Apache LDAP身份验证Redmine
问题描述:
我在Apache服务器(RHEL 6.1)上安装了Redmine。我也有一个运行在/var/svn
的颠覆服务器。我为我的Subversion配置了适当的LDAP身份验证,因此当有人访问Subversion存储库(通过命令行:svn checkout/update/commit或通过http://myserver.com/svn/project)时,它会提示输入用于LDAP服务器认证的用户名和密码。Apache LDAP身份验证Redmine
但是:在Redmine中浏览项目页面时,会看到“存储库”选项卡(并链接到正确的地址:http://myserver.com/svn/project)。但是,当我导航到此选项卡时,它会显示“404在存储库中未找到条目或修订版”。我有一种感觉,即来自Redmine的404无法通过LDAP进行身份验证。所以我的问题是如何让Redmine进入该目录,但其他人需要通过LDAP进行身份验证?
答
我已经想通了我的问题,并提出了一个相当简单的解决方案。我的假设是正确的 - 因为Redmine不知道如何处理LDAP请求,所以它扔了一个404.
下面是正确的Apache配置,允许Redmine(或任何在同一台服务器上运行的服务)通过身份验证过程:
<Location /svn>
# The following two lines allow for any request made by this machine through
# We do this to allow Redmine to have access without needing to authenticate against LDAP
# NOTE: The IP address MUST be the one given by DHCP - the loop-back (127.0.0.1) will NOT WORK
Order allow,deny
Allow from ACTUAL_IP_ADDRESS (example: 123.45.67.100)
# The following authenticates against LDAP for any request NOT made by the same server
# This includes anyone attempting to access:
# http://myserver.com/svn/*
# either via web-browser, or svn command
#
# Tell apache this is a subversion repository
DAV svn
# Where the subversion repository list exists on the file system
SVNParentPath "/var/svn"
# What kind of authentication
AuthType Basic
AuthName "Restricted Subversion Content"
AuthBasicProvider ldap
AuthLDAPBindDN "YOUR_BIND_DN"
AuthLDAPBindPassword "YOUR_BIND_PASSWORD"
AuthLDAPURL "YOUR_LDAP_URL"
# Require a valid-LDAP user (if not from the allowed IP address)
Require valid-user
# This line (very important) tells Apache that the request needs to follow AT LEAST
# one of the following:
# - The request is from the IP address listed above
# - All others MUST authenticate using LDaP
# If we wanted BOTH to be required (not in our case), we would use "Satisfy All"
Satisfy Any
我希望这可以帮助别人寻找一个类似的解决方案!