这里记载一下相关的配置,特别是mod_authnz_ldap模块的配置,Apache2.0的认证模块为mod_auth_ldap,Apache2.2已经改变为mod_authnz_ldap,配置也有不同:
(1) OpenLDAP的编译安装,版本2.3.32
# cd openldap-2.3.32
# ./configure --prefix=/usr/local/openldap --enable-bdb=no
# make depend
# make
# make install
(2) Apache2.2.4的编译安装,版本2.2.4
需要先编译安装 apr-1.2.8 和 apr-util-1.2.8
# cd apr-1.2.8
# ./configure --prefix=/usr/local/apr
# make
# make install
# cd apr-util-1.2.8
# ./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr --with-ldap --with-ldap-include=/usr/local/openldap/include --with-ldap-lib=/usr/local/openldap/lib
# make
# make install
编译安装好后,开始编译安装Apache2.2.4
# cd httpd-2.2.4
# ./configure --prefix=/usr/local/apache2 --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --enable-so --enable-ldap -- enable-authnz-ldap --enable-dav
# make
# make install
(3) 配置httpd.conf
增加SubVersion的虚拟主机,在httpd.conf里取消下面行的注释:
# Virtual hosts
Include conf/extra/httpd-vhosts.conf
编辑conf/extra/httpd-vhosts.conf文件
<
VirtualHost
*
:
80
>
ServerAdmin admin@gehouse.cn
DocumentRoot / home / svn
ServerName svn.gehouse.cn
ErrorLog logs / svn.gehouse.cn - error_log
LogLevel warn
CustomLog logs / svn.gehouse.cn - access_log common
< Location " / " >
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative off
AuthName " TianXing Tech IT Server "
AuthLDAPURL " ldap://ldap.gehouse.cn/ou=people,dc=gehouse,dc=cn?cn?sub?(objectClass=*) " NONE
Require valid - user
</ Location >
< Location " /sandbox " >
DAV svn
# SVNListParentPath on
# SVNParentPath / home / svn / sandbox
SVNPath / home / svn / sandbox
# SVNIndexXSLT / xslt / svnindex.xsl
</ Location >
< Location " /projects " >
DAV svn
SVNListParentPath on
SVNParentPath / home / svn / projects
< LimitExcept GET PROPFIND OPTIONS REPORT >
require ldap - group ou = dev,dc = gehouse,dc = cn
</ LimitExcept >
</ Location >
</ VirtualHost >
ServerAdmin admin@gehouse.cn
DocumentRoot / home / svn
ServerName svn.gehouse.cn
ErrorLog logs / svn.gehouse.cn - error_log
LogLevel warn
CustomLog logs / svn.gehouse.cn - access_log common
< Location " / " >
AuthBasicProvider ldap
AuthType Basic
AuthzLDAPAuthoritative off
AuthName " TianXing Tech IT Server "
AuthLDAPURL " ldap://ldap.gehouse.cn/ou=people,dc=gehouse,dc=cn?cn?sub?(objectClass=*) " NONE
Require valid - user
</ Location >
< Location " /sandbox " >
DAV svn
# SVNListParentPath on
# SVNParentPath / home / svn / sandbox
SVNPath / home / svn / sandbox
# SVNIndexXSLT / xslt / svnindex.xsl
</ Location >
< Location " /projects " >
DAV svn
SVNListParentPath on
SVNParentPath / home / svn / projects
< LimitExcept GET PROPFIND OPTIONS REPORT >
require ldap - group ou = dev,dc = gehouse,dc = cn
</ LimitExcept >
</ Location >
</ VirtualHost >