SubversionWiki - User contributions [en]

Automatic lock-modify-unlock

2007-12-08T11:17:52Z

Anneb:

Different versions of binary files cannot be merged. Therefore versioning of binary files should follow the lock-modify-unlock model[http://svnbook.red-bean.com/en/1.4/svn.basic.vsn-models.html#svn.basic.vsn-models.lock-unlock].
This setup uses the following three measures
* forces users to use property svn:needs-lock on newly added binary files. Denies commits when the property is not available
* sets the svn:needs-lock property on all already existing binary files in repositories
* configures users to automatically set property svn:needs-lock on newly added binary files

1) - create a pre-commit.cmd script in the repository\hooks directory. This script verifies that property svn:needs-lock is set on binary files and denies the commit if the property is not available (Windows only):
<pre>@echo off
set REPOS=%1
set TRANSACTION=%2
set SVNLOOK="c:\Program Files\Subversion\apache2.2\bin\svnlook.exe"
set TEMP=c:\temp

if exist %TEMP%\tempfile%2 del %TEMP%\tempfile%2
for /f "tokens=1,2 usebackq" %%i in (`%SVNLOOK% changed -t %2 %1`) do @if %%i==A @echo %%j >> %TEMP%\tempfile%2
if not exist %TEMP%\tempfile%2 goto NOFILESADDED
for /f "usebackq" %%i in (`findstr /E /I /R "\.bmp.$ \.gif.$ \.ico.$ \.jpeg.$ \.jpg.$ \.png.$ \.tif.$ \.tiff.$ \.doc.$ \.jar.$ \.odt.$ \.pdf.$ \.ppt.$ \.swf.$ \.vsd.$ \.xls.$ \.zip.$" %TEMP%\tempfile%2`) do (
%SVNLOOK% propget -t %2 %1 svn:needs-lock %%i 1> nul 2> nul
if ERRORLEVEL 1 (
echo commit denied, binary files must have property svn:needs-lock >&2
type %TEMP%\tempfile%2 >&2
del %TEMP%\tempfile%2
EXIT /B 1
)
)
del %TEMP%\tempfile%2
:NOFILESADDED
EXIT /B 0
</pre>

2) Recursively set svn:needs-lock property on binaries

If you need to apply svn:needs-lock on already existing binaries in a repository, do the following on a client (not on the svn server):
- checkout a repository
- add to following line to a cmd script (Windows only):
<pre>FOR /R c:\full\path\to\repository %%v in (*.bmp *.gif *.ico *.jpeg *.jpg *.png *.tif *.tiff *.doc *.jar *.odc *.odf *.odg *.odi *.odp *.ods *.odt *.pdf *.ppt *.ser *.swf *.vsd *.xls *.zip) do svn propset svn:needs-lock yes %%~fv
</pre>
- run the script

3) Configure users to automatically use svn:needs-lock property on new binary files

New binary files should have the svn:needs-lock property set, this is verified by the script of step 1. This can be achieved automatically if users configure their svn client config file.

- under windows the SVN config file is "C:\Documents and Settings\[USER_NAME]\Application Data\Subversion\config"

Replace or merge the [miscellany] and [auto-props] sections in the svn config file with the following:
<pre>
[miscellany]
enable-auto-props = yes

[auto-props]
### The format of the entries is:
### file-name-pattern = propname[=value][;propname[=value]...]
### The file-name-pattern can contain wildcards (such as '*' and
### '?'). All entries which match will be applied to the file.
### Note that auto-props functionality must be enabled, which
### is typically done by setting the 'enable-auto-props' option.
*.bmp = svn:mime-type=image/bmp;svn:needs-lock=*
*.gif = svn:mime-type=image/gif;svn:needs-lock=*
*.ico = svn:mime-type=image/x-icon;svn:needs-lock=*
*.jpeg = svn:mime-type=image/jpeg;svn:needs-lock=*
*.jpg = svn:mime-type=image/jpeg;svn:needs-lock=*
*.png = svn:mime-type=image/png;svn:needs-lock=*
*.tif = svn:mime-type=image/tiff;svn:needs-lock=*
*.tiff = svn:mime-type=image/tiff;svn:needs-lock=*

