4

我通过 HTTPS 在 Apache 下运行 SVN 服务器这是
我的服务器端配置,“/etc/httpd/conf.d/subversion.conf”:

<Location />
  SSLRequireSSL
  SSLCACertificatePath /etc/pki/CA
  SSLCACertificateFile /etc/pki/CA/cacert.pem
  SSLVerifyClient optional
  SSLUserName SSL_CLIENT_S_DN_CN
  SetOutputFilter DEFLATE
  Satisfy Any
  AuthBasicProvider file ldap
  AuthzLDAPAuthoritative off
  AuthType Basic
  AuthName "SVN users enter password"
  AuthLDAPURL ldap://ldap.exmaple.com:389/ou=employees,ou=people,o=example.com
  AuthGroupFile /var/www/auth/group
  AuthUserFile /var/www/auth/passwd
  Require valid-user
</Location>

此配置在通过 HTTPS 结帐时接受 PKCS12 证书身份验证。
并在通过 HTTP 结帐时接受 LDAP 身份验证。

我现在的问题是,如果在通过 HTTPS 结帐时没有提供客户端证书(PKCS12),我如何让 Apache 接受 LDAP 身份验证?

4

1 回答 1

1

而不是为Location /.
我为子文件夹配置了 SSL 证书身份验证Location /cert
Location /配置了 LDAP。
我的 subversion.conf 现在看起来像:

<Location />
  AuthBasicProvider file ldap
  AuthzLDAPAuthoritative off
  AuthType Basic
  AuthName "SVN users enter password"
  AuthLDAPURL ldap://ldap.example.com:389/ou=employees,ou=people,o=example.com
  AuthGroupFile /var/www/auth/group
  AuthUserFile /var/www/auth/passwd
  Require valid-user
</Location>

<Location /svn>
  AuthBasicProvider file ldap
  AuthzLDAPAuthoritative off
  AuthType Basic
  AuthName "SVN users enter password"
  AuthLDAPURL ldap://ldap.example.com:389/ou=employees,ou=people,o=example.com
  AuthGroupFile /var/www/auth/group
  AuthUserFile /var/www/auth/passwd
  Require valid-user
</Location>

<Location /cert>
  DAV svn
  SVNParentPath /var/www/html/svn/repos
  AuthzSVNAccessfile /var/www/html/svn/authz
  SSLRequireSSL
  SSLCACertificatePath /etc/httpd/conf/keys/
  SSLCACertificateFile /etc/httpd/conf/keys/stacked-pem.cer
  SSLVerifyClient optional_no_ca
  SSLUserName SSL_CLIENT_S_DN_CN
  SetOutputFilter DEFLATE
  Satisfy Any
</Location>

现在正在发生到 LDAP 的故障转移 :)
关键是Satisfy any

于 2014-07-17T10:24:38.150 回答