一、背景
二、步骤(此步骤基于docker容器中部署,与宿主机部署没什么太大差异)
1.启动一个centos容器(此处不多做介绍)
docker run --name centos3 -d harbor-registry.ipaychat.com/centos/centos:v3 /usr/sbin/init
6bfecad6f188240e7e04c41b3c422c1ff4b4b95403e6b4339ae84355c5ad343e
##注意: 此处如不执行/usr/sbin/init 之后容器中启动服务会报错
2.安装cyrus-sasl认证包
yum install -y *sasl*
3.配置ldap访问模式
sed -i 's#MECH=shadow#MECH=ldap#g' /etc/sysconfig/saslauthd
##验证是否修改成功
grep -i mech /etc/sysconfig/saslauthd
# Mechanism to use when checking passwords. Run "saslauthd -v" to get a list
# of which mechanism your installation was compiled with the ablity to use.
MECH=ldap
4.编辑saslauthd.conf文件,默认不存在,需要自己添加,具体内容依照ldap服务端配置
cat /etc/saslauthd.conf
ldap_servers: ldap://xxxx
ldap_port: 389
ldap_version: 3
ldap_password_attr: userPassword
ldap_auth_method: bind
ldap_filter: uid=%u@xxx.com
ldap_search_base: ou=xxx,dc=xxx,dc=xxx
log_level: 7
##注意:ldap_filter后加@xxx.com是因为带@企业用户无法正常登陆,配置该项后,账号/密码:xxx/123456,而不是xxx@xxx.com/123456
5.验证ldap是否配置成功
testsaslauthd -uwusheng -pxxxx
0: OK "Success."
6.配置svn通过ldap验证,在ldap服务器中添加svn.conf文件,默认没有该文件,需要自己添加
cat /etc/sasl2/svn.conf
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
7.新建svn仓库
##测试,如文件夹不存在则创建即可
svnadmin create /opt/svn/svntest
##此时 svntest仓库已经建立
8.svn服务器中修改svn服务器配置
sed -i 's@# use-sasl = true@use-sasl = true@g' /opt/svn/svntest/conf/svnserve.conf
##一般来说,将/opt/svn/svntest/conf/svnserve.conf以下配置去除注释
anon-access = read
auth-access = write
9.启动svn服务
svnserve -d -r /opt/svn
ps -ef | grep svnserve
10.下载httpd服务
yum install httpd subversion mod_dav_svn -y
11.配置subversion
cp /etc/httpd/conf.modules.d/10-subversion.conf /etc/httpd/conf.d/subversion.conf
cat /etc/httpd/conf.d/subversion.conf
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
LoadModule dontdothat_module modules/mod_dontdothat.so
<VirtualHost *:80>
<Location /svn/>
DAV svn
SVNParentPath /opt/svn
SVNListParentPath On
AuthzSVNAccessFile /opt/svn/svntest/conf/authz
AuthBasicProvider ldap
AuthType Basic
AuthName "Subversion repository"
AuthLDAPURL "ldap://xxx:389/ou=fuliao,dc=example,dc=com?uid?sub?(objectClass=*)"
AuthLDAPBindDN "cn=admin,dc=example,dc=com"
AuthLDAPBindPassword "xxx"
Require valid-user
</Location>
</VirtualHost>
12.启动httpd服务
[root@6bfecad6f188 /]# systemctl start httpd
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
[root@6bfecad6f188 /]# systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2018-10-18 03:29:58 UTC; 5s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 392 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 391 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 391 (code=exited, status=1/FAILURE)
Oct 18 03:29:58 6bfecad6f188 httpd[391]: [Thu Oct 18 03:29:58.259931 2018] [so:warn] [pid 391] AH01574: module authz_svn_module is already loaded, skipping
Oct 18 03:29:58 6bfecad6f188 httpd[391]: [Thu Oct 18 03:29:58.259945 2018] [so:warn] [pid 391] AH01574: module dontdothat_module is already loaded, skipping
Oct 18 03:29:58 6bfecad6f188 httpd[391]: AH00526: Syntax error on line 12 of /etc/httpd/conf.d/subversion.conf:
Oct 18 03:29:58 6bfecad6f188 httpd[391]: Unknown Authn provider: ldap
Oct 18 03:29:58 6bfecad6f188 systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Oct 18 03:29:58 6bfecad6f188 kill[392]: kill: cannot find process ""
Oct 18 03:29:58 6bfecad6f188 systemd[1]: httpd.service: control process exited, code=exited status=1
Oct 18 03:29:58 6bfecad6f188 systemd[1]: Failed to start The Apache HTTP Server.
Oct 18 03:29:58 6bfecad6f188 systemd[1]: Unit httpd.service entered failed state.
Oct 18 03:29:58 6bfecad6f188 systemd[1]: httpd.service failed.
##解决方法:
yum -y install mod_ldap
##重启httpd
systemctl restart httpd