Config Subversion & LDAP & Apache on ubuntu

Install subversion and apache2 with the SVN module:

apt-get install subversion
apt-get install apache2 libapache2-svn

Enable the SVN Apache module:

a2enmod authnz_ldap

Since I use a self-signed certs and I’m too lazy to install my SSL chain, I have to turn off Apache’s checks (you may not want to do this). Add to the end of /etc/apache2/apache2.conf:

LDAPVerifyServerCert Off

After troubleshooting, you need to set this in your /etc/ldap/ldap.conf file to avoid errors similar to “[warn] [client x.x.x.x] [636] auth_ldap authenticate: user foo authentication failed; URI /secret [ldap_search_ext_s() for user failed][Operations error]”


Now, you need to add it to your apache2 configuration so that you can access it via http. You will need to edit this to suit your own needs, I hope it’s relatively self-explanatory, but I’ve made some comments in red. Add this after your last </directory>  statement:

DAV svn
SVNParentPath /data/svn # Your SVN repository data
SVNListparentPath on
SVNAutoversioning On
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthName "svn"
AuthUserFile /dev/null
AuthLDAPURL "ldaps://DOMAINCONTROLLER/DC=domain,DC=com?sAMAccountName?sub?(objectClass=*)" # You want this pointed at your base DN. Also, some (even most) of you may not be running LDAPS (SSL LDAP) # you may need to change this to ldap://.
AuthLDAPBindDN "DOMAIN\User" # Any user will do, since by default Windows allows any user to query active directory for auth. I suggest making a separate user for just this.
AuthLDAPBindPassword Password
AuthLDAPGroupAttributeIsDN on
AuthLDAPGroupAttribute member
Require ldap-group cn=svn,ou=securitygroups,ou=IT,dc=domain,dc=com # This is optional, but allows you to limit SVN access to a specific group.

#Once you're done, it's time to create your first repository:

svncreate /data/svn firstrepository

Now you need to change the owner to www-data so apache2 can read/write it:

chown -R www-data svn
chgrp -R www-data svn
chmod -R g+rws svn