some questions on configuring SSL and LDAP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Would someone be willing to nitpick this configuration? 

 

The goal is setting up a self-signed certificate and enabling SSL and LDAP authentication for a subversion repository. 

This configuration is located in subversion.conf 

The version of Apache httpd in this subversion product is:  2.2.25

 

This configuration is working, but I was hoping someone might spot something I’ve missed or perhaps suggest some best practices?

 

 

# VirtualHost is set to: 8443 for SSL

<VirtualHost *:8443>

KeepAlive On

 

# This directive toggles the usage of the SSL/TLS Protocol Engine. This should be used inside a <VirtualHost> section to enable SSL/TLS for a that virtual host.

SSLEngine On

SSLCertificateFile "C:\Program Files (x86)\Subversion\Apache2\ssl\apache.crt"

SSLCertificateKeyFile "C:\Program Files (x86)\Subversion\Apache2\ssl\apache.key"

 

# The <Location> directive limits the scope of the enclosed directives by URL, in this case the URL of /svn

<Location /svn>

 

  DAV svn

  SVNParentPath "C:\repositories"

 

 # Let the users browse the parent path /svn

  SVNListParentPath on

 

  # SVNParentPath and authz fix http://subversion.tigris.org/issues/show_bug.cgi?id=2753

  RedirectMatch ^(/svn)$ $1/

 

  # Authentication: LDAP

  Order deny,allow

  Deny from All

  AuthName "my auth name"

  AuthType Basic

  AuthBasicProvider ldap

 

  # AuthzLDAPAuthoritative must be explicitly set because the default setting is "on" and authentication attempts for valid-user will fail otherwise.

  AuthzLDAPAuthoritative off

 

  # Note: We are only looking for users that belong to a certain OU of yadda1

  AuthLDAPURL "ldap://servername.domain:389/OU=yadda1,OU=yadda,DC=domain,DC=organization,DC=gov?sAMAccountName?sub?(objectClass=*)"

  AuthLDAPBindDN "CN=AD Query Account,OU=Service Accounts,OU=dept,DC=domain,DC=organization,DC=gov"

  AuthLDAPBindPassword bind_password

 

  # If AuthzLDAPAuthoritative was set to 'on', then you can list required users in the following directive

  #Require user "me" "someotheruser"

 

  # Grants access to any user that has successfully authenticated during the search/bind phase

  Require valid-user

 

  # Allows the request if any requirement is met (authentication OR access), can use 'all' to force both requirements

  Satisfy any

 

  # Authorization: Path-based access control; authenticated users can access paths for read/write specfied in this file.

  AuthzSVNAccessFile "C:\svn_passwd\svn-auth.authz"

 

  SVNAutoversioning on

</Location>

 

# Enable Subversion logging

CustomLog logs/subversion.log combined

 

</VirtualHost>

 

 

Leo

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux