我通过HTTPS在Apache下运行SVN服务器 继承我的服务器端配置" /etc/httpd/conf.d/subversion.conf":
<Location />
SSLRequireSSL
SSLCACertificatePath /etc/pki/CA
SSLCACertificateFile /etc/pki/CA/cacert.pem
SSLVerifyClient optional
SSLUserName SSL_CLIENT_S_DN_CN
SetOutputFilter DEFLATE
Satisfy Any
AuthBasicProvider file ldap
AuthzLDAPAuthoritative off
AuthType Basic
AuthName "SVN users enter password"
AuthLDAPURL ldap://ldap.exmaple.com:389/ou=employees,ou=people,o=example.com
AuthGroupFile /var/www/auth/group
AuthUserFile /var/www/auth/passwd
Require valid-user
</Location>
此配置在通过HTTPS结账时接受PKCS12证书身份验证
并通过HTTP结账时接受LDAP身份验证。
我现在的问题是,如果在通过HTTPS结账时没有提供客户端证书(PKCS12),我如何让Apache接受LDAP身份验证?
答案 0 :(得分:1)
而不是为Location /配置SSL证书
我为Location /cert子文件夹配置了SSL证书身份验证。
Location /配置了LDAP
我的subversion.conf现在看起来像:
<Location />
AuthBasicProvider file ldap
AuthzLDAPAuthoritative off
AuthType Basic
AuthName "SVN users enter password"
AuthLDAPURL ldap://ldap.example.com:389/ou=employees,ou=people,o=example.com
AuthGroupFile /var/www/auth/group
AuthUserFile /var/www/auth/passwd
Require valid-user
</Location>
<Location /svn>
AuthBasicProvider file ldap
AuthzLDAPAuthoritative off
AuthType Basic
AuthName "SVN users enter password"
AuthLDAPURL ldap://ldap.example.com:389/ou=employees,ou=people,o=example.com
AuthGroupFile /var/www/auth/group
AuthUserFile /var/www/auth/passwd
Require valid-user
</Location>
<Location /cert>
DAV svn
SVNParentPath /var/www/html/svn/repos
AuthzSVNAccessfile /var/www/html/svn/authz
SSLRequireSSL
SSLCACertificatePath /etc/httpd/conf/keys/
SSLCACertificateFile /etc/httpd/conf/keys/stacked-pem.cer
SSLVerifyClient optional_no_ca
SSLUserName SSL_CLIENT_S_DN_CN
SetOutputFilter DEFLATE
Satisfy Any
</Location>
现在正在进行LDAP故障转移:)
关键是Satisfy any