编译安装 Apache + Subversion + LDAP

1. Install Berkley DB(4.8)

tar -xzvf db-4.8.30.tar.gz
cd db-4.8.30/build_unix
../dist/configure
make && install

2. Install OpenLDAP(2.4.26)

tar -xvfz openldap-stable-20100719.tgz
cd openldap-2.4.23
export CPPFLAGS="-I/usr/local/BerkeleyDB.4.8/include"
export LDFLAGS="-L/usr/local/lib -L/usr/local/BerkeleyDB.4.8/lib -R/usr/local/BerkeleyDB.4.8/lib"
export LD_LIBRARY_PATH="/usr/local/BerkeleyDB.4.8/lib"
./configure
make depend
make && make install

3. Install OpenSSL(1.0.0e)

tar -xvfz openssl-1.0.0e.tar.gz
cd openssl-1.0.0e
./config --prefix=/usr/local --openssldir=/usr/local/openssl shared
make
make test
make install

4. Install apr(1.4.5)

tar -xvfz apr-1.4.5.tar.gz
cd apr-1.4.5
./configure --prefix=/usr/local/apr
make && make install

5. Install apr-util(1.3.12)

tar -xvfz apr-util-1.3.12.tar.gz
cd apr-util-1.3.12
./configure --prefix=/usr/local/apr-util --with-apr=/usr/local/apr --with-ldap --with-berkeley-db=/usr/local/BerkeleyDB.4.8
make && make install

6. Install Apache HTTP Server(2.2.21)

tar -xvfz httpd-2.2.21.tar.gz
cd httpd-2.2.21
./configure --prefix=/usr/local/apache --with-ldap --enable-mods-shared="all ssl ldap cache proxy authn_alias mem_cache file_cache authnz_ldap charset_lite dav_lock disk_cache" --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util    # Complie all DSO
make && make install

7. Install Python(2.7.2)

tar -xvfz Python-2.7.2.tgz
cd Python-2.7.2
./configure
make && make install

8. Install Subversion(1.6.17)

rm-f /usr/local/lib/libsvn*
rm-f /usr/local/lib/libapr*
rm-f /usr/local/lib/libexpat*
rm-f /usr/local/lib/libneon*
wget http://subversion.tigris.org/downloads/subversion-1.6.17.tar.gz
wget http://subversion.tigris.org/downloads/subversion-deps-1.6.17.tar.gz
tar -xvfz subversion-1.6.17.tar.gz
tar -xvfz subversion-deps-1.6.17.tar.gz
cd subversion-1.6.17
./autogen.sh
./configure --with-apxs=/usr/local/apache2/bin/apxs --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util --with-berkeley-db
make
make install

# Install python bindings for SWIG
make swig-py
make check-swig-py	### Perform checks
make install-swig-py

ln -s /usr/local/lib/svn-python/libsvn /usr/local/lib/python2.7/site-packages/libsvn
ln -s /usr/local/lib/svn-python/svn /usr/local/lib/python2.7/site-packages/svn

9. Modify /etc/ld.so.conf add the following two line:

/usr/local/lib
/usr/local/lib6

Activate the changes of ld.so.conf:

/sbin/ldconfig

10. Apache configuration for SVN and LDAP integration

Add the following to /usr/local/apache/conf/httpd.conf:

	# Enable Subversion Apache Modules
	LoadModule dav_svn_module     modules/mod_dav_svn.so
	LoadModule authz_svn_module   modules/mod_authz_svn.so
	
	<Location /repos>
	    DAV svn
	    SVNParentPath /builds/svn
	    AuthType Basic
	    AuthName "Subversion Repositories"
	    AuthzSVNAccessFile /builds/svn/dav_svn.authz
	    AuthBasicProvider ldap
	    AuthzLDAPAuthoritative off
	    AuthLDAPBindDN "DC=foo,DC=com"
	    AuthLDAPBindPassword bind_password
	    AuthLDAPURL "ldap://foo.com:389/binduser?sAMAccountName?sub?(objectClass=*)"
	    Require valid-user
	</Location>

11. An example of AuthzSVNAccessFile

[groups]
admin = peng
cmteam = peng, user1, user2, user3


# Default access rule for ALL repositories
# Everyone can read, admins can write.
[/]
* = r
@admin = rw

# Allow developers complete access to their project repos
[ApolloCM:/]
@cmteam = rw
user4 = rw
user5 =  #user5 is excluded.