Configuring COLLABNET Subversion with Active Directory

最新推荐文章于 2019-06-11 08:43:51 发布
最新推荐文章于 2019-06-11 08:43:51 发布
阅读量1.9k 收藏
点赞数
August 17, 2011 by Dinesh Sharma 25 Comments
Collabnet LDAP Settings

Collabnet LDAP Settings

If you need to host Subversion in a Windows Server environment, it is always desirable to integrate subversion with Active Directory. For Windows Administrators it is better to use COLLABNET Subversion Edge as it comes with all-in-one installer including Apache, Subversion and a beautiful web console which simplifies tasks like managing repositories, users and SVN services using GUI.

Concept

On receiving authentication request from an SVN client, Subversion gets user information validated from Active Directory. The protocol used is LDAP, which stands for Lightweight Directory Access Protocol. Subversion acts as a LDAP Client and Active Directory is the LDAP Server.

An LDAP Client has to authenticate itself to Active Directory before sending any LDAP query. This is called LDAP Bind. LDAP Client passes a valid User DN and Password to Active Directory. Only if Bind operation is successful, LDAP client can request for additional information like list of users in an OU, User Properties like email, department etc. Bind User is also required to query for Active Directory groups and their memberships. This however also depends that whether the Bind User has required rights to that information in Active Directory. Usually, by default, “Authenticated Users” group has Read Access on every OU, users and groups. So no special permission needs to be configured on any OU. However, In a locked-down Active Directory, authenticated user ACEs are removed from the default Active Directory containers, including the Users, Systems, and OUs where User and Computer objects are stored. In such case, some permission needs to be configured.

This post only focuses on identifying required LDAP parameters from Active Directory, configuring them in COLLABNET Subversion Edge, testing and troubleshooting basic LDAP connectivity with Active Directory in non-locked-down mode. For more details on LDAP authentication protocol flow and how to prepare Active Directory in locked-down-mode for LDAP Authentication, refer post Preparing Locked-Down Active Directory for LDAP Authentication”.

Identifying DN for LDAP Bind User and Base DN

Base DN is basically the starting or entry point in Active Directory tree where operations like LDAPSearch will be carried out. Generally Base DN is the root of the domain. For example Base DN for mydomain.net will be “dc=mydomain,dc=net”. Base DN can also be of some OU. For example, for an OU “SVN Users” in mydomain.net, Base DN will be “ou=svn users,dc=mydomain,dc=net”.

Bind User DN is the DN of user that will bind to Active Directory before querying any additional information.

Sometimes it can be confusing to compile DN for a given user in Active Directory. It is always good to verify DN using some tool or another LDAP client rather than trying different combinations directly in COLLABNET Subversion Edge configuration.

It is quick and easy to use dsquery.exe on the domain controller to get DN for a given user display name or SAM account as shown below:

Use “–samid” switch if you know the logon name. Otherwise you can also use “–name” for display name. In both cases it will output the DN of user.

dsquery user samid

dsquery user samid by dscentral.in

dsquery user name

dsquery user name by dscentral.in

Similarly you can use dsquery.exe to get DN for a given OU in Active Directory as shown below.

dsquery user samid

dsquery user samid by dscentral.in

Testing Connectivity to Active Directory

It is better to test connectivity to active directory from server running COLLABNET Subversion before configuring LDAP authentication. This verifies that there are no firewall or permission issues in connecting to Active Directory Server i.e. Domain Controller.

Step 1 :

Verify that you can make a network connection to Active Directory if there are firewalls. You can simply try telnet to domain controller on port 389, which is the default LDAP port.

Unsuccessful Connection:

Telnet LDAP Server 389 Unsuccessful

Telnet LDAP Server 389 Unsuccessful by dscentral.in

Successful Connection:

Telnet LDAP Server 389 Successful

Telnet LDAP Server 389 Successful by dscentral.in

Step 2:

Connect to Active Directory using another LDAP client. You can use JXplorer as shown below. JXplorer is a free java based open source LDAP Browser (LDAP Client). You can even run it without installing anything on server.

