It is my understanding (and experience) that, when running svnserve on Windows, SASL authentication to Active Directory cannot work, because SASL requires saslauthd for its LDAP support and saslauthd will not build in Windows. While this is obviously an issue for Cyrus/SASL, noone seems to be taking it on and, in the meantime, AD/LDAP support for Windows servers is in limbo. So people like me have to stick to file:, served over SMB/CIFS, which everyone says not to use.
Of course there is the Apache HTTP server option but this seems terribly overweight for what is certainly perceived to be a relatively trivial matter. It's also been widely reported as slower than svnserve (which may/may not be true since HTTPv2). And I know about VisualSVN, which seems to be the stock answer for anyone asking in the various fora of the web, but surely this just presents Windows admins with an Apache server that they can't manage, instead of an Apache server that they didn't want to have to manage. The obvious potential solution (at least to me) for supporting AD authentication is to integrate configurable LDAP support into svnserve as an authentication mechanism. I say 'obvious', but it seems that this proposal is rejected whenever it comes up (e.g. http://groups.google.com/group/subversion-development/browse_thread/thread/aef5e2f139ce4ba0). Now, I'm not expecting to change the roadmap for Subversion and, if I raise a feature request, I expect it would get rejected; but I would be very interested to understand the design/dev decisions that are influencing the decision not to support something that seems so reasonable. Especially given the intended implementation (i.e. SASL) doesn't work. Best regards, J.
