我在Apache服務器(RHEL 6.1)上安裝了Redmine。我也有一個運行在/var/svn的顛覆服務器。我爲我的Subversion配置了適當的LDAP身份驗證,因此當有人訪問Subversion存儲庫(通過命令行:svn checkout/update/commit或通過http://myserver.com/svn/project)時,它會提示輸入用於LDAP服務器認證的用戶名和密碼。Apache LDAP身份驗證Redmine
但是:在Redmine中瀏覽項目頁面時,會看到「存儲庫」選項卡(並鏈接到正確的地址:http://myserver.com/svn/project)。但是,當我導航到此選項卡時,它會顯示「404在存儲庫中未找到條目或修訂版」。我有一種感覺,即來自Redmine的404無法通過LDAP進行身份驗證。所以我的問題是如何讓Redmine進入該目錄,但其他人需要通過LDAP進行身份驗證?
我已經想通了我的問題,並提出了一個相當簡單的解決方案。我的假設是正確的 - 因爲Redmine不知道如何處理LDAP請求,所以它扔了一個404.
下面是正確的Apache配置,允許Redmine(或任何在同一臺服務器上運行的服務)通過身份驗證過程:
<Location /svn>
# The following two lines allow for any request made by this machine through
# We do this to allow Redmine to have access without needing to authenticate against LDAP
# NOTE: The IP address MUST be the one given by DHCP - the loop-back (127.0.0.1) will NOT WORK
Order allow,deny
Allow from ACTUAL_IP_ADDRESS (example: 123.45.67.100)
# The following authenticates against LDAP for any request NOT made by the same server
# This includes anyone attempting to access:
# http://myserver.com/svn/*
# either via web-browser, or svn command
#
# Tell apache this is a subversion repository
DAV svn
# Where the subversion repository list exists on the file system
SVNParentPath "/var/svn"
# What kind of authentication
AuthType Basic
AuthName "Restricted Subversion Content"
AuthBasicProvider ldap
AuthLDAPBindDN "YOUR_BIND_DN"
AuthLDAPBindPassword "YOUR_BIND_PASSWORD"
AuthLDAPURL "YOUR_LDAP_URL"
# Require a valid-LDAP user (if not from the allowed IP address)
Require valid-user
# This line (very important) tells Apache that the request needs to follow AT LEAST
# one of the following:
# - The request is from the IP address listed above
# - All others MUST authenticate using LDaP
# If we wanted BOTH to be required (not in our case), we would use "Satisfy All"
Satisfy Any
我希望這可以幫助別人尋找一個類似的解決方案!