svnapachemod-auth

Anonymous SVN Checkout, but Authenticate Commit

I am setting up SVN repository with Httpd. Currently, my repository is available through Httpd, but anybody can checkout and commit back. I want to limit the commit action using Microsoft Active Directory Authentication.

I am using the following in my subversion.conf.

<Location /repos>
   DAV svn

   # Directory containing all repository for this path
   SVNParentPath /srv/svn/repositories

   # List repositories colleciton
   SVNListParentPath On

   # Enable WebDAV automatic versioning
   SVNAutoversioning On

   # Repository Display Name
   SVNReposName "RepositoryName"

   # Do basic password authentication in the clear
   AuthType Basic

   # The name of the protected area or "realm"
   AuthName "RepositoryName"

   # Make LDAP the authentication mechanism
   AuthBasicProvider ldap

   # Make LDAP authentication is final
   AuthzLDAPAuthoritative off

   # Active Directory requires an authenticating DN to access records
   #AuthLDAPBindDN "ou=people,o=example,dc=com"

   # The LDAP query URL
   AuthLDAPURL "ldap://example.com:389/DC=com,DC=example,ou=people?uid(objectClass=*)" NONE

   # Read access to everyone
   Satisfy Any

   # Require a valid user
   Require valid-user

   # Authorization file
   AuthzSVNAccessFile /subversion/apache2/auth/repos.acl

   # Limit write permission to list of valid users.
   #<LimitExcept GET PROPFIND OPTIONS REPORT>
      # Require SSL connection for password protection.
      # SSLRequireSSL

      #AuthType Basic
      #AuthName "Authorization Realm"
      #AuthUserFile /etc/httpd/conf/.htpasswd
      #Require valid-user
   #</LimitExcept>
</Location>

With above configuration, it asks for the credentials everytime. Also, when provided, the repository is inaccessible. I get 500 Internal Server Error after giving the correct credentials.

I did check the log files, but nothing there to indicate the actual cause.

Solution

  • Ok. I got the first part done.

    With reference from 6. Access control lists section here, I added the read-only access in the AuthzSVNAccessFile file.

    # Authorization file
AuthzSVNAccessFile /srv/svn/repos.acl

    Contents of /srv/svn/repos.acl file

    [/]
* = r

    Now, all my repositories will be anonymously accessible. Now the commit part is remaining.

    Now I get the following message when I commit.

    Commit failed (details follow):
Server sent unexpected return value (500 Internal Server Error) in response to 
MKACTIVITY request for '/repos/project1/!svn/act/783d45f7-ae05-134d-acb0-f36c007af59d'