Install necessary packages first.<\/p>\n
\r\n$ yum install subversion mod_dav_svn mod_ldap python-ldap\r\n<\/pre>\nPrepare configuration for Apache. Create a file
\/etc\/httpd\/conf.d\/subversion.conf<\/code> and put the\u00a0content bellow into it. Change location, physical path on disk, Active Directory LDAP server and bind credentials to your particular environment.<\/p>\n\r\n\r\nRewriteEngine on\r\nRewriteCond %{REQUEST_URI} ^\/$\r\nRewriteCond %{HTTP_USER_AGENT} !^SVN\/\r\nRewriteRule ^(.*\/)$ %0\/ [R=301,L]\r\n\r\n<Location \/svn>\r\n DAV svn\r\n\r\n SVNParentPath \/var\/www\/svn\r\n SVNListParentPath on\r\n SVNCacheTextDeltas off\r\n SVNCacheFullTexts off\r\n SVNAllowBulkUpdates on\r\n SVNIndexXSLT \"\/svnindex.xsl\"\r\n AuthzSVNAccessFile \/etc\/subversion\/access.conf\r\n\r\n Options Indexes\r\n\r\n AuthBasicProvider ldap\r\n AuthName \"Memos Subversion Repositories\"\r\n AuthType Basic\r\n AuthLDAPBindDN \"CN=svn_user,OU=Service Accounts,DC=domain,DC=com\"\r\n AuthLDAPBindPassword svn_user_password\r\n AuthLDAPURL \"ldap:\/\/global_catalog.domain.com:3268\/OU=People,DC=domain,DC=com?sAMAccountName?sub?(objectCategory=person)\"\r\n Require valid-user\r\n\r\n ExpiresActive on\r\n ExpiresDefault access\r\n<\/Location>\r\n<\/pre>\nCreate a directory where Subversion data will be stored if it does not already exist:<\/p>\n
\r\n$ mkdir -p \/var\/www\/svn\r\n<\/pre>\nChange the permissions of this directory to be owned (or at least writeable by Apache):<\/p>\n
\r\n$ chown apache:apache \/var\/www\/svn\r\n<\/pre>\nStart Apache<\/p>\n
\r\n$ systemctl start httpd\r\n<\/pre>\nNow you need to setup access permissions. There is a catch. There is no simple way how to use Active Directory groups, so we need to synchronize groups from AD to local authz configuration file which we have already configured in Apache confiuration before. To do it we will use sync_ldap_groups_to_svn_authz<\/a>.<\/p>\n
Create authz file and put to the top users which will have access to all repositories (such administrators with read write access or continuos intergration user with read only access). Then put particular repositories permissions. You can already add groups from Active Directory. At the end will be part of the config file dedicated to groups definitions and at the very end the comment we will use to find out where the grous definition start. See:<\/p>\n
\r\n[\/]\r\nadmin = rw\r\nci = r\r\n\r\n[repository1:\/]\r\nuser1 = rw\r\n@SVN_GROUP1 = rw\r\n\r\n[groups]\r\n### Start generated content: LDAP Groups to Subversion Authz Groups Bridge ###\r\n<\/pre>\n