August 10, 2012

Subversion - Configuring LDAP Authentication

We have seen how to configure user authentication for local users in the previous article. This article focuses on configuring LDAP Authentication. The following steps are applicable once the Subversion Edge is installed / configured.
Steps to configure LDAP authentication for domain users:
To enable this option, please select “LDAP authentication against an LDAP server” checkbox under Server settings, Administration panel.
Once this is checked you’ll get following options to configure LDAP authentication
Parameters:
Ø  LDAP Security level: Default is “NONE” .Other options are SSL, TSL & STARTTSL. Based on availability we may change the security level. Here we are opted “NONE” as we don’t have other options.
Ø  LDAP Server Host: Provide the Host or IP address of your Active Directory server.
Ø  LDAP Server Port: Default port is “389”, it may vary depends upon each organization. Port accessibility can be verified through telnet client. The recommended approach is to verify this while configuring a fresh server.

Ø  LDAP Base DN:
Base DN:
   The DN (Distinguished Name) of the entry at which to start the search

Example of Base DN configuration:
ou=users,ou=bangalore,ou=india,dc=DX,dc=DY,dc=DZ.

The above entry describes,

Those who are users of Bangalore location, India of DX.DY.DZ domain will be able to authenticate from subversion to Active Directory through LDAP.

Ø  LDAP Bind DN:
Bind:
The Bind operation establishes the authentication state for a connection.
Bind provides authentication service.
Typically checks the password against the user Password attribute in the named entry.

Example of Bind DN configuration:
cn=buserv, ou=service Accounts,ou=Global Operations,dc=DX,dc=DY,dc=DZ

The above entry describes to establishing connection between AD and Subversion server

Here “buserv “ account will be used to authenticate.

Ø  LDAP Bind Password: Password of “buserv”
Ø  LDAP Login Attribute : sAMAccountName ( It’s an LDAP property)
Ø  LDAP Search Scope :Sub
Ø  LDAP Filter: The subversion server will apply this filter in the login search process.
Ø  Console LDAP Authentication: Allow LDAP users to access the management console
Ø  Console LDAP Authentication Helper Port: This Apache port is used to facilitate LDAP authentication to the console with the above settings. Normally, no change is needed here
After filling all the parameters save the configuration and restart Apache server.
Please note that this will help you to create repository restriction to control anonymous access.

No comments:

Post a Comment