實驗環境

• apache2.4
• lubuntu 17.10

安裝所需軟體

sudo apt-get install apache2 -y
sudo apt-get install subversion -y
sudo apt-get install libapache2-mod-svn libapache2-mod-ldap-userdir libapache2-mod-vhost-ldap

安裝完後需要先禁用authnz_ldap，ldap， vhost_ldapd模組

# 禁用掉，後面再apache2 svn模組中載入配置
# 按照網上教程中會導致訪問apache2一直等待然後504錯誤
 

# log顯示[mod_vhost_ldap.c]: lookup failure, retry number #[5]
# 折騰多次找到vhost_ldap.conf中配置指向ldap://127.0.0.1,禁掉該配置就好了
a2dismod authnz_ldap
a2dismod ldap
a2dismod vhost_ldap

修改/etc/apache2/mods-available/dav_svn.conf配置

LoadModule ldap_module /usr/lib/apache2/modules/mod_ldap.so
LoadModule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so
<Location "/svn">
 

DAV svn
SVNParentPath /svn
SVNListParentPath On
AuthzSVNAccessFile /svn/authz
AuthType Basic
AuthName "Please enter your domain account and password"
AuthBasicProvider ldap
AuthLDAPBindDN "你的域名sAMAccountName即可，不需字尾或DN"
AuthLDAPBindPassword 你的密碼，不要要引號
AuthLDAPURL "ldap://61.183.216.212:389/你的域根OU（如dc=example,dc=com)?sAMAccountName?sub?(objectClass=*)"
 


# 沒有此引數會導致輸入賬號和密碼一直等待，然後504
# 在stackoverflow上找到答案
LDAPReferrals Off
require valid-user
</Location>

建立svn目錄，配置許可權檔案authz

sudo mkdir /svn
sudo touch /svn/authz
# 建立一個測試版本庫
svnadmin create /svn/test
# 後面新增的檔案需要修改許可權，否則svn客戶端checkout之類操作會報錯
sudo chown www-data:www-data /svn -R

** 示例/svn/authz內容如下，具體許可權配置搜尋subversion許可權配置

[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average

[groups]
admin = ldapuser1
# harry_sally_and_joe = harry,sally,&joe

[test:/]
@admin = rw
* = r

重啟apache2 在瀏覽器中測試，或svn客服端測試

sudo service apache2 restart

指令碼一鍵安裝

# coding=utf-8
#
# Created on 2018/3/2
#


import os

server = raw_input('請輸入域控ip:')
bind_user = raw_input('請輸入一個域賬號使用者繫結LDAP：')
bind_pwd = raw_input('請輸入該賬號密碼:')
bind_dn = raw_input('輸入DC(如dc=example,dc=com,dc=cn):')

print(u'正在安裝軟體包\n')

install_package = '''apt-get install apache2 -y
apt-get install subversion -y
apt-get install libapache2-mod-svn libapache2-mod-ldap-userdir libapache2-mod-vhost-ldap
'''

os.system(install_package)

os.system('''a2dismod authnz_ldap
a2dismod ldap
a2dismod vhost_ldap
rm /etc/apache2/mods-available/dav_svn.conf
mkdir /svn
''')

print(u'配置/etc/apache2/mods-available/dav_svn.conf\n')

conf = '''
LoadModule ldap_module /usr/lib/apache2/modules/mod_ldap.so
LoadModule authnz_ldap_module /usr/lib/apache2/modules/mod_authnz_ldap.so
<Location "/svn">
DAV svn
SVNParentPath /svn
SVNListParentPath On
AuthzSVNAccessFile /svn/authz
AuthType Basic
AuthName "Please enter your domain account and password"
AuthBasicProvider ldap
AuthLDAPBindDN "%s"
AuthLDAPBindPassword %s
AuthLDAPURL "ldap://%s:389/%s?sAMAccountName?sub?(objectClass=*)"
LDAPReferrals Off
require valid-user
</Location>
''' % (bind_user, bind_pwd, server, bind_dn)
with open('/etc/apache2/mods-available/dav_svn.conf', 'w') as f:
    f.write(conf)

svn_auth = '''
[aliases]
# joe = /C=XZ/ST=Dessert/L=Snake City/O=Snake Oil, Ltd./OU=Research Institute/CN=Joe Average

[groups]
admin = %s
# harry_sally_and_joe = harry,sally,&joe

[test:/]
@admin = rw
* = r

''' % bind_user

with open('/svn/authz', 'w') as f:
    f.write(svn_auth)

print(u'重啟服務測試\n')

os.system('service apache2 restart')

print(u'現在執行svnadmin create /svn/test建立第一個測試版本庫\n')
print(u'將該資料夾所有者改為www-data:\nchown www-data:www-data /svn/test -R')
os.system('svnadmin create /svn/test')
os.system('chown www-data:www-data /svn/test -R')

print(u'在網頁中嘗試登陸訪問')

另存為svn.py ,並執行

sudo python svn.py

以上指令碼僅在本機測試成功
如不成功，具體細節請參考前面步驟