Configuration of the LDAP integration

This installation guide is only valid for iF.SVNAdmin version from 1.0 to 1.3!
(But the informations can also be used for 1.4, just note that you don’t have to edit the config.inc.php file. The official documentation for 1.4 will come…)

This document shows you, how you can configure your insaneSvnAdmin installation with the built-in LDAP integration for users and groups.

Basic installation & PHP – LDAP Modul

First follow the steps of the basic installation description, which can be found on the main page. Note that the configuration of the SVNUserFile file is not required in this case. The next requirement for the integration is the activation of the LDAP module for PHP. A detailed installation description can be found here: Official PHP Homepage / LDAP Module

Configuration example

Open your include/config.inc.php file and set the variables of the user- and/or group-provider on the following values. If you wish to receive only the users from the LDAP and the groups continously from the regular web-interface, then leave the values of the two group-providers on their default settings.

// User view provider.
// Types: off, passwd, ldap
$appConfig["user_view_provider_type"] = "ldap";

// User edit provider.
// Types: off, passwd
$appConfig["user_edit_provider_type"] = "off";

// Group view provider.
// Types: off, svnauthfile, ldap
$appConfig["group_view_provider_type"] = "ldap";

// Group edit provider.
// Types: off, svnauthfile
$appConfig["group_edit_provider_type"] = "off";

Note that if you set a VIEW-provider to ldap that the corresponding EDIT-provider have to be set to off.
For the other configurations you must scroll down until you get to the LDAP settings.

Connection data

First we need the connection to the server including a user account, which has the right to read the other users and groups.
The connection with ldaps:// has not been tested.

// Basic LDAP connection settings.
$userView->host_address               = 'ldap://192.168.178.28:390/';
$userView->host_protocol_version      = 2;
$userView->bind_dn                    = 'CN=admin,OU=Benutzer,DC=augsburg,DC=insanefactory';
$userView->bind_password              = 'root';

User-provider (Example based on Active Directory)

The user-provider reads the required user data and displays them. Until now there is no caching mechanism for the users, due to this fact they will be fetched from the LDAP with each user-list request.

The different configurations are in the file again described in more detail. The now listed configuration depends on the screenshot, which hopyfully makes it something easier for you.

The above selected passages must now only be included in the configuration.

// LDAP user-view settings.
$userView->users_base_dn              = 'OU=CustomUsers,DC=augsburg,DC=insanefactory';
$userView->users_search_filter        = '(&(objectClass=person)(objectClass=user))';
$userView->users_attributes           = array('sAMAccountName');

If your settings are correct, you can now open the web-interface on the the user page and check whether the users got listed. For the groups provider configuration, you must now scroll in the configuration file a bit down.

Group-provider (Example based on Active Directory)

The group provider is responsible for a list of group names and membership of each user. The groups and assignments are cached in the SVNAuthFile file and updated only by invitation, task or cron job (more on that later).

Here is the required configuration for this:

// LDAP group-view settings.
$groupView->groups_base_dn                  = 'OU=CustomGroups,DC=augsburg,DC=insanefactory';
$groupView->groups_search_filter            = '(objectClass=group)';
$groupView->groups_attributes               = array('sAMAccountName');
$groupView->groups_to_users_attribute       = 'member';
$groupView->groups_to_users_attribute_value = 'dn';