Repositories access control with apache mod dav svn and mod perl » History » Revision 3
Revision 2 (Nicolas Chuche, 2007-11-18 21:13) → Revision 3/47 (Jean-Philippe Lang, 2007-11-18 21:41)
h1. Repositories access control with apache mod dav svn and mod perl {{>TOC}} h2. overview In this documentation, we will configure apache to delegate authentication to mod_perl. It's tested on apache2 with mysql and postgresql but should work with allmost every databases for which there is a perl DBD module. You need a Redmine r860 re. 860 or later. If your Redmine is older than r916, re .916, download "Redmine.pm":http://redmine.rubyforge.org/svn/trunk/extra/svn/Redmine.pm You need to have a working apache on your SVN server and you must install some modules at least mod_dav_svn, mod_perl2, DBI and DBD::mysql (or the DBD driver for you database as it should work on allmost all databases). On Debian/ubuntu you must do : <pre> aptitude install libapache2-svn libapache-dbi-perl libapache2-mod-perl2 libdbd-mysql-perl </pre> h2. enabling apache modules On debian/ubuntu : <pre> a2enmod dav a2enmod dav_svn a2enmod perl </pre> h2. apache configuration You need to copy "Redmine.pm" on your svn server and add something like that to your apache configuration (for example in @/etc/APACHE_DIR/conf.d/@) @/etc/APACHE_DIR/conf.d/@ You must change the Redmine.pm path and database informations to fit your needs. <pre> PerlRequire /usr/local/apache/Redmine.pm <Location /svn> DAV svn SVNParentPath "/var/svn" AuthType Basic AuthName redmine Require valid-user PerlAccessHandler Apache::Authn::Redmine::access_handler PerlAuthenHandler Apache::Authn::Redmine::authen_handler ## for mysql PerlSetVar dsn DBI:mysql:database=databasename;host=my.db.server ## for postgres # PerlSetVar dsn DBI:Pg:dbname=databasename;host=my.db.server PerlSetVar db_user redmine PerlSetVar db_pass password </Location> # a private location in read only mode to allow Redmine browsing <Location /svn-private> DAV svn SVNParentPath "/var/svn" Order deny,allow Deny from all # only allow reading orders <Limit GET PROPFIND OPTIONS REPORT> Allow from redmine.server.ip </Limit> </Location> </pre> It will add add two Location directives, one @/svn@ /svn with authentication and access control against the Redmine database for users and one @/svn-private@ /svn-private in read-only with IP ip limitation for Redmine browsing. And that's done. You can try to browse some public repository with: with : <pre> svn ls http://my.svn.server/svn/myproject </pre> If you try to browse some non public repository, it will ask you a password.