JXplorer Open LDAP Connection

JXplorer Open LDAP Connection by dscentral.in

JXplorer Domain Tree

JXplorer Domain Tree by dscentral.in

Configuring COLLABNET Subversion Edge for LDAP Authentication

This is very straightforward process if you have all required details well verified and tested.

Configure Active Directory Host address, Bind User DN, Password, Base DN and User Identifier as shown below.

Collabnet Subversion LDAP Authentication

Collabnet Subversion LDAP Authentication by dscentral.in

Testing LDAP Authentication

Do not use domain name in user name field.

SVN Client LDAP Authentication SamID

SVN Client LDAP Authentication SamID by dscentral.in

Summary

  1. LDAP Client has to authenticate itself to Active Directory before asking for any information. For this we require a valid Active Directory User and Password with appropriate rights configured on Active Directory objects. This user is called Bind User.
  2. Use dsquery.exe to identify Bind User DN, OU DN.
  3. Verify LDAP Bind to Active Directory using JXplorer.
  4. Configure parameters in COLLABNET Subversion Edge.
ximen502
关注
配置 collabnet subversion
四眼咕喱
07-09 1336
collabnet subversion 1.6.12 配置 apache
java active directory 单点登录_教程:Azure Active Directory 单一登录 (SSO) 与 Hightail 集成...
weixin_30983353的博客
02-24 544
您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.教程:Azure Active Directory 单一登录 (SSO) 与 Hightail 集成Tutorial: Azure Active Directory single sign-on (SSO) integrat...
CollabNetSubversion-server
12-28
CollabNetSubversion-server-1.9.7-1-Win32.zip32位 Windows版
CollabNetSubversionEdge for Windows 5.2.4
06-13
Subversion Edge是Collabnet公司发布的SVN和Apache等组件结合的SVN管理工具;最新版本 5.2.4集成了 SVN1.12版本。官网( https://www.collab.net/downloads/subversion );官网下载非常慢,分享给需要的朋友;
CollabNetSubversionEdge搭建
weixin_34232744的博客
03-20 119
软件需求: 操作系统RHEL5.X jdk包(1.6以上) python包 CollabNetSubversionEdge安装包 安装步骤: 1、root用户下建立svnroot用户,及设定密码 useradd svnroot passwd svnroot 2、root用户下安装jdk包 cp jdk-6u21-linux-i586.bin ...
SVN系统部署说明(CollabNet Subversion Edge + TortoiseSVN
kehana的博客
06-11 7616
对互联网公司而言,SVN的重要性不言而喻。本文选用CollabNet Subversion Edge作为SVN服务端和控制台,以TortoiseSVN作为客户端部署SVN系统。CollabNet Subversion Edge控制台功能十分强大,便于维护管理,且能采用LDAP认证方式,适合部署了内部域控的组织。而TortoiseSVN客户端的功能和性能有口皆碑,无需赘述。 一. 准备工作 虚拟...
Configuring Windows Server 2008 Active Directory
01-21
MCTS Self-paced Training Kit (Exam 70-640):Configuring Windows Server 2008 Active Directory (2nd Edition)
Configuring Controller 8.2 to use Active Directory authentication
03-09
### 配置Controller 8.2使用Active Directory认证的关键知识点 #### 1. 引言 ##### 1.1 目的 本文档旨在提供关于如何配置IBM Cognos Controller 8.2以使用Microsoft Active Directory (AD)进行用户认证的详细指导。...
(Exam 70-640) Configuring Windows Server 2008 Active Directory 英文原版电子书
