ubuntu apache2.4 + svn + AD驗證
阿新 • • 發佈:2018-12-16
實驗環境
- apache2.4
- lubuntu 17.10
安裝所需軟體
sudo apt-get install apache2 -y
sudo apt-get install subversion -y
sudo apt-get install libapache2-mod-svn libapache2-mod-ldap-userdir libapache2-mod-vhost-ldap
安裝完後需要先禁用authnz_ldap,ldap, vhost_ldapd模組
# 禁用掉,後面再apache2 svn模組中載入配置
# 按照網上教程中會導致訪問apache2一直等待然後504錯誤
# log顯示[mod_vhost_ldap.c]: lookup failure, retry number #[5]
# 折騰多次找到vhost_ldap.conf中配置指向ldap://127.0.0.1,禁掉該配置就好了
a2dismod authnz_ldap
a2dismod ldap
a2dismod vhost_ldap
修改/etc/apache2/mods-available/dav_svn.conf
配置
LoadModule ldap_module /usr/lib/apache2/modules/mod_ldap.so
LoadModule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so
<Location "/svn">
DAV svn
SVNParentPath /svn
SVNListParentPath On
AuthzSVNAccessFile /svn/authz
AuthType Basic
AuthName "Please enter your domain account and password"
AuthBasicProvider ldap
AuthLDAPBindDN "你的域名sAMAccountName即可,不需字尾或DN"
AuthLDAPBindPassword 你的密碼,不要要引號
AuthLDAPURL "ldap://61.183.216.212:389/你的域根OU(如dc=example,dc=com)?sAMAccountName?sub?(objectClass=*)"
# 沒有此引數會導致輸入賬號和密碼一直等待,然後504
# 在stackoverflow上找到答案
LDAPReferrals Off
require valid-user
</Location>
建立svn目錄,配置許可權檔案authz
sudo mkdir /svn
sudo touch /svn/authz
# 建立一個測試版本庫
svnadmin create /svn/test
# 後面新增的檔案需要修改許可權,否則svn客戶端checkout之類操作會報錯
sudo chown www-data:www-data /svn -R
** 示例/svn/authz
內容如下,具體許可權配置搜尋subversion
許可權配置
[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average
[groups]
admin = ldapuser1
# harry_sally_and_joe = harry,sally,&joe
[test:/]
@admin = rw
* = r
重啟apache2 在瀏覽器中測試,或svn客服端測試
sudo service apache2 restart
指令碼一鍵安裝
# coding=utf-8
#
# Created on 2018/3/2
#
import os
server = raw_input('請輸入域控ip:')
bind_user = raw_input('請輸入一個域賬號使用者繫結LDAP:')
bind_pwd = raw_input('請輸入該賬號密碼:')
bind_dn = raw_input('輸入DC(如dc=example,dc=com,dc=cn):')
print(u'正在安裝軟體包\n')
install_package = '''apt-get install apache2 -y
apt-get install subversion -y
apt-get install libapache2-mod-svn libapache2-mod-ldap-userdir libapache2-mod-vhost-ldap
'''
os.system(install_package)
os.system('''a2dismod authnz_ldap
a2dismod ldap
a2dismod vhost_ldap
rm /etc/apache2/mods-available/dav_svn.conf
mkdir /svn
''')
print(u'配置/etc/apache2/mods-available/dav_svn.conf\n')
conf = '''
LoadModule ldap_module /usr/lib/apache2/modules/mod_ldap.so
LoadModule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so
<Location "/svn">
DAV svn
SVNParentPath /svn
SVNListParentPath On
AuthzSVNAccessFile /svn/authz
AuthType Basic
AuthName "Please enter your domain account and password"
AuthBasicProvider ldap
AuthLDAPBindDN "%s"
AuthLDAPBindPassword %s
AuthLDAPURL "ldap://%s:389/%s?sAMAccountName?sub?(objectClass=*)"
LDAPReferrals Off
require valid-user
</Location>
''' % (bind_user, bind_pwd, server, bind_dn)
with open('/etc/apache2/mods-available/dav_svn.conf', 'w') as f:
f.write(conf)
svn_auth = '''
[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average
[groups]
admin = %s
# harry_sally_and_joe = harry,sally,&joe
[test:/]
@admin = rw
* = r
''' % bind_user
with open('/svn/authz', 'w') as f:
f.write(svn_auth)
print(u'重啟服務測試\n')
os.system('service apache2 restart')
print(u'現在執行svnadmin create /svn/test建立第一個測試版本庫\n')
print(u'將該資料夾所有者改為www-data:\nchown www-data:www-data /svn/test -R')
os.system('svnadmin create /svn/test')
os.system('chown www-data:www-data /svn/test -R')
print(u'在網頁中嘗試登陸訪問')
另存為svn.py ,並執行
sudo python svn.py
以上指令碼僅在本機測試成功
如不成功,具體細節請參考前面步驟