I had this already set up in another server but we had to set up a new svn server even though we already switch most of our stuff to git…
So, after setting the the
svnserve daemon, we need to set up LDAP authentication.
We are using debian servers so I needed to install
sasl2-bin in order to have the
apt-get install sasl2-bin
After that, we need to set the daemon to start automatically, editing the file:
/etc/defaults/saslauthd and changing two lines:
#... START=no #... #... MECHANISMS="pam" #...
#... START=yes #... #... MECHANISMS="ldap" #...
saslauthd daemon needs to know how to reach the LDAP server, we configure this in the file
/etc/saslauthd.conf, it is simple as:
ldap_servers: ldap://server.address.example.com ldap_port: 389 ldap_version: 3 ldap_password_attr: userPassword ldap_auth_method: bind ldap_filter: (uid=%u) ldap_search_base: ou=Users,dc=example,dc=com
The daemon will look for an entry with the
uid=USERNAME in the base
ou=Users,dc=example,dc=com and will check the password against the attribute
You can test if it is working using the
testsaslauthd app, like this:
user@svn:/svn# testsaslauthd -u username -p secret 0: OK "Success." user@svn:/svn# testsaslauthd -u username -p wrongSecret 0: NO "authentication failed"
We can then start the daemon running
service saslauthd start.
Now, we need to change the
svnserve.conf so it will actually request the authentication to sasl. So, make sure that the
[sasl] section of the file looks like this:
[sasl] use-sasl = true #...
And we need to register the svn app into the sasl. Apps are registered by creating a file in
uses the name
svn internally, we need to create the file as:
, with the following contents:
pwcheck_method: saslauthd mech_list: PLAIN LOGIN
We are now all set up. We only need to restart the
svnserve daemon and voilà, it’s done!