*.doc = svn:mime-type=application/msword;svn:needs-lock=*
*.jar = svn:mime-type=application/octet-stream;svn:needs-lock=*
*.odc = svn:mime-type=application/vnd.oasis.opendocument.chart;svn:needs-lock=*
*.odf = svn:mime-type=application/vnd.oasis.opendocument.formula;svn:needs-lock=*
*.odg = svn:mime-type=application/vnd.oasis.opendocument.graphics;svn:needs-lock=*
*.odi = svn:mime-type=application/vnd.oasis.opendocument.image;svn:needs-lock=*
*.odp = svn:mime-type=application/vnd.oasis.opendocument.presentation;svn:needs-lock=*
*.ods = svn:mime-type=application/vnd.oasis.opendocument.spreadsheet;svn:needs-lock=*
*.odt = svn:mime-type=application/vnd.oasis.opendocument.text;svn:needs-lock=*
*.pdf = svn:mime-type=application/pdf;svn:needs-lock=*
*.ppt = svn:mime-type=application/vnd.ms-powerpoint;svn:needs-lock=*
*.ser = svn:mime-type=application/octet-stream;svn:needs-lock=*
*.swf = svn:mime-type=application/x-shockwave-flash;svn:needs-lock=*
*.vsd = svn:mime-type=application/x-visio;svn:needs-lock=*
*.xls = svn:mime-type=application/vnd.ms-excel;svn:needs-lock=*
*.zip = svn:mime-type=application/zip;svn:needs-lock=*
</pre>

Subversion configured for Windows Active Directory HTTPS

2007-12-08T11:03:25Z

Anneb:

If you want to set up a subversion server on a windows machine that recognizes users from Microsoft Active Directory and uses secure http (https) to communicate with clients you can use the following setup as a template for your configuration.

Steps to follow:

1) Download and install Apache 2.2 + open SSL from http://www.apache.org. Do use Apache 2.2 instead of Apache 2.0 if you want to connect to Active Directory

2) Download the apache 2.2 binary compatible version of svn from http://svn.tigris.org

3) Copy all dll's and modules (.so files) from subversion/bin directory to the apache2.2 /modules directory

4) Copy an existing svn repository or create a new repository
COPY:<pre>
cd "c:\program files\subversion\bin"
svnadmin hotcopy //computer/share/subversion/repositories/repo1 c:/subversion/repositories/repo1</pre>
CREATE:
<pre>svnadmin create c:/subversion/repositories/repo1</pre>

5) Create a authorization file: svn.authz
<pre>### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to a
### single user, to a group of users defined in a special [groups]
### section, or to anyone using the '*' wildcard. Each definition can
### grant read ('r') access, read-write ('rw') access, or no access
### ('').
[groups]
group1 = harry,sally
group2 = romeo,julia
group3 = sally,julia

[/]
* = r
@group1 = rw
</pre>
6) Create a SSL certificate

- Openssl.exe included with this version of Apache 2.2 does not seem to be configured well on windows. In order to create a certificate, you need a well configured version of openssl. For this example configuration of subversion with https, file Openssl-0.9.7e-Win32.zip[http://support.etouch.net/cm/wiki/support.Downloads.wiki/1021721main_Openssl-0.9.7e-Win32.zip] combined with file openssl.conf[http://support.etouch.net/cm/wiki/support.Downloads.wiki/1021722main_openssl.cnf] were downloaded from support.etouch.net[http://support.etouch.net/cm/wiki/support.Downloads.wiki/home/Enabling%20SSL%20with%20Apache%20on%20Windows%202003%20for%20SamePage.html]

- run the following commands
<pre>openssl req -config openssl.cnf -new -out svn.example.com.csr
openssl rsa -in privkey.pem -out svn.example.com.key
openssl x509 -in svn.example.com.csr -out svn.example.com.cert -req -signkey svn.example.com.key -days 1000
</pre>
- copy the resulting *.cert and *.key files to the apache2.2/conf directory

7) Edit apache/conf/httpd.conf
<pre>
LoadModule dav_module modules/mod_dav.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule ssl_module modules/mod_ssl.so

<VirtualHost _default_:443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile conf/svn.example.com.cert
SSLCertificateKeyFile conf/svn.example.com.key
#<FilesMatch "\.(cgi|shtml|phtml|php3?)$">
# SSLOptions +StdEnvVars
#</FilesMatch>
#<Directory "C:/Program Files/Apache Group/Apache2/cgi">
# SSLOptions +StdEnvVars
#</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

