SVN configuration with multi-authentications (2 Active Directory domains)
Here is an example of a vhost configuration for an SVN. It allows users to be authenticated with 2 different Active Directory domains.
#Authentication providers <AuthnProviderAlias ldap firstone> AuthLDAPBindDN "CN=svn-generic,OU=Service Accounts,DC=firstone,DC=com" AuthLDAPBindPassword jtCCkWW6 AuthLDAPURL ldap://dc01.firstone.com:3268/?sAMAccountName?sub? </AuthnProviderAlias> <AuthnProviderAlias ldap secondone> AuthLDAPBindDN "CN=svn-generic,OU=Service Accounts,DC=secondone,DC=com" AuthLDAPBindPassword xh3J1VZX AuthLDAPURL ldap://dc01.secondone.com:3268/?sAMAccountName?sub? </AuthnProviderAlias> # Subversion Repository <Location /data/lib-repository> DAV svn SVNPath /opt/svn/repo AuthName "Welcome on the SVN server of Lib" AuthType Basic AuthBasicProvider firstone secondone AuthzLDAPAuthoritative off #Permissions AuthzSVNAccessFile /data/conf/lib-repository/svnaccess require valid-user </Location>
First, we indicate the two providers which are connexion strings allowing the authentication af a generic account to check an AD and authenticate the users’ accounts. Then, we specified in each <Location> the two kinds of authentication in the variable named AuthBasicProvider.
It’s really important to put the AuthzLDAPAuthoritative variable to off: if an authentication at the first instance fails, the second will be checked. It will be the case of all the users available in the 2nd domain but not in the 1st.
SVN configuration with multi-authentications (1 Active Directory Domain and 1 htpasswd file)
Here we have a vhost configuration where users will be authenticated after an LDAP server OR after a file:
<Location "/"> Dav svn SVNPath /data/lib-repository #Authentication AuthType Basic AuthName "Welcome on the SVN server of Lib" AuthBasicProvider file ldap AuthUserFile /data/conf/lib-repository/svn-htpasswd AuthzLDAPAuthoritative off AuthLDAPCompareDNOnServer on AuthLDAPURL ldap://dc01.domain.com:3268/DC=domain,DC=com?sAMAccountName?sub?(objectClass=*) AuthLDAPBindDN email@example.com AuthLDAPBindPassword gGuFY4gx #Permissions AuthzSVNAccessFile /data/conf/lib-repository/svnaccess Require valid-user </Location>
In this case, the AuthBasicProvider variable has as value: file ldap. We provide here two kinds of authentication. After that, we provide the location of the htpasswd file which allow the authentication of users who are defined in it. Then, we must configure the connexion string to the AD domain.
We must put the AuthzLDAPAuthoritative varaible to off in order to not restrict the authentication to the sole AD domain.