I had this already set up in another server but we had to set up a new svn server even though we already switch most of our stuff to git…
So, after setting the the svnserve daemon, we need to set up LDAP authentication.
We are using debian servers so I needed to install sasl2-bin in order to have the saslauthd daemon.
apt-get install sasl2-bin
After that, we need to set the daemon to start automatically, editing the file: /etc/defaults/saslauthd and changing two lines:
#... START=no #... #... MECHANISMS="pam" #...
to
#... START=yes #... #... MECHANISMS="ldap" #...
Then the saslauthd daemon needs to know how to reach the LDAP server, we configure this in the file /etc/saslauthd.conf, it is simple as:
ldap_servers: ldap://server.address.example.com ldap_port: 389 ldap_version: 3 ldap_password_attr: userPassword ldap_auth_method: bind ldap_filter: (uid=%u) ldap_search_base: ou=Users,dc=example,dc=com
The daemon will look for an entry with the uid=USERNAME in the base ou=Users,dc=example,dc=com and will check the password against the attribute userPassword.
You can test if it is working using the testsaslauthd app, like this:
user@svn:/svn# testsaslauthd -u username -p secret 0: OK "Success." user@svn:/svn# testsaslauthd -u username -p wrongSecret 0: NO "authentication failed"
We can then start the daemon running service saslauthd start.
Now, we need to change the svnserve.conf so it will actually request the authentication to sasl. So, make sure that the [sasl] section of the file looks like this:
[sasl] use-sasl = true #...
And we need to register the svn app into the sasl. Apps are registered by creating a file in /usr/lib/sasl2/appname.conf. svnserve uses the name svn internally, we need to create the file as: /usr/lib/sasl2/svn.conf, with the following contents:
pwcheck_method: saslauthd mech_list: PLAIN LOGIN
We are now all set up. We only need to restart the svnserve daemon and voilà, it’s done!