Installing and Configuring subversion-server and apache2 with LDAP authentication against eDirectory

Installing and Configuring subversion-server and apache2 with LDAP authentication against eDirectory

Jon Hardman
Software Engineer II
Identity Manager Resource Kit


Table of Contents



Overview


An exciting new feature of Designer 3 is the ability to use the subversion version control system to manage Designer projects. This allows you to track a project's history, see who made the changes, and roll-back to previous revisions if necessary. The Designer help files describe how to set up a local, windows subversion server to keep your Designer projects on your local machine. In most enterprises, however, a centrally accessible, server-based subversion server is desirable. This document describes how to set up an apache2, http subversion server that can authenticate against your LDAP server (preferably eDirectory) to host your Designer projects, which can be updated, check-out, etc., from multiple clients.

    Operating System:

            SUSE Linux Enterprise Server 10 SP2 (SLES10SP2)

            SUSE Linux Enterprise Server 10 Software Development Kit SP2 (sle-10-sdk-sp2)

    eDirectory version:

            eDirectory 8.8.2 for Linux

    Identity Manager version:

            IDM 3.5.1 for Linux (optional)

    Apache and Subversion:

            apache2.2.3-16.18

            subversion1.3.1-1.5

    Designer version:

            Designer for Identity Manager v3



Prerequisites


SUSE Linux Enterprise Server 10 SP2 i386 architecture
SUSE Linux Enterprise Server 10 Software Development Kit SP2 (sle-10-sdk-sp2)

eDirectory 8.8.2 installation files (archive or iso)

Installation source for SUSE Linux Enterprise Server 10 Software Development Kit SP2

This article assumes a working knowledge of SUSE Linux and eDirectory in general.


Installation and Configuration



SUSE Linux

  1. Install SLES 10 SP2 i386. For software pattern installation, select the default installation.



eDirectory (for stand-alone configuration)

Note: You can also authenticate against an existing eDirectory instance 'over the wire' if you have one available in your environment. If this is the case, you can skip this section.


Installation:


  1. Download eDirectory 8.8.2 iso from download.novell.com

  2. “su” to root ('su' in console, enter root password)

  3. Mount the eDirectory installation .iso as /media/cdrom ('mount -t iso9660 -o loop eDir_882.iso /media/cdrom')

  4. “cd” into /media/cdrom (this may also be “/media/cdrom/eDirectory/setup”, depending on the eDirectory version) ('cd /media/cdrom')

  5. execute './nds-install'. Select options 1 and 2 for full eDirectory installation.

    eDirectory installation is now complete. You can now configure your eDirectory tree using the eDirectory utility 'ndsconfig'.



eDirectory Configuration:


  1. First, you must set your system PATH for the nds binaries/libraries by issuing command '. /opt/novell/eDirectory/bin/./ndspath' in the console. (Note that the command starts with dot-space)

  2. Now configure your eDirectory tree from the command line using ndsconfig; i.e. 'ndsconfig new -t MYTREE -a cn=admin.o=novell -n o=novell -S myserver -i -e -D /var/opt/novell/instance0 -d /var/opt/novell/instance0/data/dib -w password --config-file /var/opt/novell/nds0.conf' (The '-i' option ignores duplicate tree lookup, '-e' enables ldap clear-text password.

  3. Once eDirectory configuration is complete, you can verify ndsd is up and running with 'ndsstat'.




Add SLE-10-SDK-SP2 installation source

Download SLES10 SDK SP2 and set it as an installation source:

  1. Download SLES 10 SDK SP2 from download.novell.com



  1. http://download.novell.com/Download?buildid=eRAdQttrkeA~

  2. Save DVD1 and DVD2 to your local file system

  3. Start 'yast2' and add DVD1.iso as an installation source

  4. Finish




Install Apache2 and subversion-server software

Install required software


  1. “rug in apache2 apache2-doc neon subversion-server”

  2. Finish installation

  3. create subversion group and user

    1. (su) groupadd -r svn; useradd -r -g svn -d /srv/svn -s /bin/false svn




Configure apache2 and subversion


  1. enable the needed apache2 modules from the command line

    1. (su) a2enmod dav

    2. (su) a2enmod dav_svn

    3. (su) a2enmod ldap

    4. (su) a2enmod authnz_ldap

  2. Configure subversion server for apache2

    Each repository requires its own entry in the /etc/apache2/conf.d/subversion.conf file. For ease of use, etc., we will configure 1 'parent' repository, and then create 'child' projects below the parent for the Designer projects.