#redirect /repos to /repos/
RedirectMatch ^(/repos)$ $1/

<Location /repos/>
DAV svn
# SVNPath c:/subversion/repositories/repo1
SVNParentPath c:/subversion/repositories
SVNListparentPath on
Order allow,deny
Allow from all

AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthName "svn.example.com"
AuthzSVNAccessFile c:/subversion/repositories/svn.authz

#at least one of your domain servers listens on port 3268 (besides default ldap port 389)
#use the server that listens on port 3268 if you have more than one AD server. The service
#on port 389 uses referrals to the other AD servers. Referrals are used anonymously. Anonymoys
#binding will not work on most AD-servers.
AuthLDAPURL "ldap://dc.example.com:3268/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)"

#this assumes you have created a dedicated bind user "apache_bind" on your active directory
AuthLDAPBindDN "CN=apache_bind,CN=users,DC=example,DC=com"

#warning: this password for AD apache_bind user is in plain text!
AuthLDAPBindPassword [password_for_ad_user_apache_bind]

#AuthLDAPFollowReferrals off

AuthLDAPGroupAttributeIsDN on
AuthLDAPGroupAttribute member
SSLRequireSSL
#require ldap-group CN=svnusers,CN=Users,DC=example,DC=com
require valid-user
</Location>
</VirtualHost>
</pre>

8) Apply ldap patch for MS-AD

When a Microsoft Active Directory times out, it sends a TCP RST instad of a TCP FIN to the client. There is a workaround for this MS AD bug in Apache mod_ldap, see http://www.apachelounge.com/forum/viewtopic.php?t=1995 or download http://www.anneb.dds.nl/httpd-2.2.6_ldappatch_win32_vc6.zip
Replace apache modules mod_lap.so and mod_authnz_ldap.so with the files from the downloaded zip file. This configuration allows you to add more than one repository in directory c:/subversion/repositories. All repositories are listed in the browser using URL https://svn.example.com/repos. User names and passwords are validated against Active Directory. Standard svn clients can not browse the list of repositories. Instead you should use the full path to a particular repository, for instance https://svn.example.com/repos/repo1.

9) Binary files cannot be easily merged. The lock-modify-unlock versioning model seems to be the only appropriate model for these type of files. Follow the instructions in [Setting up lock-modify-unlock This description also includes client and server side configuration to accommodate for the lock-modify-unlock model for binary files.

9) Force users to set svn:needs-lock property on new binary files

Binary files cannot be merged. Versioning should follow the lock-modify-unlock model[http://svnbook.red-bean.com/en/1.4/svn.basic.vsn-models.html#svn.basic.vsn-models.lock-unlock]. You can force using this model for binary files following the description on how to setup [[Automatic lock-modify-unlock]].

Subversion configured for Windows Active Directory HTTPS

2007-12-08T10:39:37Z

Anneb:

If you want to set up a subversion server on a windows machine that recognizes users from Microsoft Active Directory and uses secure http (https) to communicate with clients you can use the following setup as a template for your configuration.

Steps to follow:

1) Download and install Apache 2.2 + open SSL from http://www.apache.org. Do use Apache 2.2 instead of Apache 2.0 if you want to connect to Active Directory

2) Download the apache 2.2 binary compatible version of svn from http://svn.tigris.org

3) Copy all dll's and modules (.so files) from subversion/bin directory to the apache2.2 /modules directory

4) Copy an existing svn repository or create a new repository
COPY:<pre>
cd "c:\program files\subversion\bin"
svnadmin hotcopy //computer/share/subversion/repositories/repo1 c:/subversion/repositories/repo1</pre>
CREATE:
<pre>svnadmin create c:/subversion/repositories/repo1</pre>

5) Create a authorization file: svn.authz
<pre>### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to a
### single user, to a group of users defined in a special [groups]
### section, or to anyone using the '*' wildcard. Each definition can
### grant read ('r') access, read-write ('rw') access, or no access
### ('').
[groups]
group1 = harry,sally
group2 = romeo,julia
group3 = sally,julia

