svn installation with ldap + swig with ssl

SVN Installation with Ldap with SSL  Subversion is a tool which does not have any running server agent rather usually it gets setup to works over Apache. Subversion is very easy on installation and configuration but some time it would be pain if we need to have ldap, ssl, viewvc along with basic svn installation. Here i am detailing the Subversion installation with ldap, ssl and lot other modules needed. Contents 1.      Information.. 2.      Require Software and tools. 3.      Pre-Requisite libraries. 4.      Installation 4.1 OpenSSL 4.2 OpenLdap 4.3 Apache 4.4 expat 4.5 PCRE 4.6 Swig 4.7 Subversion 5.      Other Configurations 5.1 Ldap 5.2 SSL Keys 5.3 Apache conf file 1. Information This document tells about SVN Installation via Apache. This document also provides information about enabling and installing SVN+apache with ssl and ldap authentication. 2. Require Software and tools You need to have following tools and software downloaded for complete setup, Here is the list SVN - subversion which  we need to install Openldap - ldap module for authentication via ldap active directory. Apache - UI interface to access SVN via http/s Swig - WIG is an interface compiler that connects programs written in C and C++ with scripting languages such as Perl, Python, Ruby, and Tcl. It needed for python binding Expat - This is xml parser needed by apache Pcre - this is perl library Openssl - ssl over https to make your apache secure. Python - Python library Get these software from internet and download the latest stable version. All these software are open source and available free. My instruction may include specific version which i used during my installation. 3. Pre-Requisite libraries Before starting the installation we need to check availability of supporting tools. gcc, g++ zip java We need some more libraries which you can install via “yum install” or “apt-get install”. apt-get install libdb4.6-dev apt-get install zlib1g-dev  (install zlib devel) 4. Installation 4.1 OpenSSL Unzip and untar the downloaded openSSL source code and follow the instruction. gunzip openssl-1.0.0e.tar.gz tar -xf openssl-1.0.0e.tar cd openssl-1.0.0e ./config --prefix=/usr/share/openssl enable-shared make make install ln -s /usr/share/openssl/lib/* /usr/lib/. 4.2 OpenLdap Unzip and untar the downloaded openldap source code and follow the instruction. tar -xf openldap-stable-20100719.tar cd openldap-2.4.23/ ./configure --prefix=/usr/share/ldap make depend make make install env CPPFLAGS="-I/usr/share/openssl/include" LDFLAGS="-L/usr/share/openssl/lib" ./configure --prefix=/usr/share/ldap --with-ssl=/usr/share/openssl -with-tls=openssl 4.3 Apache Unzip and untar the downloaded http source code and follow the instruction. ./configure --prefix=/etc/apache2 --with-included-apr --enable-module=shared --enable-dav --enable-dav-fs --enable-dav-lock --enable-ldap --enable-authnz-ldap --with-ldap --with-ldap-lib=/usr/share/ldap/lib --with-ldap-include=/usr/share/ldap/include/ --enable-ssl --with-ssl=/usr/share/openssl/ make make install create the use name and group apache by running following command. groupadd apache useradd -g apache apache change the ownership of the /opt/apache2 to apache:apache chown –R apache:apache /opt/apache2 4.4 expat ./configure --prefix=/usr/share/expat make make install link expact lib to /usr/lib ln -s /usr/share/expat/lib/* /usr/lib/ 4.5 PCRE ./configure --prefix=/usr/share/pcre make make install ln -s /usr/share/pcre/lib/* /usr/lib/. 4.6 Swig ./configure --prefix=/usr/share/swig --with-pcre-prefix=/usr/share/pcre/ make make install 4.7 Subversion Get the copy of latest subversion stable release source code from net. tar -xf subversion-1.7.1.tar cd subversion-1.7.1 Get the dependencies ./get-deps.sh We need to install some dependencies also Install Zlib cd zlib/ ./configure --prefix=/usr/share/zlib make make install Install Python ./configure --prefix=/usr/share/python2.6.7 enable-share make make install link the python bin file to /usr/bin link the lib folder to /usr/lib SVN Installation ./configure --prefix=/etc/subversion PYTHON=/usr/share/python2.6.7/bin/python --with-apr=/etc/apache2/bin/apr-1-config --with-apr-util=/etc/apache2/bin/apu-1-config --with-apxs=/etc/apache2/bin/apxs --with-openssl=/usr/share/openssl --with-zlib=/usr/share/zlib  --enable-shared make make install 5. Other Configurations 5.1 Ldap update the ldap.conf file vi /etc/ldap/ldap.conf add the entry at last REFERRALS       off .2 SSL Keys Generate the ssl key Generate a Private Key openssl genrsa -des3 -out server.key 1024 Generate a CSR (Certificate Signing Request) openssl req -new -key server.key -out server.csr Remove Passphrase from Key cp server.key server.key.org openssl rsa -in server.key.org -out server.key Generating a Self-Signed Certificate openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt installing the certificate. cp server.crt /usr/local/apache/conf/ssl.crt cp server.key /usr/local/apache/conf/ssl.key For more detail http://www.akadia.com/services/ssh_test_certificate.html http://www.xenocafe.com/tutorials/linux/centos/openssl/self_signed_certificates/index.php 5.3 Apache conf file Configuration for SVN <Location /svn>    DAV svn    SVNParentPath /opt/svnroot/svn    # Limit write permission to list of valid ldap (Rctive Directory)users.    AuthzLDAPAuthoritative off    AuthType Basic    AuthBasicProvider ldap    AuthName "some authentication heading"    AuthLDAPBindDN use@domain.com    AuthLDAPBindPassword "password"    AuthLDAPURL "complete ldap URL” SSL    require valid-user </Location> Example for AuthLDAPURL  ldaps://<LdapURL>:636/DC=<Something>,DC=com?sAMAccountName?sub?(objectClass=*)" SSL Note - <abc> where abc is just an variable and should be replaced by actual value