1、安装Htppd
yum install httpd httpd-devel mod_auth_mysql libsysfs
2、安装Subversion
tar jxf subversion-1.7.7.tar.bz2
unzip sqlite-amalgamation-3071401.zip -d subversion-1.7.7
cd subversion-1.7.7
mv sqlite-amalgamation-3071401 sqlite-amalgamation
./configure –prefix=/usr/local –with-apxs=/usr/sbin/apxs –with-ssl –with-zlib –enable-maintainer-mode –with-apr=/usr/bin/apr-1-config –with-apr-util=/usr/bin/apu-1-config
make
make install
3、配置库
mkdir /data/svnroot
svnadmin create –fs-type fsfs /data/svnroot/test
chown -R httpd的用户名组 /data/svnroot
4、配置httpd
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
LoadModule mysql_auth_module modules/mod_auth_mysql.so
DAV svn
SVNListParentPath on
SVNParentPath /data/svnroot
AuthType Basic
AuthName “Subversion repositories”
SSLRequireSSL
AuthMySQLHost 127.0.0.1
AuthMySQLUser root
AuthMySQLPassword yourpassword
AuthMySQLDB redmine
AuthMySQLUserTable users
AuthMySQLNameField login
AuthMySQLPasswordField hashed_password
AuthMySQLEnable On
AuthMySQLPwEncryption sha1
AuthMySQLUserCondition “users.`status` = 1 AND `users`.`type` = ‘User’”
Require valid-user
change in conf/httpd.conf
#openssl genrsa -des3 -out server.key 1024
#openssl rsa -in server.key -out server.key (*从密钥中删除密码,以避免系统启动时被询问口令)
#openssl req -new -key server.key -out server.csr
#openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
#chmod 0400 server.key
#chmod 0400 server.crt
SSLCertificateFile conf/server.crt
SSLCertificateKeyFile conf/server.key
change in conf.d/ssl.conf
5、Redmine的修改
由于redmine2.1.2版本修改了password的加密方式 SHA1(salt + SHA1(password))
这就导致我们的mod_auth_mysql 没有办法直接工作
我去官方论坛找到两种解决方案
1) Patch mod_auth_mysql to apply salt in the same manner as redmine.
2) Patch redmine to store “unsalted” hashed passwords alongside the currently salted ones.
http://www.redmine.org/boards/2/topics/24386
这里我选择了第二种方案,去改redmine密码加密的方式
line 245
User.hash_password(“#{salt}#{User.hash_password clear_password}”) == hashed_password
change to
User.hash_password(clear_password) == hashed_password
line 254
self.hashed_password = User.hash_password(“#{salt}#{User.hash_password clear_password}”)
change to
self.hashed_password = User.hash_password(clear_password)
line 592
hashed_password = User.hash_password(“#{salt}#{user.hashed_password}”)
change to
hashed_password = user.hashed_password
这样mod_auth_mysql就能直接通过sha1加密匹配hashed_passsword字段了
这样我们就实现了redmine subversion 的用户单点登录
我另外写一段脚本用来根据redmine的project的关系自动生成authz权限文件
#!/usr/bin/php
$pdo = new \PDO(‘mysql:dbname=redmine;host=127.0.0.1′, ‘root’, ‘yourpassword’, array(
PDO::MYSQL_ATTR_INIT_COMMAND => “SET NAMES ‘utf8′;”,
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
));$parentId = 3;
$auths = array(
3 => ‘rw’,
4 => ‘rw’,
5 => ‘r’,
);
$authzFile = ‘/etc/httpd/conf/authz’;$query = ‘SELECT `P`.`name` AS `projectName`,`U`.`login` AS `passport`, `U`.`id` AS `userId`, `R`.`role_id` as `auth`
FROM `projects` AS `P`
LEFT JOIN `members` AS `M` ON `P`.`id` = `M`.`project_id`
LEFT JOIN `users` AS `U` ON `M`.`user_id` = `U`.`id`
LEFT JOIN `member_roles` AS `R` ON `M`.`id` = `R`.`member_id`
WHERE `P`.`parent_id` = ?’;
$statement = $pdo->prepare($query);
$statement->execute(array($parentId));
$statement->setFetchMode(PDO::FETCH_ASSOC);
$infos = $statement->fetchAll();$infoHash = array();
$data = ‘[/]‘ . PHP_EOL . ‘* = r’ . PHP_EOL . PHP_EOL;if (!empty($infos))
{
foreach($infos as $info)
{
if (empty($info['passport']))
{
$infoHash[$info['projectName']][] = ‘* = ‘;
break;
}
else
{
$infoHash[$info['projectName']][] = $info['passport'] . ‘ = ‘ . $auths[$info['auth']];
}
}foreach($infoHash as $projectName => $userNames)
{
$userNames[] = ‘* =’;$data .= “[{$projectName}:/]” . PHP_EOL . implode(PHP_EOL, $userNames) . PHP_EOL . PHP_EOL;
}
}file_put_contents($authzFile, $data);
echo ‘refresh authz file ok !’ . PHP_EOL . $authzFile . PHP_EOL;