On 29.05.2013 13:54, Nico Kadel-Garcia wrote: > On Tue, May 28, 2013 at 7:19 PM, Daniel Shahaf <d...@daniel.shahaf.name> > wrote: >> Philippe Andersson wrote on Tue, May 28, 2013 at 09:52:10 +0200: >>> Hello list, >>> >>> We're starting to create slave Subversion repos for installation on >>> remote sites. All of them will svnsync against a single central master >>> at headquarters. >>> >>> Now the question: we would like all users on the remote sites to >>> authenticate against the master (to avoid having replicating that info >>> as well to the slave servers). The authentication on the master is >>> handled through Apache. >>> >>> Is it possible to configure the slave servers to proxy the >>> authentication requests against the master ? >> It's certainly possible (e.g., if you use LDAP authentication you could >> configure an LDAPAuthURL that points to HQ), but whoever has access to >> the slave's httpd.conf will be able to disable/change those settings. > If I may suggest? You're re-inventing yet another in a whole set of > wheels for high availability support. Why not just buy the whole Land > Rover to start with, talk to our friends and colleagues over at > www.wandisco.com, and check out their commercial support for > multi-master setups for Subversion?
There are valid reasons for not doing that. :) For example, the ASF uses a setup very similar to what was proposed: we have a master repository server in the US, and a slave in the EU, which runs mod_dav_svn in its master/slave proxy mode and uses svnsync (driven by svnpubsub) to keep in step with the master. Both servers authenticate against the same replicated LDAP. -- Brane -- Branko Čibej Director of Subversion | WANdisco | www.wandisco.com
