Subversion with WebSVN, WebDAV and Active Directory or LDAP Authentication

I just finished setting up subversion server running on CentOS. In addition to having subversion respositories, I have few other requirements which includes:

  • Ability to browse repositories using a web browser
  • Acccess to repositories using WebDAV
  • Repositories access should be protected and authentication/authorization should be done using Active Directory

First, I was looking at using TRAC which provides most of the above and some extra features (project management and bug/issue tracking). But we already have other project management (dotProject) and bug/issue tracking (Mantis) softwares in place and TRAC doesn’t seems like very straight forward to install and configure. So, I started looking at alternatives and there isn’t much out there in form of once package which can provide all of the above.

The solution which we ended up building is running on CentOS operating system, WebSVN and other dependency libraries. I ran into some issues while setting up the solution and went through number of articles and KBs available on Internet. Almost spent whole day on this and thought it might be useful for others if I put all the info in one article.

Target is to have a setup where we can browse all the repositories using WebSVN with URL
Each of the repository should be accessible using a URL which looks like
http://<hostname>/<repository name>

Installing/Configuring CentOS

Historically, I liked RedHat/Fedora (may be because first distribution I started working with was RedHat 5.x) but over the years I started liking Debain (and all other distros built on debian). For this project, I picked up CentOS which is well respected in enterprises for its stability and free alternative to OpenSuse Enterprised or Redhat Enterprise. The latest release out there as of writing this article is CentOS 5.3 so thats what I used.

Install CentOS with default partition and make sure you have web server (http package) with PHP support installed. Once the installation is finished and you are logged in as root, I suggest that you install the latest updates by running

Install subversion and mod_dav_svn packages

enscript package is used by WebSVN for code highlighting and formatting.

Active Directory/LDAP Configuration

If your LDAP deployment doesn’t support anonymous bind, create a user in LDAP which can be used to bind and perform queries. By default, anonymous LDAP operations, except rootDSE searches and binds are not permitted on Windows 2003 domain controllers. As my deployment involves Windows 2003 based domain controller, I created a user named ‘LDAP User‘ (Logon Name ‘ldapuser‘) in Users container.

Before proceeding with rest of the setup, its a good idea to test the bind using the user which will be used for binding and search queries. I used a free utility available from Softerra named LDAP Browser which is available for free download at:

In rest of the setup, I will use imaginary domain called My user principal name will be and the distinguished name for the same will be
CN=LDAP User,CN=Users,DC=domain,DC=example,DC=com. The FQDN for active directory domain server is

WebSVN Configuration

Create a directory which will hold the SVN repositories. I used /srv/svn for this purpose

Next, download the latest WebSVN package from

(Note: replace the URL with path to latest release of websvn in above command line)
Instead of extracting websvn package to default root of apache web server under /var/www/html, I created a new directory to host this package

Next, create an alias for this directory in apache configuration. Create a file in /etc/httpd/conf.d

and add the following lines to this file

Replace the AuthLDAPURL with correct URL according to your environment. Also, modify the AuthLDAPBindDN and AuthLDAPBindPassword according to your user which will be used for binding.

If you are using LDAP server instead of Active Directory server, replace the port number 3268 with 389. Port 3268 is used by Active Directory Global Catalog. The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory forest. Using port 389 for some reason didn’t work for authentication.

In AuthLDAPURL, the last word NONE serves the following purpose:

stablish an unsecure connection on the default LDAP port.

Establish a secure connection on the default secure LDAP port.

Establish an upgraded secure connection on the default LDAP port.

Next, create the new configuration file for WebSVN from default configuration files ships with the package.

You can edit the config.php file according to your environment. For every repository, you have add the parent path to directory which holds the repositories. In my case, /srv/svn is the directory which will hold all the repositories so I added the below line to config.php

In addition to above, I added the below lines to config.php for syntax highlighting.

Restart the apache service for changes to take effect

Lets create a repository which we can use for testing.

Try accessing the alias using the URL http://<hostname>/websvn and if things work out good, you should have access to your repositories through WebSVN interface.

Configuring WebDAV

Configuring WebDAV access for subversion requires mod_dav_svn module which we already installed in previous steps. Installing mod_dav_svn RPM also creates configuration file subversion.conf under /etc/httpd/conf.d directory.
To use WebDAV for SVN repositories, repository directory should be owned by web server user (apache). Change the ownership of our test SVN repository to apache user

Next, edit subversion.conf file and

add the following lines.

LimitExcept directive controls the access to repository and define if the user can write to this repository or not. In the above case, any user belongs to active directory group ‘Developer Group‘ can read and write from/to this repository.

Lets, restart the apache service for changes to take effect

Browse to the repository using below URL

If you want give access to all the repositories held under /srv/svn, replace the below lines


4 thoughts on “Subversion with WebSVN, WebDAV and Active Directory or LDAP Authentication”

  1. Great write up. This helped a lot. Just a quick question. What was the purpose of installing MySQL?

  2. Thanks Jason,
    I installed MySQL as I was also going to run matisbt as another virtual host on this server. For the scope of this article in regards to SVN and WebSVN, you won’t need it. I will revise the article and will take it out to avoid confusion for other readers 🙂

  3. Hi Harpreet thanks for intention to help others through your blog.I am using centos 5.I followed your step till creating websvn.conf file under your blog section(ldap integration).Please let me know where i am wrong.

    When i restarted apache i get the error

    Starting httpd: Syntax error on line 3 of /etc/httpd/conf.d/websvn.conf:
    AuthBasicProvider not allowed here

    Alias /websvn/ “/var/www/websvn/”

    AuthBasicProvider “ldap”
    AuthType Basic
    AuthzLDAPAuthoritative off
    AuthName “Subversion Repository Web Browsing”
    AuthLDAPURL “ldap://,DC=com?sAMAccountName?sub?(objectClass=*)” NONE
    AuthLDAPBindDN “CN=svnldap,CN=Users,DC=xyz,DC=com”
    AuthLDAPBindPassword “eqa01234”

    require valid-user

    I have loaded the ldap module.Can you please help me in this.Thanks.

  4. Hello Fizeen,

    It seems to be related to ldap module. What you see in apache error log? Can you get me the related messages from apache error logs related ldap authentication?

    Also, double check your AuthLDAPURL to make sure there is no typo.

Leave a Reply

Your email address will not be published. Required fields are marked *