{{tag>Brouillon}}

= SVN synchronisation groupes LDAP

Voir 
* http://www.jouvinio.net/wiki/index.php/SVN_synchronisation_groupes_LDAP
* http://www.moucha.cc/charon/subversion-repositories-with-apache-and-active-directory-centos7/


<code bash>
sudo apt-get install python-ldap
git clone https://github.com/whitlockjc/sync-ldap-groups-to-svn-authz
cd sync-ldap-groups-to-svn-authz
./sync_ldap_groups_to_svn_authz.py -d admin -p 'P@ssw0rd' -l ldap://192.168.2.53:389 -b "CN=groupe 1,CN=Users,dc=acme,dc=local" -i "sAMAccountName" # -z /etc/apache2/svn-authz
</code>

''/etc/apache2/svn-authz''
<code ini>
[groups]
goupe1 = jean, user1

[DEPOT1:/]
@groupe1 = r

[DEPOT1:/TEST]
@groupe1 = rw
</code>

''/etc/apache2/sites-available/svn.conf''
<code apache>
listen *:3695
<VirtualHost *:3695>
        ServerAdmin postmaster@acme.com
#       DocumentRoot /var/www/svn/DEPOT1
        ServerName  srv-svn1
#       ServeurAlias srv-svn1

        <Location "/">
                DAV svn
                #SVNPath /var/www/svn/DEPOT1
                SVNParentPath /var/www/svn
                SVNListParentPath on
                #AuthzLDAPAuthoritative off # Obsolete
                AuthBasicProvider ldap
                AuthType Basic
                AuthName "Depots"
                AuthLDAPURL "ldap://192.168.2.53:389/DC=acme,DC=local?sAMAccountName?sub?(objectClass=*)"
                AuthLDAPBindDN "user@acme.local"
                AuthLDAPBindPassword P@ssw0rd
                AuthzSVNAccessFile /etc/apache2/svn-authz

                require ldap-group CN="groupe 1",CN=Users,dc=acme,dc=local
                require ldap-user user1
                <LimitExcept GET PROPFIND OPTIONS REPORT>
                   require ldap-group CN="groupe 1",CN=Users,dc=acme,dc=local
                   require ldap-user user1
                </LimitExcept>

        </Location>
        ErrorLog ${APACHE_LOG_DIR}/svn_error.log
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/svn_logfile "%t %u %{SVN-ACTION}e" env=SVN-ACTION
</VirtualHost>
</code>