I have an SVN server, and I'd like to use our LDAP server for user authentication. Right now I'm specifying usernames and passwords per repository, which is working OK, but more people are deciding to use this server. And I really shouldn't have access to their passwords. I'd like to use LDAP to authenticate users, and I want to grant access rights to a whole domain rather than specify users individually.

Some (gruesome) details:

• SVN is running on a windows XP machine. :-(
• I have both svnserve and http access, but the latter is a very minor concern.
• I have minimal LDAP knowledge (which is probably why I'm asking this question.)

Finally, if this is a bad idea entirely, or if there's a better solution I would be interested in hearing it.

Thanks!

svnserve is used whenever you access URLs starting with svn://. All URLs that start with http:// or https:// are handled by Apache. All Subversion clients should be able to handle both of them, and TortoiseSVN doesn't have a problem with them for sure.

Change your Apache config to something like this:

<Location /svn>
    AuthName "My repository"
    AuthType SSPI

    SSPIAuth On
    SSPIAuthoritative On
    SSPIDomain MYDOMAIN
    SSPIOmitDomain On
    SSPIOfferBasic On
    SSPIUsernameCase lower

    Require valid-user

    DAV svn
    SVNListParentPath on
    SVNParentPath D:/path/to/repos
    AuthzSVNAccessFile D:/path/to/accessfile
</Location>