Scribd
Upload
109 views

Building A Versioning Document Repository

This document discusses building a versioning document repository using Apache HTTP Server, OpenLDAP, and Subversion. It provides overviews of each technology and step-by-step instructions on how to configure them together. OpenLDAP is used to centrally store user accounts. Apache HTTP Server is configured with WebDAV and DeltaV modules to provide a web-based interface to the Subversion repository. Subversion then provides the version control system functionality with integration to the Apache WebDAV interface.

Uploaded by

Dkamta
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
109 views

Building A Versioning Document Repository

This document discusses building a versioning document repository using Apache HTTP Server, OpenLDAP, and Subversion. It provides overviews of each technology and step-by-step instructions on how to configure them together. OpenLDAP is used to centrally store user accounts. Apache HTTP Server is configured with WebDAV and DeltaV modules to provide a web-based interface to the Subversion repository. Subversion then provides the version control system functionality with integration to the Apache WebDAV interface.

Uploaded by

Dkamta
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 32

Building a Versioning

Document Repository
Using Apache HTTP Server, OpenLDAP, and Subversion
By: Craig A. McElroy
Who Am I?
• Co-founder of Metissian & Contegix
• Contegix is a colocation and managed hosting
company specializing in Linux and Mac OS X
located in downtown St. Louis, MO.
• Maintainer of Subversion OS X Packages at http://
www.metissian.com
• Early adopter of the Subversion version control
system
• Been using it since pre 1.0 release for source
control, document versioning, etc.
Document Repository
• A document repository is any central storage location
for documents.
• Various storage and access mechanisms
• NFS
• Samba
• Simple Web Application
• WebDAV
WebDAV
• What is WebDAV?
• Briefly: WebDAV stands for “Web-based
Distributed Authoring and Versioning”
• Set of extensions to the HTTP protocol which
allow remote collaborative authoring of web
resources.
• Defined in RFC 2518
• Visit http://www.webdav.org/ for more information.
WebDAV Servers
• Apache HTTP Server
• mod_dav - Base WebDAV support module which
requires another module to define the storage
implementation.
• mod_dav_fs - WebDAV module provided by Apache
which uses underlying filesystem for storage.
• Other mod_dav implementations exist (as we’ll see
in a bit)
WebDAV Servers
• Jakarta Slide
• http://jakarta.apache.org/slide/index.html
• Zope
• http://www.zope.org/
• .Mac
• Apple’s .Mac service is WebDAV based.
• A number of other Open Source and Commercial
servers.
WebDAV Clients
• Nautilus 2
• Official file manager/browser for GNOME.
• http://www.gnome.org/projects/nautilus
• Linux davfs2
• A filesystem module for the Linux kernel based on
Coda (http://coda.cs.cmu.edu/)
• http://dav.sourceforge.net/
• Cadaver Command Line Client
• http://www.webdav.org/cadaver/
WebDAV Clients
• Mac OS X
• Apple’s OS X has an integrated WebDAV client.
• Prior to 10.4 did not support https.
• Win32 WebFolders
• Windows 98, 2000, and XP have an integrated
WebDAV client known as “WebFolders”
• Not as integrated as Apple’s implementation.
• WebDrive Commercial Windows Client
• http://www.southrivertech.com/
DeltaV Extensions
• Despite the “V” in WebDAV, there is no versioning
model included in the WebDAV RFC.
• Because RFC 2518 left out versioning concepts,
another capable group was left with the responsibility
of writing RFC 3253, which adds versioning to
WebDAV.
• WebDAV/DeltaV clients and servers are often called
just “DeltaV” clients and servers, since DeltaV implies
the existence of basic WebDAV.
DeltaV
• The coolest feature of the DeltaV extensions is
Autoversioning.
• Allows basic WebDAV clients that are not aware of
versioning to create new versions by simply doing a
PUT operation.
• The server will translate that to the series of
operations that will generate a new version of the
existing file.
• In the event of a needed file restore, a system
administrator could simply pull an old version.
LDAP
• What is LDAP?
•Lightweight Directory Access Protocol
•Designed at the University of Michigan to adapt a
complex enterprise directory system (called X.500)
to the modern internet.
•De-facto standard for user information storage,
searching, and authentication.
•Many implementations of LDAP Servers
•Tremendous client support
LDAP Servers
• OpenLDAP - http://www.openldap.org/
• Open Source LDAP Server
• Novell eDirectory
• Red Hat Directory Server (Formerly Netscape
Directory Server)
• Microsoft Active Directory
• Supports the LDAP interface, but has some quirks
• Apache DS - Pure Java LDAP Server
• http://directory.apache.org/subprojects/apacheds/
LDAP Clients
• Nearly all E-Mail clients support LDAP Database
searches
• Apache Authentication Modules
• Apache 2.0: mod_auth_ldap
• http://httpd.apache.org/docs-2.0/mod/mod_auth_ldap.html

