Wednesday, February 20, 2008

Controlling svn access via active directory

After much effort, I've finally got our department svn server to bind to the active directory server. Now students can log in with their own username and password.

I fought this for a long time. Our college uses an internal domain that is not That took a while to figure out. Debugging why something failed required using wireshark to trace the traffic.

I got DSID-0C090334 errors until I finally got proper username/password. My login is paul.craven, and I thought that was my username for a long time. Nope. I had to use ldapsearch tool to find my real user name, which is really long.

Then I would bind to the domain, and when I ran a query it said I wasn't bound to the domain. I was doing a 'null bind' because I hadn't added OU=Simpson College to the ldap url. Finally, I've got it. Here's the file:

# Uncomment this to enable the repository,
DAV svn

# Set this to the path to your repository
SVNPath /localpathtosvn

AuthType Basic
AuthName "Simpson CS Department"
AuthLDAPURL "ldap:// College,DC=sc,DC=loc?sAMAccountName?sub?(objectClass=*)"
AuthLDAPBindDN "CN=Paul Craven,OU=users,OU=Faculty,OU=Simpson College,DC=sc,DC=loc"
AuthLDAPBindPassword thisismypassword

require valid-user