2011-10-04 271 views
2

我在Apache服務器(RHEL 6.1)上安裝了Redmine。我也有一個運行在/var/svn的顛覆服務器。我爲我的Subversion配置了適當的LDAP身份驗證,因此當有人訪問Subversion存儲庫(通過命令行:svn checkout/update/commit或通過http://myserver.com/svn/project)時,它會提示輸入用於LDAP服務器認證的用戶名和密碼。Apache LDAP身份驗證Redmine

但是:在Redmine中瀏覽項目頁面時,會看到「存儲庫」選項卡(並鏈接到正確的地址:http://myserver.com/svn/project)。但是,當我導航到此選項卡時,它會顯示「404在存儲庫中未找到條目或修訂版」。我有一種感覺,即來自Redmine的404無法通過LDAP進行身份驗證。所以我的問題是如何讓Redmine進入該目錄,但其他人需要通過LDAP進行身份驗證?

回答

2

我已經想通了我的問題,並提出了一個相當簡單的解決方案。我的假設是正確的 - 因爲Redmine不知道如何處理LDAP請求,所以它扔了一個404.

下面是正確的Apache配置,允許Redmine(或任何在同一臺服務器上運行的服務)通過身份驗證過程:

<Location /svn> 
    # The following two lines allow for any request made by this machine through 
    # We do this to allow Redmine to have access without needing to authenticate against LDAP 
    # NOTE: The IP address MUST be the one given by DHCP - the loop-back (127.0.0.1) will NOT WORK 
    Order allow,deny 
    Allow from ACTUAL_IP_ADDRESS (example: 123.45.67.100) 


    # The following authenticates against LDAP for any request NOT made by the same server 
    # This includes anyone attempting to access: 
    #  http://myserver.com/svn/* 
    # either via web-browser, or svn command 
    # 
    # Tell apache this is a subversion repository 
    DAV svn 
    # Where the subversion repository list exists on the file system 
    SVNParentPath "/var/svn" 
    # What kind of authentication 
    AuthType Basic 
    AuthName "Restricted Subversion Content" 
    AuthBasicProvider ldap 
    AuthLDAPBindDN "YOUR_BIND_DN" 
    AuthLDAPBindPassword "YOUR_BIND_PASSWORD" 
    AuthLDAPURL "YOUR_LDAP_URL" 
    # Require a valid-LDAP user (if not from the allowed IP address) 
    Require valid-user 

    # This line (very important) tells Apache that the request needs to follow AT LEAST 
    # one of the following: 
    #  - The request is from the IP address listed above 
    #  - All others MUST authenticate using LDaP 
    # If we wanted BOTH to be required (not in our case), we would use "Satisfy All" 
    Satisfy Any 

我希望這可以幫助別人尋找一個類似的解決方案!