[/]
* = r
@group1 = rw
</pre>
6) Create a SSL certificate

- Openssl.exe included with this version of Apache 2.2 does not seem to be configured well on windows. In order to create a certificate, you need a well configured version of openssl. For this example configuration of subversion with https, file Openssl-0.9.7e-Win32.zip[http://support.etouch.net/cm/wiki/support.Downloads.wiki/1021721main_Openssl-0.9.7e-Win32.zip] combined with file openssl.conf[http://support.etouch.net/cm/wiki/support.Downloads.wiki/1021722main_openssl.cnf] were downloaded from support.etouch.net[http://support.etouch.net/cm/wiki/support.Downloads.wiki/home/Enabling%20SSL%20with%20Apache%20on%20Windows%202003%20for%20SamePage.html]

- run the following commands
<pre>openssl req -config openssl.cnf -new -out svn.example.com.csr
openssl rsa -in privkey.pem -out svn.example.com.key
openssl x509 -in svn.example.com.csr -out svn.example.com.cert -req -signkey svn.example.com.key -days 1000
</pre>
- copy the resulting *.cert and *.key files to the apache2.2/conf directory

7) Edit apache/conf/httpd.conf
<pre>
LoadModule dav_module modules/mod_dav.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule ssl_module modules/mod_ssl.so

<VirtualHost _default_:443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile conf/svn.example.com.cert
SSLCertificateKeyFile conf/svn.example.com.key
#<FilesMatch "\.(cgi|shtml|phtml|php3?)$">
# SSLOptions +StdEnvVars
#</FilesMatch>
#<Directory "C:/Program Files/Apache Group/Apache2/cgi">
# SSLOptions +StdEnvVars
#</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

#redirect /repos to /repos/
RedirectMatch ^(/repos)$ $1/

<Location /repos/>
DAV svn
# SVNPath c:/subversion/repositories/repo1
SVNParentPath c:/subversion/repositories
SVNListparentPath on
Order allow,deny
Allow from all

AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthName "svn.example.com"
AuthzSVNAccessFile c:/subversion/repositories/svn.authz

#at least one of your domain servers listens on port 3268 (besides default ldap port 389)
#use the server that listens on port 3268 if you have more than one AD server. The service
#on port 389 uses referrals to the other AD servers. Referrals are used anonymously. Anonymoys
#binding will not work on most AD-servers.
AuthLDAPURL "ldap://dc.example.nl:3268/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)"
#AuthLDAPURL "ldap://dc.example.nl:389/DC=example,DC=com?sAMAccountName??(objectClass=*)"
AuthLDAPBindDN "CN=apache_bind,CN=users,DC=example,DC=com"
AuthLDAPBindPassword [password_for_ad_user_apache_bind]
#AuthLDAPFollowReferrals off

AuthLDAPGroupAttributeIsDN on
AuthLDAPGroupAttribute member
SSLRequireSSL
#require ldap-group CN=svnusers,CN=Users,DC=example,DC=com
require valid-user
</Location>
</VirtualHost>
</pre>

8) Apply ldap patch for MS-AD

When a Microsoft Active Directory times out, it sends a TCP RST instad of a TCP FIN to the client. There is a workaround for this MS AD bug in Apache mod_ldap, see http://www.apachelounge.com/forum/viewtopic.php?t=1995 or download http://www.anneb.dds.nl/httpd-2.2.6_ldappatch_win32_vc6.zip
Replace apache modules mod_lap.so and mod_authnz_ldap.so with the files from the downloaded zip file. This configuration allows you to add more than one repository in directory c:/subversion/repositories. All repositories are listed in the browser using URL https://svn.example.com/repos. User names and passwords are validated against Active Directory. Standard svn clients can not browse the list of repositories. Instead you should use the full path to a particular repository, for instance https://svn.example.com/repos/repo1.

9) Binary files cannot be easily merged. The lock-modify-unlock versioning model seems to be the only appropriate model for these type of files. Follow the instructions in [Setting up lock-modify-unlock This description also includes client and server side configuration to accommodate for the lock-modify-unlock model for binary files.

9) Force users to set svn:needs-lock property on new binary files

Binary files cannot be merged. Versioning should follow the lock-modify-unlock model[http://svnbook.red-bean.com/en/1.4/svn.basic.vsn-models.html#svn.basic.vsn-models.lock-unlock]. You can force using this model for binary files following the description on how to setup [[Automatic lock-modify-unlock]].

Subversion configured for Windows Active Directory HTTPS

2007-12-08T10:38:08Z

Anneb:

If you want to set up a subversion server on a windows machine that recognizes users from Microsoft Active Directory and uses secure http (https) to communicate with clients you can use the following setup as a template for your configuration.

