How to configure Apache Security on Ldap

This is a simply configuration of apahce to use Ldap authentication, You need to enable ldap and ldap_auth modules.

 

<Location /ldaplocation >
 
AuthType Basic
AuthName "ldap auth"
AuthBasicProvider ldap
AuthLDAPBindDN "CN=ldapbind,O=test,C=it"
AuthLDAPBindPassword mypasswordhere
AuthLDAPURL "ldap://ldaphost:389/?uid?sub?(objectClass=inetOrgPerson)"
 
Options Indexes
SetOutputFilter DEFLATE
  <Limit OPTIONS PROPFIND GET REPORT MKACTIVITY PROPPATCH PUT CHECKOUT MKCOL MOVE COPY DELETE LOCK UNLOCK MERGE>
     Require valid-user
 </Limit>
</Location>

3 simple step to use .htaccess & .htpasswd

1) Create htpasswd

htpasswd -c /srv/www/htpasswd username —-> <insert password>

2) Put file named .htaccess
containing this lines:

#######################################
AuthUserFile  /srv/www/.htpasswd
AuthType Basic
AuthName "backend"
Require valid-user
#######################################

3) allow override in http.con as follow:

<Directory "/srv/www/htdocs">;
...

# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   Options FileInfo AuthConfig Limit
AllowOverride AuthConfig
# Controls who can get stuff from this server.
Order allow,deny
Allow from all

...
</Directory>

Restrict access to you subversion Server

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
################################################Svn Config
LoadModule dav_svn_module                 /usr/lib/apache2/mod_dav_svn.so
LoadModule authz_svn_module               /usr/lib/apache2/mod_authz_svn.so
 
 
ServerName svn.yourdomain.local
 
 
DAV svn
SVNPath /var/www/svn1
AuthType Basic
AuthName "Your SVN repository name"
AuthUserFile "/etc/subversion/passwd"
 
Order Deny,Allow
Allow from all
Require user dev

How to setup minimal Subversion Server.

Easy Svn Install without Ldap under Open Suse:

1 – zypper Install svn

2 – zypper install apache2

3 – Create Repository

svnadmin -create /var/www/svn1/

4 – Create passwd

htpasswd -c “/etc/subversion/passwd” dev   —> Insert password

5 – Apache Config

################################################Svn Config

LoadModule dav_svn_module                 /usr/lib/apache2/mod_dav_svn.so
LoadModule authz_svn_module               /usr/lib/apache2/mod_authz_svn.so

<VirtualHost *:80>
ServerName svn.yourdomain.local
<Location /svn>
DAV svn
SVNPath /var/www/svn1
AuthType Basic
AuthName “Your SVN repository name”
AuthUserFile “/etc/subversion/passwd”
# everyone can read but only user “dev” can commit
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require user dev
</LimitExcept>
</Location>
</VirtualHost>