but then that prioritizes all traffic to one NIC or the other. I could specify routes through ifconfig…there aren’t many so that’s doable. The other solution I see would of course be to set up routes in the firewall that map to each NIC and be done with it that way. What do you guys think? Is there an elegant solution here that I’m missing?

Tags: ,
2010-1130

Geekery

2 Comments[Author: Category: Linux ]

I’ve actually got everything I need in my day-to-day work life running natively in Ubuntu 10.10 (no use of WINE emulation) on my work PC. The MAPI plugin for Evolution works passably well with Exchange 2007. Pidgin offers a sipe plugin that works with Office Communicator. Everything else (Office, PuTTY, etc.) has a native Linux equivalent that I prefer. I’ll keep my Windows system online so I have something I can RDP into from home through our VPN system but barring that I think I’m set for now with this box. w00t :)

Tags: ,

Copyright © All Rights Reserved · Green Hope Theme by Sivan & schiy · Proudly powered by WordPress