正在加载...

SVN 通过 Windows AD 域认证

[ 2013/04/16 11:20 | by selboo ]

subversion   SVN程序
cyrus-sasl     链接AD认证服务
Red Hat Enterprise Linux Server release 6.2 (Santiago)

PS:账户还是通过本地 authz 文件控制,密码通过 AD 认证,红色是需要修改和注意的地方

一、安装SVN依赖程序

This is The Code
[root@selboo ~]# yum install subversion cyrus-sasl
Parsed in 0.000 seconds at N/A


二、Svn配置

1、创建 selboo 项目
This is The Code
[root@selboo ~]# cd /opt/
[root@selboo opt]# svnadmin create selboo
Parsed in 0.000 seconds at N/A


2、修改 selboo 项目 配置文件

This is The Code
[root@selboo opt]# cat selboo/conf/svnserve.conf  
[general]
anon-access = none
auth-access = write
authz-db = authz
realm = SELBOO
[sasl]
use-sasl = true
Parsed in 0.000 seconds at N/A


3、authz

This is The Code
[root@selboo opt]# cat selboo/conf/authz  
[groups]
admin = selboo,root,administrator

[/]
@admin = rw
Parsed in 0.000 seconds at N/A


具体根据自己结构进行配置

4、启动SVN

This is The Code
[root@selboo opt]# svnserve -d --config-file /opt/selboo/conf/svnserve.conf -r /opt/ --log-file /var/log/svn.log
[root@selboo opt]# netstat -tnlp | grep 3690
tcp        0      0 0.0.0.0:3690                0.0.0.0:*                   LISTEN      18920/svnserve      
Parsed in 0.000 seconds at N/A


三、cyrus-sasl

1、saslauthd.conf

This is The Code
[root@selboo opt]# cat /etc/saslauthd.conf
ldap_servers: ldap://192.168.1.100
ldap_default_domain: selboo.com.cn
ldap_search_base: DC=selboo,DC=com,DC=cn
ldap_bind_dn: administrator@selboo.com.cn
ldap_bind_pw: 123456
ldap_deref: never
ldap_restart: yes
ldap_scope: sub
ldap_use_sasl: no
ldap_start_tls: no
ldap_version: 3
ldap_auth_method: bind
ldap_filter: sAMAccountName=%u
ldap_password_attr: userPassword
ldap_timeout: 10
ldap_cache_ttl: 30
ldap_cache_mem: 32768
Parsed in 0.000 seconds at N/A


2、saslauthd
修改 saslauthd ldap
This is The Code
[root@selboo opt]# cat /etc/sysconfig/saslauthd
# Directory in which to place saslauthd's listening socket, pid file, and so
# on.  This directory must already exist.
SOCKETDIR=/var/run/saslauthd

# Mechanism to use when checking passwords.  Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled with the ablity to use.
MECH=ldap

# Options sent to the saslauthd. If the MECH is other than "pam" uncomment the next line.
# DAEMONOPTS=--user saslauth

# Additional flags to pass to saslauthd on the command line.  See saslauthd(8)
# for the list of accepted flags.
FLAGS=
Parsed in 0.000 seconds at N/A


3、svn.conf

新建svn.conf 文件 用于 sasl 域 svn 整合
This is The Code
[root@selboo opt]# cat /etc/sasl2/svn.conf
pwcheck_method: saslauthd
auxprop_plugin: ldap
mech_list: PLAIN LOGIN
ldapdb_mech: PLAIN LOGIN
Parsed in 0.000 seconds at N/A


4、验证 sasl 是否正常
This is The Code
[root@selboo ~]# testsaslauthd -u root -p 1234556
0: OK "Success."
Parsed in 0.000 seconds at N/A


5、启动saslauthd
This is The Code
[root@selboo opt]# /etc/init.d/saslauthd start
[root@selboo opt]#  ps aux | grep saslauthd | grep -v grep
root      1440  0.0  0.1   9624  1760 ?        Ss   Mar29   0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a ldap
root      1441  0.0  0.1   9624  1728 ?        S    Mar29   0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a ldap
root      1442  0.0  0.1   9624  1724 ?        S    Mar29   0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a ldap
root      1443  0.0  0.1   9624  1728 ?        S    Mar29   0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a ldap
root      1444  0.0  0.1   9624  1724 ?        S    Mar29   0:00 /usr/sbin/saslauthd -m /var/run/saslauthd -a ldap
Parsed in 0.000 seconds at N/A


PS:密码认证是方便了,但是本地修改 authz 就不太方便,推荐使用 IF.SVNAdmin 通过web直接修改 下篇文章会介绍
最后编辑: selboo 编辑于2013/07/16 15:27
Tags: , ,
,
发表评论
表情
打开HTML
打开UBB
打开表情
隐藏
记住我
昵称   密码   游客无需密码
网址   电邮   [注册]