安装环境:
操作系统:CentOS6.5
主机IP:192.168.213.131
svn版本:svnserve 1.6.11
http版本:Apache/2.2.15
sasl版本:saslauthd 2.1.23
svn库目录位置:/data/svn/api
svn配置文件目录:/data/svn/conf
http配置文件目录:/etc/httpd/conf/httpd.conf
svn在http中的配置文件目录:/etc/httpd/conf.d/suversion.conf
saslauthz的相关目录:/etc/sysconfig/saslautd
/etc/sasl2/svn.conf //默认不存在,要创建
/etc/saslauthd.conf //默认不存在,要创建
注:iptables和selinux都已经关闭。
- 安装svn服务器并配置
- 用yum安装svn服务:
yum -y install subversion mod_dav_svn
- 创建一个svn数据存放目录:
mkdir -p /data/svn
- 生成svn仓库:
cd /data/svn
svnadmin create api
- 配置svn的基本文件
mkdir /data/svndata
cp /data/svn/api/conf/passwd /data/svndata/passwd
cp /data/svn/api/conf/authz /data/svndata/authz
cp /data/svn/api/conf/subversion.conf /data/svndata/subversion.conf
1)配置svn的用户和密码文件(结合了openldap之后就不使用该文件)
vi /data/svndata/passwd
[users]
test = 123456
test1 = 123456
2)配置svn的访问权限配置
vi /data/svndata/authz
[groups]
admin = test
api = test1
[/]
@admin = rw
* =
[api:/]
@admin = rw
@api = rw
* =
3)配置svn的全局配置文件
vi /data/svndatasubversion.conf
[general]
anon-access = none //不允许匿名访问
auth-access = write //设置用户写入权限
password-db = /data/svndata/passwd //用户账号密码文件路径
authz-db = /data/svndata/authz //访问控制权限文件路径
realm = svn //每个SVN项目的认证名
use-sasl = true //开启sasl认证(结合openldap时才开启这个)
- 启动svn服务
svnserve -d -r /data/svn/
---config-file=/data/svndata/svnserve.conf
6.查看、提交、下载svn服务器的东西
svn list svn://127.0.0.1/api --username=test --password=123456
svn co svn://127.0.0.1/api --username=test --password=123456
svn add api/a.txt
svn ci -m svn://127.0.0.1/api api/a.txt --username=test
--password=123456
- 安装http服务器并配置
- 安装http
yum -y install httpd
- 配置http的基础文件
- 取消http的servername的注释
sed -i '/www.lulu.com:80/s/#//' /etc/httpd/conf/httpd.conf
vi /etc/httpd/conf/httpd.conf
ServerName 192.168.213.131:80
2)创建http的用户密码与svn结合(这步可不做,结合openldap之后就不使用该文件了)
htpasswd -c /data/svndata/http_passwd test
//创建第一个用户的时候用c
htpasswd -m /data/svndata/http_passwd test1
//创建第n个用户的时候用m
3)配置svn可以通过http访问
vi /etc/httpd/conf.d/subversion.conf
<Location /svn>
DAV svn
SVNParentPath /data/svn //svn服务的根目录所在
AuthType Basic
AuthName "Authorization SVN"
AuthzSVNAccessFile /data/svndata/authz
AuthUserFile /data/svndata/http_passwd
Require valid-user
</Location>
- 设置目录权限
chown -R apache.apache /data/svn/ //改变目录的权限
- 启动httpd服务
service httpd start //启动httpd服务
- 安装sasl验证ldap访问svn
1.用yum源安装sasl
yum install -y *sasl*
2.修改/etc/sysconfig/saslauthd.conf文件使用ldap认证
sed -i '/MECH/s/shadow/ldap/' /etc/sysconfig/saslauthd
3.新建一个/etc/saslauthd.conf文件使用ldap认证
vi /etc/saslauthd.conf
ldap_servers: ldap://192.168.213.131/
ldap_bind_dn: cn=Manager,dc=lulu,dc=com
ldap_bind_pw: 123456
ldap_search_base: ou=People,dc=lulu,dc=com
ldap_filter: uid=%U
lap_password_attr: userPassword
4.新建一个/etc/sasl2/svn.conf文件使用ldap认证
vi /etc/sasl2/svn.conf
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
5.修改svn结合httpd的配置文件/etc/httpd/conf.d/subversion.conf
vi /etc/httpd/conf.d/subversion.conf
6.启动sasl服务
/etc/init.d/saslauthd start
四、测试
1.重新启动svn服务、httpd服务、openldap服务、saslauthd服务
svn: pkill svn
server -d -r /data/svn/
--config-file=/data/svndata/svnserve.conf
httpd: service httpd restart /etc/init.d/httpd restart
openldap: service slapd restart
saslauthd: /etc/init.d/saslauthd restart
2.使用openldap添加两个测试用户test1、test2
vi newuser.ldif
dn: uid=test1,ou=people,dc=lulu,dc=com
uid: test1
cn: test1
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowMax: 9999
shadowWarning: 7
loginShell: /sbin/nologin
gecos: ,,,
host: *
shadowLastChange: 16378
uidNumber: 1000
gidNumber: 5000
homeDirectory: /home/ test1
dn: uid= test2,ou=people,dc=lulu,dc=com
uid: test2
cn: test2
objectClass: account
objectClass: posixAccount
objectClass: top
objectClass: shadowAccount
shadowMax: 9999
shadowWarning: 7
loginShell: /sbin/nologin
gecos: ,,,
host: *
shadowLastChange: 16378
uidNumber: 1001
gidNumber: 5000
homeDirectory: /home/test2
ldapadd -x -D "cn=Manager,dc=lulu,dc=com" -W -f newuser.ldif
3.给这两个用户test1、test2设置密码
ldappasswd -x -D "cn=Manager,dc=lulu,dc=com" -W 'uid=test1,ou=people,dc=lulu,dc=com' -S
ldappasswd -x -D "cn=Manager,dc=lulu,dc=com" -W 'uid=test2,ou=people,dc=lulu,dc=com' -S
4.在/data/svn/conf/authz中为这两个用户设置相关目录的访问权限
vi /data/svndata/authz
[groups]
admin = test
api = test1
[/]
@admin = rw
* =
[api:/]
@admin = rw
@api = rw
test2 = rw
* =
5.用salsauthd测试test、test1这两个用户能否验证
testsaslauthd -utest1 -p123456
0: OK "Success."
testsaslauthd -utest2 -p123456
0: OK "Success."
注:这是成功的例子,如果验证失败则显示0: NO "authentication failed"
6.最后用svn验证用户登录
svn list svn://127.0.0.1/api --username=test1 --password=123456
svn list svn://127.0.0.1/api --username=test2 --password=123456
ATTENTION! Your password for authentication realm:
<svn://127.0.0.1:3690> SVN
can only be stored to disk unencrypted! You are advised to configure
your system so that Subversion can store passwords encrypted, if
possible. See the documentation for details.
You can avoid future appearances of this warning by setting the value
of the 'store-plaintext-passwords' option to either 'yes' or 'no' in
'/root/.subversion/servers'.
-----------------------------------------------------------------------
Store password unencrypted (yes/no)? yes
a.txt
注:这是认证成功
7.客户端和浏览器上用openldap用户登录svn服务器
客户端:svn://192.168.213.131/api
浏览器:http://192.168.213.131/svn/api