CentOS 7 下 SVN + Apache 对接 LDAP 服务

准备环境

创建 SVN 仓库

• 创建

[root@redmine ~]# svnadmin create /data/svn/repository
1

• 赋权

[root@redmine ~]# chmod -R 777 /data/svn
1

可用 SVN 服务

# 通过 svn 方式启动 svn 服务
[root@redmine ~]# svnserve -d -r /data/svn
1
2

配置账户

[root@redmine ~]# cat /data/svn/repository/conf/authz | grep -v '^#' | grep -v '^$'
# 配置用户组
[groups]
administrator = lsr,zds,lsr_zds

# 配置项目权限
[/]
@administrator = rw
1
2
3
4
5
6
7
8

安装 Apache 服务

安装 Apache

[root@redmine ~]# yum -y install httpd
1

安装 SVN 对接 LDAP 插件

[root@redmine ~]# yum -y install mod_dav_svn mod_ldap
1

配置 Apache && SVN 集成

httpd.conf 配置

[root@redmine ~]# cat /etc/httpd/conf/httpd.conf | grep -E "Listen|ServerName"
# Listen: Allows you to bind Apache to specific IP addresses and/or
# Change this to Listen on specific IP addresses as shown below to 
#Listen 12.34.56.78:80
# Listen 80
Listen 10.10.200.248:80
# ServerName gives the name and port that the server uses to identify itself.
#ServerName www.example.com:80
1
2
3
4
5
6
7
8

subversion.conf 配置

[root@redmine ~]# cat /etc/httpd/conf.d/subversion.conf 
<Location />
    DAV svn
    # svn 仓库目录
    SVNPath /data/svn/repository
    # svn authz 文件位置
    AuthzSVNAccessFile /data/svn/repository/conf/authz
    SVNListParentPath on
    SVNAutoversioning On
    AuthBasicProvider ldap
    AuthType Basic
    AuthName "SVN"
    AuthLDAPURL "ldap://${ldap_ip}:${ldap_port}/DC=bjgoodwill,DC=com?sAMAccountName?sub?(objectClass=*)" NONE
    AuthLDAPBindDN "${ldap_auth_user}"
    AuthLDAPBindPassword "${ldap_autp_pass}"
    require valid-user
    Allow from all
</Location>
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

注意事项

SELinux 权限

• 报错

# /etc/httpd/logs/error_log 
[root@redmine svn_client]# tail -3 /etc/httpd/logs/error_log 
[Wed Aug 03 10:28:14.026930 2022] [authz_svn:error] [pid 5969] (13)Permission denied: [client 10.10.200.234:50267] Failed to load the AuthzSVNAccessFile: Can't open file '/data/svn/repository/conf/authz': Permission denied
[Wed Aug 03 10:28:14.028920 2022] [authz_svn:error] [pid 5971] (13)Permission denied: [client 10.10.200.234:50268] Failed to load the AuthzSVNAccessFile: Can't open file '/data/svn/repository/conf/authz': Permission denied
[Wed Aug 03 10:28:14.031794 2022] [authz_svn:error] [pid 5967] (13)Permission denied: [client 10.10.200.234:50269] Failed to load the AuthzSVNAccessFile: Can't open file '/data/svn/repository/conf/authz': Permission denied
1
2
3
4
5

• 解决办法

# 临时关闭 SELinux
[root@redmine ~]# setenforce 0

# 永久关闭 SELinux
[root@redmine ~]# sed -i 's/SELINUX=.*/SELINUX=disabled/' /etc/sysconfig/selinux
1
2
3
4
5

测试

测试 svn 方式

# 需输入 svn 仓库名 + 项目名进行拉取
[root@redmine ~]# svn co svn://10.10.200.248/repository/first_pro --username lsr
1
2

测试 http 方式

# 因为 Apache 代理时，直接代理仓库目录（/data/svn/repository）
# 因此 svn checkout 时 -- 直接输入项目名即可
[root@redmine ~]# svn co http://10.10.200.248/first_pro --username lsr
1
2
3

参考

• CentOS 安装 svn、apache，并集成 openLDAP
• CentOS 7 下 svn 服务搭建