> > From: jbl...@icloud.com [mailto:jbl...@icloud.com] > Sent: Tuesday, April 19, 2016 4:12 PM > To: Gronde, Christopher (Contractor) <christopher.gro...@fincen.gov> > Cc: users@subversion.apache.org > Subject: Re: SVN and Active Directory > > > On Apr 19, 2016, at 12:53 PM, Gronde, Christopher (Contractor) > <christopher.gro...@fincen.gov <mailto:christopher.gro...@fincen.gov>> wrote: > > Has anyone in here successfully integrated SVN with Active Directory for user > authentication? We are currently using FreeIPA and user account management > is the bane of my existence. If anyone has or knows of any documentation for > integrating Active Directory with SVN (preferably 1.9 since we are going to > upgrade to that version) that would be much appreciated. > > > > I have, just recently in fact. The trick is to use SASL with LDAP. I only use > authentication at this point and don't use AD groups for authorization. > > I'm using a RHEL7 as my svn server which bundles SVN 1.7. I can't imagine the > configuration of the server would be drastically different from 1.7 to 1.9. > > So far the only burr in the saddle has been making sure the clients support > SASL/PLAIN -- most do, but Eclipse with Subclipse was a failure. > > As long as you're fine with passing credentials in cleartext, then this will > work for you. If you need SSL encryption, then you will probably need to add > Apache. Trying to get the RedHat-supplied svn and Apache components to work > together was a non-starter, and trying to build everything from source on > RHEL didn't work either.
> On Apr 19, 2016, at 1:16 PM, Gronde, Christopher (Contractor) > <christopher.gro...@fincen.gov> wrote: > > Unfortunately I fear that SSL is going to be a requirement for us. The > client our users have been using is TortoiseSVN. 1.9 isn’t supplied by Red > Hat so maybe that is easier to get to play well with apache than 1.7 was for > you? [please bottom post your responses] We also use TortoiseSVN 1.9 and it supports SASL. It was only subclipse that caused grief. I would suggest looking to a packager like wanDisco for your svn 1.9 server. They could probably help getting Subversion+Apache working without having to build from source. Also, since Apache 2.4 natively supports AD authentication, you might get everything you need without having to rely on RedHat.
