Sunday, July 13, 2008

SVN LDAP and Active Directory

We just upgraded to the 1.5 series of SVN. Almost all of our "team" tools have some hook into Active Directory (AD) for authentication. For SVN this is done via the AD LDAP interface. It turns out that some of SVN's auth_ldap libraries have changed and now our repository sits dead in the water.

For those who don't know, SVN is really just a very elaborate Apache web application. Apache handles the network communications while SVN does the versioning stuff. That being the case the real problem exists with the instance of apache that comes with SVN 1.5.0. I believe the LDAP module libraries shipped with SVN are out of date.

I have considered switching to the mod_sspi for authentication. Others have got it to work. Has anyone else had luck with this?

The benefit (I suppose) of SSPI would be the seamless inferance of domain credentials. In short, the SVN client should use your windows logon credentials to authenticate against the server. This is how CVSNT works but I'm not sure it's that easy with SVN.

Oh well....more later.

7 comments:

Anonymous said...

Ummm, no, subversion (svn) is not an elaborate web application. It is a robust, stand-alone versioning system with absolutely no requirement for Apache to be running. Where are you getting your facts?

Unknown said...

ummm...I get those facts from myself since I administer an SVN server.

The installation of SVN that most of the world uses is just a module for the apache web-server. It is very elaborate and does a great many things apache could never do but it is still technically a web application since it uses http.
See
svnbook

Anonymous said...

Just because you and others use SVN in Apache doesn't mean that it's an Apache application. I'm using it fine as a stand-alone application. It doesn't use HTTP, it uses the SVN protocol.

Anonymous said...

svn != http

Anonymous said...

Indeed, I run several Subversion servers sans apache. The SVN protocol is much faster than passing through http/https. I can checkout remote files through an SSH tunnel faster than I can checkout local files through apache+svn.

Hvac Repair Saskatoon said...

Very nicely done.

Hvac Repair Saskatoon

Sean said...

Greaat post thank you