  3. Configure the parent repository

    1. Using a text editor (vi in this case), run: (as root) “ vi /etc/apache2/conf.d/subversion.conf”

    2. subversion.conf should read as follows:


    # Example configuration for a subversion repository 
    # see /usr/share/doc/packages/subversion for the full documentation
    #
    <IfModule mod_dav_svn.c>
    <Location /repos>
    DAV svn
    SVNParentPath /srv/svn/repos
    SVNListParentPath on

    # # Limit write permission to list of valid users.
    <LimitExcept GET PROPFIND OPTIONS REPORT>
    # # Require SSL connection for password protection.
    # # SSLRequireSSL
    #
    AuthBasicProvider ldap
    AuthType Basic
    AuthName "LDAP Authorization Realm"
    AuthLDAPURL ldap://127.0.0.1:389/OU=users,O=company,DC=data
    require ldap-attribute objectClass=user
    </LimitExcept>
    </Location>
    </IfModule>



    In this case, the subversion location will be /srv/svn/repos, the ldap server is 127.0.0.1:389 (clear-text ldap), and the users are in the container OU=users,O=company, DC=data

    Without the SVNListParentPath directive, you cannot go to the repositories' index page - you will get an 'Access Forbidden' response.



Create parent subversion repository

Create and configure the subversion repository


  1. (su) mkdir -p /srv/svn/repos

  2. Restart apache2 (rcapache2 restart)

  3. Set up a project repository (mydesignerprojects, for example)

    1. 'svnadmin create /srv/svn/repos/mydesignerprojects'

    2. chown -R wwwrun:www /srv/svn/repos/mydesignerprojects/



    Enable https for apache2 (optional)


    1. Run 'gensslcert' to generate new, valid certs

    2. copy /etc/apache2/vhosts.d/ssl-vhost.template /etc/apache2/vhosts.d/ssl-vhost.conf

    3. rcapache2 restart -DSSL

    4. You may need to copy the https certificate files to your Designer client in order to avoid prompts from the Designer svn client (There is an option to save the certificate information on the initial check-in, check-out via https)




    Enabling ldaps secure ldap authentication (optional)

    See http://httpd.apache.org/docs/2.2/mod/mod_ldap.html

    Check in Designer projects


    1. In Designer, from either the outline or project view, select 'Check In...'

    2. For the 'repository location', enter the parent svn repository created in step 5.1 above (http://server.ipaddress.or.hostname/repos/mydesignerprojects/)

    3. For the 'project name', you may enter whatever identifier you like (project1)

    4. Enter a comment (i.e. initial checkin) and hit OK

      1. You will be prompted for a username and password. The username will be the eDirectory RDN (no context or 'cn=') of a user in the LDAP context listed in the subversion.conf file and the password is the user's eDirectory password.

      2. Your project will be added to the mydesignerprojects svn repository.



    Check out Designer projects

    You (or your colleagues) can now check-out projects that have been added to the subversion repository from other Designer clients.


    1. From Designer menu, 'Project ? Import Project ? Version Control...'

    2. Version control URL or file path is “http://yoursubserver/repos/mydesignerprojects/”

      1. You should now see a list of your Designer projects in the lower Designer pane.

      2. Expand the project you wish to 'check out', highlight the project icon, and hit the Finish button.

      3. The project will be imported from the subversion server to your Designer workspace and opened in Designer's project view.




    Conclusion



    You now have a web-based, centrally accessible subversion server with which you can use version control to track your Designer/IDM projects. Further enhancements can be made to the version control system to control access rights, group membership, etc., which are beyond the scope of this document. For enterprise deployments or multiple user consulting projects, Designer's version control feature is an extremely powerful tool to enable team collaboration.

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2008-07-10 19:46
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.