Steps to follow:

1) Download and install Apache 2.2 + open SSL from http://www.apache.org. Do use Apache 2.2 instead of Apache 2.0 if you want to connect to Active Directory

2) Download the apache 2.2 binary compatible version of svn from http://svn.tigris.org

3) Copy all dll's and modules (.so files) from subversion/bin directory to the apache2.2 /modules directory

4) Copy an existing svn repository or create a new repository
COPY:<pre>
cd "c:\program files\subversion\bin"
svnadmin hotcopy //computer/share/subversion/repositories/repo1 c:/subversion/repositories/repo1</pre>
CREATE:
<pre>svnadmin create c:/subversion/repositories/repo1</pre>

5) Create a authorization file: svn.authz
<pre>### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to a
### single user, to a group of users defined in a special [groups]
### section, or to anyone using the '*' wildcard. Each definition can
### grant read ('r') access, read-write ('rw') access, or no access
### ('').
[groups]
group1 = harry,sally
group2 = romeo,julia
group3 = sally,julia

[/]
* = r
@group1 = rw
</pre>
6) Create a SSL certificate

- Openssl.exe included with this version of Apache 2.2 does not seem to be configured well on windows. In order to create a certificate, you need a well configured version of openssl. For this example configuration of subversion with https, file Openssl-0.9.7e-Win32.zip[http://support.etouch.net/cm/wiki/support.Downloads.wiki/1021721main_Openssl-0.9.7e-Win32.zip] combined with file openssl.conf[http://support.etouch.net/cm/wiki/support.Downloads.wiki/1021722main_openssl.cnf] were downloaded from support.etouch.net[http://support.etouch.net/cm/wiki/support.Downloads.wiki/home/Enabling%20SSL%20with%20Apache%20on%20Windows%202003%20for%20SamePage.html]

- run the following commands
<pre>openssl req -config openssl.cnf -new -out svn.example.com.csr
openssl rsa -in privkey.pem -out svn.example.com.key
openssl x509 -in svn.example.com.csr -out svn.example.com.cert -req -signkey svn.example.com.key -days 1000
</pre>
- copy the resulting *.cert and *.key files to the apache2.2/conf directory

7) Edit apache/conf/httpd.conf
<pre>
LoadModule dav_module modules/mod_dav.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule ssl_module modules/mod_ssl.so

<VirtualHost _default_:443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile conf/svn.example.com.cert
SSLCertificateKeyFile conf/svn.example.com.key
#<FilesMatch "\.(cgi|shtml|phtml|php3?)$">
# SSLOptions +StdEnvVars
#</FilesMatch>
#<Directory "C:/Program Files/Apache Group/Apache2/cgi">
# SSLOptions +StdEnvVars
#</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

#redirect /repos to /repos/
RedirectMatch ^(/repos)$ $1/

<Location /repos/>
DAV svn
# SVNPath c:/subversion/repositories/repo1
SVNParentPath c:/subversion/repositories
SVNListparentPath on
Order allow,deny
Allow from all

AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthName "svn.example.com"
AuthzSVNAccessFile c:/subversion/repositories/svn.authz

#at least one of your domain servers listens on port 3268 (besides default ldap port 389)
#use the server that listens on port 3268 if you have more than one AD server. The service
#on port 389 uses referrals to the other AD servers. Referrals are used anonymously. Anonymoys
#binding will not work on most AD-servers.
AuthLDAPURL "ldap://dc.example.nl:3268/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)"
#AuthLDAPURL "ldap://dc.example.nl:389/DC=example,DC=com?sAMAccountName??(objectClass=*)"
AuthLDAPBindDN "CN=apache_bind,CN=users,DC=example,DC=com"
AuthLDAPBindPassword [password_for_ad_user_apache_bind]
#AuthLDAPFollowReferrals off

AuthLDAPGroupAttributeIsDN on
AuthLDAPGroupAttribute member
SSLRequireSSL
#require ldap-group CN=svnusers,CN=Users,DC=example,DC=com
require valid-user
</Location>
</VirtualHost>
</pre>

8) Apply ldap patch for MS-AD

When a Microsoft Active Directory times out, it sends a TCP RST instad of a TCP FIN to the client. There is a workaround for this MS AD bug in Apache mod_ldap, see http://www.apachelounge.com/forum/viewtopic.php?t=1995 or download http://www.anneb.dds.nl/httpd-2.2.6_ldappatch_win32_vc6.zip
Replace apache modules mod_lap.so and mod_authnz_ldap.so with the files from the downloaded zip file. This configuration allows you to add more than one repository in directory c:/subversion/repositories. All repositories are listed in the browser using URL https://svn.example.com/repos. User names and passwords are validated against Active Directory. Standard svn clients can not browse the list of repositories. Instead you should use the full path to a particular repository, for instance https://svn.example.com/repos/repo1.

