We use saslauthd with a Kerberos backend to our AD servers, and it works very well. That assumes you are running a linux based Os, of course. Tony Butt CEA Technologies
From: jbl...@icloud.com [mailto:jbl...@icloud.com] Sent: Wednesday, 20 April 2016 6:22 AM To: Gronde, Christopher (Contractor) Cc: users@subversion.apache.org Subject: Re: SVN and Active Directory From: jbl...@icloud.com<mailto:jbl...@icloud.com> [mailto:jbl...@icloud.com] Sent: Tuesday, April 19, 2016 4:12 PM To: Gronde, Christopher (Contractor) <christopher.gro...@fincen.gov<mailto:christopher.gro...@fincen.gov>> Cc: users@subversion.apache.org<mailto:users@subversion.apache.org> Subject: Re: SVN and Active Directory On Apr 19, 2016, at 12:53 PM, Gronde, Christopher (Contractor) <christopher.gro...@fincen.gov<mailto:christopher.gro...@fincen.gov>> wrote: Has anyone in here successfully integrated SVN with Active Directory for user authentication? We are currently using FreeIPA and user account management is the bane of my existence. If anyone has or knows of any documentation for integrating Active Directory with SVN (preferably 1.9 since we are going to upgrade to that version) that would be much appreciated. I have, just recently in fact. The trick is to use SASL with LDAP. I only use authentication at this point and don't use AD groups for authorization. I'm using a RHEL7 as my svn server which bundles SVN 1.7. I can't imagine the configuration of the server would be drastically different from 1.7 to 1.9. So far the only burr in the saddle has been making sure the clients support SASL/PLAIN -- most do, but Eclipse with Subclipse was a failure. As long as you're fine with passing credentials in cleartext, then this will work for you. If you need SSL encryption, then you will probably need to add Apache. Trying to get the RedHat-supplied svn and Apache components to work together was a non-starter, and trying to build everything from source on RHEL didn't work either. On Apr 19, 2016, at 1:16 PM, Gronde, Christopher (Contractor) <christopher.gro...@fincen.gov<mailto:christopher.gro...@fincen.gov>> wrote: Unfortunately I fear that SSL is going to be a requirement for us. The client our users have been using is TortoiseSVN. 1.9 isn’t supplied by Red Hat so maybe that is easier to get to play well with apache than 1.7 was for you? [please bottom post your responses] We also use TortoiseSVN 1.9 and it supports SASL. It was only subclipse that caused grief. I would suggest looking to a packager like wanDisco for your svn 1.9 server. They could probably help getting Subversion+Apache working without having to build from source. Also, since Apache 2.4 natively supports AD authentication, you might get everything you need without having to rely on RedHat.
