ADISS 1.1 review
DownloadADISS project is a simple tool to automated the generation of Subversion AuthzSVNAccessFiles. The simple web interface allows the
|
|
ADISS project is a simple tool to automated the generation of Subversion AuthzSVNAccessFiles.
The simple web interface allows the administrator to define the repostirory paths, the full path to the AuthzSVNAccessFile and the LDAP filter for the Active Directory group that will be used to control access.
The script adiss_batch.php (run via a cron job or scheduled task you create at the interval you define)
Technology - Apache, mySQL, PHP. Written and tested on Linux by should work on other operating systems. Uses PHP_LDAP and PHP_MYSQL.
Installation:
Obtain and extract the tarball to a location under your web server's root directory, for example:
cd /var/www/html
tar -zxvf adiss-0.90.tgz
Rename the directory if so desired:
mv adiss-x.xX adiss
Set permissions on the directory so that the account your web server runs as has permissions to the files:
chown -R apache:apache adiss
Create the database:
cd adiss
mysql
create database adiss;
grant SELECT, INSERT, UPDATE, DELETE on adiss.* to adiss@localhost identified by 'password';
flush privileges;
quit
mysql adiss < create_tables.sql
Modify the config.in.php file to match your environment.
$db_host = "localhost";
$db_name = "adiss";
$db_user = "adiss";
$db_pass = "password"; # from create database section above
$ldap_server = "adserver.domain.com"; # The GC or AD server
$ldap_server_port = "3268"; # Use port 389 if you'd are using a DC, I prefer to use port 3268 on the Global Catalog server
$bind_user = "adiss@domain.com";
$bind_pass = "password";
$base_dn = "DC=domain, DC=com";
You should secure this site unless you are OK with anyone manaing your settings (not recommended). The application is really intended as an intranet only applicaiton, expose this to the Internet at YOUR OWN RISK.
Here is an example of an Apache configuration file (to be placed in /etc/httpd/conf.d or other server specific location) to secure this site. Obviously you will need to customize this for your site/environment:
< Directory /var/www/html/adiss >
AuthType Basic
AuthName "DOMAINNAME"
AuthLDAPURL ldap://server.domain.com:3268/DC=domain,DC=com?
samAccountName?sub?(objectCategory=person)
AuthLDAPBindDN DOMAINadiss
AuthLDAPBindPassword password
Require valid-user
# If you want to be more specific you could use the line below
Require user username1 username2
Options Indexes FollowSymLinks
AllowOverride All
order allow,deny
allow from all
< /Directory >
Restart Apache after adding the above (service httpd restart or other server specific command).
Launch a browser and visit the URL http://yourhost/adiss
What's New in This Release:
Incorporated bug fix for end of line in pre and post commit edit procedures.
Fixed a typo in the HTML page title.
Added ability to define a read-only group on a per project/repository basis in addition to the read-write group.
ADISS 1.1 search tags