9) Binary files cannot be easily merged. The lock-modify-unlock versioning model seems to be the only appropriate model for these type of files. Follow the instructions in [Setting up lock-modify-unlock This description also includes client and server side configuration to accommodate for the lock-modify-unlock model for binary files.

9) Force users to set svn:needs-lock property on new binary files

Binary files cannot be merged. Versioning should follow the lock-modify-unlock model[http://svnbook.red-bean.com/en/1.4/svn.basic.vsn-models.html#svn.basic.vsn-models.lock-unlock]. You can force using this model for binary files following the description on how to setup [Automatic lock-modify-unlock].

Automatic lock-modify-unlock

2007-12-08T10:32:56Z

Anneb: New page: Different versions of binary files cannot be merged. Therefore versioning of binary files should follow the lock-modify-unlock model[http://svnbook.red-bean.com/en/1.4/svn.basic.vsn-models...

Different versions of binary files cannot be merged. Therefore versioning of binary files should follow the lock-modify-unlock model[http://svnbook.red-bean.com/en/1.4/svn.basic.vsn-models.html#svn.basic.vsn-models.lock-unlock]. You can force using this model for binary files with a pre-commit script as part of the svn repository. This script verifies that property svn:needs-lock is set on binary files and denies the commit if the property is not available.

1) - create a pre-commit.cmd script in the repository\hooks directory (Windows only):
<pre>@echo off
set REPOS=%1
set TRANSACTION=%2
set SVNLOOK="c:\Program Files\Subversion\apache2.2\bin\svnlook.exe"
set TEMP=c:\temp

if exist %TEMP%\tempfile%2 del %TEMP%\tempfile%2
for /f "tokens=1,2 usebackq" %%i in (`%SVNLOOK% changed -t %2 %1`) do @if %%i==A @echo %%j >> %TEMP%\tempfile%2
if not exist %TEMP%\tempfile%2 goto NOFILESADDED
for /f "usebackq" %%i in (`findstr /E /I /R "\.bmp.$ \.gif.$ \.ico.$ \.jpeg.$ \.jpg.$ \.png.$ \.tif.$ \.tiff.$ \.doc.$ \.jar.$ \.odt.$ \.pdf.$ \.ppt.$ \.swf.$ \.vsd.$ \.xls.$ \.zip.$" %TEMP%\tempfile%2`) do (
%SVNLOOK% propget -t %2 %1 svn:needs-lock %%i 1> nul 2> nul
if ERRORLEVEL 1 (
echo commit denied, binary files must have property svn:needs-lock >&2
type %TEMP%\tempfile%2 >&2
del %TEMP%\tempfile%2
EXIT /B 1
)
)
del %TEMP%\tempfile%2
:NOFILESADDED
EXIT /B 0
</pre>

2) Recursively set svn:needs-lock property on binaries

If you need to apply svn:needs-lock on already existing binaries in a repository, do the following on a client (not on the svn server):
- checkout a repository
- add to following line to a cmd script (Windows only):
<pre>FOR /R c:\full\path\to\repository %%v in (*.bmp *.gif *.ico *.jpeg *.jpg *.png *.tif *.tiff *.doc *.jar *.odc *.odf *.odg *.odi *.odp *.ods *.odt *.pdf *.ppt *.ser *.swf *.vsd *.xls *.zip) do svn propset svn:needs-lock yes %%~fv
</pre>
- run the script

3) Configure users to automatically use svn:needs-lock property on new binary files

New binary files should have the svn:needs-lock property set, this is verified by the script of step 1. This can be achieved automatically if users configure their svn client config file.