12-04
在活动目录基础设施的配置方面,考生需要了解如何配置林(forested domain)、信任关系(trusts)、站点(sites)、活动目录复制(Active Directory replication)、全局编录(global catalog)和操作主机...
Syngress - How to Cheat at Installing Troubleshooting Active Directory and DNS
08-10
根据给定的文件信息,我们将详细讨论关于Syngress出版的电子书《How to Cheat at Installing, Configuring and Troubleshooting Active Directory and DNS》中所涉及的核心知识点。该书的重点在于为读者提供快速的、...
CollabNetSubversionEdge-5.2.3_linux-x86_64.tar.gz
12-11
首先说CSVN,其实可以简单理解为SVN+Apache的集成版本,当然CSVN还有其他的一些特性(角色的用户管理,灵活的角色和权限配置以及LDAP认证,基于角色的多仓库管理,自动备份、恢复,以及模板和Rest APIs管理),可以看下面的官方介绍: CollabNet Subversion Edge includes everything you need to install, manage and operate a Subversion server. It includes all of the Subversion and Apache binaries needed to run a Subversion server. It also integrates the popular ViewVC repository browsing tool so that users can view repository history from a web browser. 现公司我们给开发人员部署的正是CSVN,简单易用,权限管理,备份等管理通过web来操作,搭建完成后,基本无需进入命令行操作,也可以配合rsync进行触发推送。下面是我的一些文件截图,这篇博文,只是简单的谈谈搭建,至于rsync,以及一些权限的管理、维护等部分暂时从略。
CollabNetSubversionEdge 使用说明英文版
05-21
CollabNetSubversionEdge 使用说明英文版
SUBVERSION-EDGE和GITLAB-CE增加多LDAP域认证支持的经历
weixin_33966095的博客
09-10 776
背景   目前公司使用SVN和GIT作为版本管理配置工具,而随着服务项目数量的增多,单个服务器的压力的压力越来愈大,集群部署成了必然之选(SVN,GIT的Nginx集群搭建后续再写),而集群部署最为麻烦的地方在于保证权限数据一致。采用本地文件/数据库方式然后同步固然可行,但使用LDAP域认证则在以下几个方面更具优势: 无论是SVN集群还...
SVN整合LDAP配置用户与用户组
热门推荐
新哥依旧灿烂
03-03 2万+
svn与LDAP整合一般借助Apache,首先看看svn与Apache整合:https://i18n-zh.googlecode.com/svn/www/svnbook-1.4/svn.serverconfig.httpd.html 最基本的配置如下: DAV svn SVNPath /var/www/svn/repos AuthType Basic AuthNam
CollabNet Subversion Edge 安裝筆記(2):整合 AD 網域篇
chengwa9834的博客
08-01 330
延續【CollabNet Subversion Edge 安裝筆記 (1):基本安裝設定篇】 文章,此篇主要來講解如何正確設定 CollabNet Subversion Edge 與 Active Directory 網域整合 (或其他 LDAP 目錄服務)。雖然在 CollabNet Su...
LDAP落地实战(二):SVN集成OpenLDAP认证
weixin_34377065的博客
07-17 427
上一篇文章我们介绍了LDAP的部署以及管理维护,那么如何接入LDAP实现账号统一认证呢?这篇文章将带你完成svn的接入验证 subversion集成OpenLDAP认证 系统环境:debian8.4 svn部署环境:apache2.4 + Subversion apache开启LDAP相关模块 # a2enmod ldap Enabling ...
subversionedge中用户权限的管理
zyzn1425077119的博客
08-23 4080
在每个方法中,例如方法RepoController中,如果某个方法没有权限的话,可以在每个方法前添加该用户角色即可。 例如添加ROLE_USER权限到新的权限,只需这样即可。  @Secured([''ROLE_USER']) def editRepoAccess(){ }
按用户和按组,分别设置collabNet Subversion Edge 权限设置
haohaojian的专栏
08-31 5119
1、按用户设置权限   [codeLibrary:/] //对真个代码库 *=r     //所有用户有读的权限 zs=rw       //zs用户有读和写的权限     2、按组设置权限 [groups] g_manager = boss g_coder=zs,ls   [/] *=   [codeLibrary:/] //对真个代码库 *=r     //所有
使用Active Directory认证配置Controller 8.2的步骤
"Configuring Controller 8.2 to use Active Directory authentication" 本文档详细介绍了如何在Cognos Controller 8.2中配置Active Directory(AD)身份验证,以实现更安全、高效的用户管理和权限控制。Cognos ...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值