• Apache 2.1: mod_authnz_ldap


• http://httpd.apache.org/docs-2.1/mod/mod_authnz_ldap.html
Subversion
• http://subversion.tigris.org/
• Subversion is a version control system with a
WebDAV/DeltaV server implementation for Apache
• mod_dav_svn Apache Module
• Subversion was designed to be a replacement for CVS
in the version control realm
• Provides many added benefits because of it’s
WebDAV/DeltaV capabilities
DeltaV in Subversion
• Currently, not all features of DeltaV are implemented
in Subversion, but most of the core ones are.
• RFC 3253 is still relatively new, and Subversion
developers intend to improve support in future
releases.
• But, what about Autoversioning?!?!?
Autoversioning
• Does autoversioning really work in Subversion?
• Well, sort of.
• At this time, Subversion still lacks support for the
WebDAV LOCK and UNLOCK methods, so editing
a file in place is not supported.
• Can still copy the file to local filesystem, edit it, and
copy it back.
• Come on? Is this really the best we can do?
mod_dav_lock
• Apache 2.1 (still in beta) has introduced a new
mod_dav_lock module.
• http://httpd.apache.org/docs-2.1/mod/mod_dav_lock.html
• Provides a generic locking API which can be used by
any backend provider of mod_dav (mod_dav_svn in
our case)
• Uses a file based lock database to provide the locking
mechanism that would otherwise be missing from
Subversion’s DeltaV support.
• Creates the “illusion” that the lock was accepted.
Why These?
• This exact configuration was implemented for a client late 2004.
• Why WebDAV?
• Needed to support multiple platforms.
• Needed to be able to securely access data.
• Why LDAP?
• Client also wanted to consolidate user accounts between a
dozen servers, miscellaneous web applications (including
Bugzilla), etc.
• The Document repository need the same accounts.
• Why Subversion?
• Subversion was already being used for version control
system for source code.
Configuration & Demo
• OpenLDAP
• http://www.openldap.org/
• phpLDAPadmin
• http://phpldapadmin.sourceforge.net/
• Apache HTTP Server 2.1 (Beta)
• http://httpd.apache.org/
• Subversion 1.2 (RC)
• http://subversion.tigris.org/
OpenLDAP
• Included with any modern Linux distribution
• RHEL v.4 comes with OpenLDAP 2.2
• Edit /etc/openldap/slapd.conf
• Define suffix, rootdn, and rootpw
• suffix “dc=contegix,dc=com”
• rootdn “cn=Manager,dc=contegix,dc=com”
• rootpw {SSHA}................................

• Encrypted rootpw value can be generated using


slappasswd
OpenLDAP
• Start OpenLDAP Server
• Do a simple test using:
•ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts

• If this works, we are ready to begin populating the


LDAP database.
• Option 1: Use .ldif files and ldapadd commands
• Option 2: Use a LDAP client utility

phpLDAPadmin
phpLDAPadmin
• Install to a location where it is accessible from a
webserver.
• Edit the config.php file
• Define the values for host, base, and auth_type
• $servers[$i][‘host’] = ‘localhost’;
• $servers[$i][‘base’] = ‘dc=contegix,dc=com’;
• $servers[$i][‘auth_type’] = ‘session’

• An auth_type of session will prompt for a


login upon accessing the application.
Setup LDAP Objects
Using phpLDAPadmin
• Create the Organization with dcObject and
organization objectClass
• o = Contegix LLC
• Manager organizationalRole
• cn=Manager,dc=contegix,dc=com
• People organizationalUnit
• ou=people
• Users, users, users
• Use simpleSecurityObject for our example
Apache HTTP 2.1
• As Apache 2.1 is still Beta, it is most likely not included
with any Linux distribution.
• Download and build the latest source tarball.
• Important configure options
• --prefix=/opt/httpd/httpd-2.1.x
• --with-ldap
• --enable-mods-shared=all
• --enable-dav-lock
• --enable-ldap
• --enable-authnz-ldap
Apache HTTP 2.1
• Edit httpd.conf
• Specify User and Group
•User webdav
•Group webdav
• Ensure that the ldap_module is loaded before
authnz_ldap_module in the LoadModule
directives (is not in the default configuration file)
Subversion 1.2
• While a relatively recent version of Subversion ships with
most Linux distributions, we will need to build against the
Apache just built.
• Download and build the latest source tarball.
• Important configure options
• --prefix=/opt/subversion/subversion-1.2.x
• --with-ssl
• --with-zlib
• --with-apr=/opt/httpd/.../apr-1-config
• --with-apr-util=/opt/httpd/.../apu-1-config
• --with-apxs=/opt/httpd/.../apxs
Creating the
Repository
• Setup repository and locks directories.
• mkdir /opt/subversion/repos
• mkdir /opt/subversion/locks

• Create the repository with proper permissions.


• svnadmin create /opt/subversion/repos/webdav
• chown -R webdav:webdav /opt/subversion/repos/
webdav
Putting It All Together
• Apache Configuration
<Location />
DAV svn
SVNPath /opt/subversion/repos/webdav
SVNAutoversioning on
DavGenericLockDB /opt/subversion/locks/davlock

AuthBasicProvider ldap

AuthLDAPUrl ldap://localhost:389/ou=People,dc=contegix,dc=com
AuthzLDAPAuthoritative off

AuthType basic
AuthName "Contegix WebDAV"
Require valid-user
</Location>

• Startup Apache
Other Concerns
• SSL
• For the sake of simplicity of our demonstration, we
did not enable HTTPS for the Apache WebDAV
server, or TLS for the OpenLDAP server.
• Client compatibility
• At this time, WebDAV support is still rather
inconsistent.
• Different clients have varying levels of support, and
various quirks that should be considered that this
time.
Other Concerns
• Limiting Access by Groups
• Can also configure Apache to require that users be
members of a given group in order to access
WebDAV share
• Controlled access by Directory
• Subversion’s mod_dav_svn can be configured to
restrict read and/or read/write access by directory
within the WebDAV share.
• Unfortunately, this feature does not currently
support LDAP groups.
Future
• Directory level permissioning.
• Subversion developers intend to add support for
having groups defined by external authentication
mechanisms.
• DeltaV locking support built into Subversion
• Better compatibility between various DeltaV clients.
• Currently a true DeltaV client may or may not
interoperate well with a mod_dav_svn server.
Q &A

You might also like