Subversion with Active Directory Authentication via Apache

Laura–skip this one.

I recently started using Subversion at work. It has been popular enough, that several other employees have found a need for it. So, I decided I’d better figure out Active Directory authentication so I don’t end up maintaining a separate set of passwords for everyone.  It took quite a bit of trial-and-error. Here’s my Apache config for the subversion site:

<VirtualHost *:80>
ServerName svn.domain.com
DocumentRoot /var/svn/www
<Location /repos/>
DAV svn
SVNParentPath /var/svn/repos
SVNListParentPath on
AuthzSVNAccessFile /var/svn/svnaccess
AuthType Basic
AuthName "SVN Server"
AuthBasicProvider ldap
AuthzLDAPAuthoritative Off
AuthLDAPBindDN "DOMAIN\administrator"
AuthLDAPBindPassword password_for_administrator
AuthLDAPURL ldap://domain_controller:389/dc=ad,dc=domain,dc=com?sAMAccountName?sub?(objectClass=*)
Require valid-user
</Location>
</VirtualHost>

No, it is not a good idea to use your domain administrator in the config above. Do it for testing. Then, replace it with an account with read-only access in your domain.

Many of the examples on the web were geared towards non-Active Directory implementations. Those that were specific for AD still didn’t work until I removed the “cn=Users” from the first part of the ldapurl. Our users are not all part of the “Users” group. Removing this from the string means that all AD accounts can login. So, then I turned to the AuthzSVNAccessFile to fine-tune the access to the various repositories. Here is an example of that file:

[groups]
it=username1,username2
engineers=username3,username4

[:/]
*=r

[/]
*=r

[intranet:/]
@it = rw

[helpdesk:/]
@it = rw

[product_development:/]
@it = r
@engineers=rw

Have fun.

Advertisements

It won’t let me…

As a geek, I often get to help others with computer problems. I try really hard to have a good attitude about it, but there are some phrases that I am tired of hearing. All of these phrases mean nothing. There must be more information you can provide.

“I can’t get into …”

Why can’t you? Are your fingers broken? What happens when you try?

“I keep getting an error message when I …”

What does the error message say? (The usual response is, “I don’t know. Something about … or something.”) In the old days of Windows 95, error messages were pretty useless. Nowadays most geeks can make sense of them and can often solve your problem quicker if you provide the exact error message.

My favorite non-descriptive phrase has to be, “It won’t let me…”

We’ll have to assume that “it” is the computer you’re using. Then again, “it” could be a website or some other type of system. Maybe “it” is a piece of hardware. Either way, this really doesn’t help. Once again, you really should provide more information about the problem. Most it’s don’t have a personal grudge against you.

Here is a helpful way to report a computer problem:

“I’m having a problem with [something descriptive]. When I do [describe what you were doing], my computer responds with [provide the actual error message].”

Or, replace the last part with something like:

“my computer locks up.” (or shuts off–there is a difference)

Or,

“my screen returns to the previous screen.” (not, “it kicks me out.”)

It’s all about the inputs and outputs for a geek. We want to know exactly what your INPUT was and the resulting OUTPUT. Otherwise you’re just not helping yourself. A geek will have to ask more questions to find out what you are talking about. Many geeks aren’t likely to ask those questions, so where does that leave you?

Fedora 7 – First Impression

Fedora 7 was officially released last week. I had a chance to install it on my main desktop machine at home over the weekend. I haven’t had a chance to dig in a lot, but so far it seems a lot like the last version.

The main difference I’ve seen so far is the presence of a lot of hot air balloons throughout the installer, rhgb, the default wallpaper, etc. I’m not sure why those are there. They’re kind of annoying and remind me of old Corel products.

The big plus this time around was the Xorg setup. The GUI tool actually worked in setting up dual displays on my ATI Radeon 9600. I’ve always been able to get this to work with previous versions, but it has always required lots of trial and error and manually editing the xorg.conf file. I probably will still tweak the file, but it was nice to have it work by itself.

Unfortunately, the same DVD which worked nicely on my main PC did not work at all on a spare IBM desktop of mine. It came up with a scrambled bootloader prompt the first time. After that, I couldn’t get it to do anything. I was hoping to make this my main machine since it is the newest, bestest machine in the house. I think it might not like the installed Matrox card. I’ll have to try it without that card to see if it behaves better.

Overall, I like Fedora 7. I don’t know if I’ve found anything worth upgrading my other machines yet, but still, it is tons better than Vista.

M$ Coffee table

I watched this video from popular mechanics today.

I’m surprised to see something interesting come from Redmond. The idea isn’t anything new, though. It all looks very similar to computers from the movie “The Island”.

If this technology makes it to market, I bet Apple will come out with a whiter, shinier version which will probably cost 5 times as much as the M$ version. And it will never break or need rebooting.

Of course, I will probably build my own using parts from my basement and some superior open source solution and Linux.

I have to run. A coworker is having problems with his G5. Looks like we’ll have to send it in for another costly repair.