上一篇: 
CentOS 快速搭建邮件服务-虚拟域
CentOS 快速搭建邮件服务-虚拟域下一篇: 
为openSUSE添加 RAID 驱动
为openSUSE添加 RAID 驱动SVN 通过 Windows AD 域认证
[ 2013/04/16 11:20 | by selboo ]
subversion SVN程序
cyrus-sasl 链接AD认证服务
Red Hat Enterprise Linux Server release 6.2 (Santiago)
PS:账户还是通过本地 authz 文件控制,密码通过 AD 认证,红色是需要修改和注意的地方
一、安装SVN依赖程序
This is The Code
[root@selboo ~]# yum install subversion cyrus-saslParsed in 0.000 seconds at N/A
二、Svn配置
1、创建 selboo 项目
This is The Code
[root@selboo ~]# cd /opt/[root@selboo opt]# svnadmin create selboo
Parsed in 0.000 seconds at N/A
2、修改 selboo 项目 配置文件
This is The Code
[root@selboo opt]# cat selboo/conf/svnserve.conf [general]
anon-access = none
auth-access = write
authz-db = authz
realm = SELBOO
[sasl]
use-sasl = true
Parsed in 0.000 seconds at N/A
3、authz
This is The Code
[root@selboo opt]# cat selboo/conf/authz [groups]
admin = selboo,root,administrator
[/]
@admin = rw
Parsed in 0.000 seconds at N/A
具体根据自己结构进行配置
4、启动SVN
This is The Code
[root@selboo opt]# svnserve -d --config-file /opt/selboo/conf/svnserve.conf -r /opt/ --log-file /var/log/svn.log[root@selboo opt]# netstat -tnlp | grep 3690
tcp 0 0 0.0.0.0:3690 0.0.0.0:* LISTEN 18920/svnserve
Parsed in 0.000 seconds at N/A
三、cyrus-sasl
1、saslauthd.conf
This is The Code
[root@selboo opt]# cat /etc/saslauthd.conf ldap_servers: ldap://192.168.1.100
ldap_default_domain: selboo.com.cn
ldap_search_base: DC=selboo,DC=com,DC=cn
ldap_bind_dn: administrator@selboo.com.cn
ldap_bind_pw: 123456
ldap_deref: never
ldap_restart: yes
ldap_scope: sub
ldap_use_sasl: no
ldap_start_tls: no
ldap_version: 3
ldap_auth_method: bind
ldap_filter: sAMAccountName=%u
ldap_password_attr: userPassword
ldap_timeout: 10
ldap_cache_ttl: 30
ldap_cache_mem: 32768
Parsed in 0.000 seconds at N/A
2、saslauthd
修改 saslauthd ldap
This is The Code
[root@selboo opt]# cat /etc/sysconfig/saslauthd# Directory in which to place saslauthd's listening socket, pid file, and so
# on. This directory must already exist.
SOCKETDIR=/var/run/saslauthd
# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled with the ablity to use.
MECH=ldap
# Options sent to the saslauthd. If the MECH is other than "pam" uncomment the next line.
# DAEMONOPTS=--user saslauth
# Additional flags to pass to saslauthd on the command line. See saslauthd(8)
# for the list of accepted flags.
FLAGS=
Parsed in 0.000 seconds at N/A
3、svn.conf
新建svn.conf 文件 用于 sasl 域 svn 整合
This is The Code
[root@selboo opt]# cat /etc/sasl2/svn.conf pwcheck_method: saslauthd
auxprop_plugin: ldap
mech_list: PLAIN LOGIN
ldapdb_mech: PLAIN LOGIN
Parsed in 0.000 seconds at N/A
4、验证 sasl 是否正常
This is The Code
[root@selboo ~]# testsaslauthd -u root -p 12345560: OK "Success."
Parsed in 0.000 seconds at N/A
5、启动saslauthd
This is The Code
[root@selboo opt]# /etc/init.d/saslauthd start[root@selboo opt]# ps aux | grep saslauthd | grep -v grep
root 1440 0.0 0.1 9624 1760 ? Ss Mar29 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a ldap
root 1441 0.0 0.1 9624 1728 ? S Mar29 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a ldap
root 1442 0.0 0.1 9624 1724 ? S Mar29 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a ldap
root 1443 0.0 0.1 9624 1728 ? S Mar29 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a ldap
root 1444 0.0 0.1 9624 1724 ? S Mar29 0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a ldap
Parsed in 0.000 seconds at N/A
PS:密码认证是方便了,但是本地修改 authz 就不太方便,推荐使用 IF.SVNAdmin 通过web直接修改 下篇文章会介绍
最后编辑: selboo 编辑于2013/07/16 15:27