- under windows the SVN config file is "C:\Documents and Settings\[USER_NAME]\Application Data\Subversion\config"

Replace or merge the [miscellany] and [auto-props] sections in the svn config file with the following:
<pre>
[miscellany]
enable-auto-props = yes

[auto-props]
### The format of the entries is:
### file-name-pattern = propname[=value][;propname[=value]...]
### The file-name-pattern can contain wildcards (such as '*' and
### '?'). All entries which match will be applied to the file.
### Note that auto-props functionality must be enabled, which
### is typically done by setting the 'enable-auto-props' option.
*.bmp = svn:mime-type=image/bmp;svn:needs-lock=*
*.gif = svn:mime-type=image/gif;svn:needs-lock=*
*.ico = svn:mime-type=image/x-icon;svn:needs-lock=*
*.jpeg = svn:mime-type=image/jpeg;svn:needs-lock=*
*.jpg = svn:mime-type=image/jpeg;svn:needs-lock=*
*.png = svn:mime-type=image/png;svn:needs-lock=*
*.tif = svn:mime-type=image/tiff;svn:needs-lock=*
*.tiff = svn:mime-type=image/tiff;svn:needs-lock=*

*.doc = svn:mime-type=application/msword;svn:needs-lock=*
*.jar = svn:mime-type=application/octet-stream;svn:needs-lock=*
*.odc = svn:mime-type=application/vnd.oasis.opendocument.chart;svn:needs-lock=*
*.odf = svn:mime-type=application/vnd.oasis.opendocument.formula;svn:needs-lock=*
*.odg = svn:mime-type=application/vnd.oasis.opendocument.graphics;svn:needs-lock=*
*.odi = svn:mime-type=application/vnd.oasis.opendocument.image;svn:needs-lock=*
*.odp = svn:mime-type=application/vnd.oasis.opendocument.presentation;svn:needs-lock=*
*.ods = svn:mime-type=application/vnd.oasis.opendocument.spreadsheet;svn:needs-lock=*
*.odt = svn:mime-type=application/vnd.oasis.opendocument.text;svn:needs-lock=*
*.pdf = svn:mime-type=application/pdf;svn:needs-lock=*
*.ppt = svn:mime-type=application/vnd.ms-powerpoint;svn:needs-lock=*
*.ser = svn:mime-type=application/octet-stream;svn:needs-lock=*
*.swf = svn:mime-type=application/x-shockwave-flash;svn:needs-lock=*
*.vsd = svn:mime-type=application/x-visio;svn:needs-lock=*
*.xls = svn:mime-type=application/vnd.ms-excel;svn:needs-lock=*
*.zip = svn:mime-type=application/zip;svn:needs-lock=*
</pre>

Main Page

2007-12-08T10:17:17Z

Anneb: /* HowTos */

<big>'''Welcome to the Subversion Wiki.'''</big>

== Got a question about Subversion? ==

Since this wiki seems to lack content at the moment, try the [http://subversion.tigris.org/faq.html Subversion FAQ].

Also, there is [http://subversionary.org another wiki] related to Subversion. At this time, it contains more content than this wiki. However unlike this wiki, it doesn't use the more popular MediaWiki engine, and apprently, due to spam problems, was forced to shut off public editing.

== HowTos ==

* Manage [[System Configurations]] like <tt>/etc</tt> files using subversion.
* Setting up [[Subversion configured for Windows Active Directory HTTPS]]
* Setting up [[Automatic lock-modify-unlock]] for binary files

== Contrib tools ==

* [[svnmerge.py]] - Automatic branch management with merge tracking support.
* [[Repository Upgrade]] - Upgrade from an older repository to latest (1.4) (Windows)
* [[Subclipse]] - The subversion plugin for Eclipse
* [[SVNKit]] - Pure Java Subversion library
* [http://svnnotifier.tigris.org SVN Notifier] - Notifies you about other people's commits to subversion

== MediaWiki help ==

This wiki uses the MediaWiki software. Consult the [http://meta.wikipedia.org/wiki/MediaWiki_User's_Guide User's Guide] for information on using the wiki software.

=== Getting started ===

* [http://www.mediawiki.org/wiki/Help:Configuration_settings Configuration settings list]
* [http://www.mediawiki.org/wiki/Help:FAQ MediaWiki FAQ]
* [http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce MediaWiki release mailing list]
* [http://alfredfazio.ws/notes%3Asubversion Fast-paced overview of Subversion for experienced users]

Subversion configured for Windows Active Directory HTTPS

2007-12-08T10:11:25Z

Anneb:

If you want to set up a subversion server on a windows machine that recognizes users from Microsoft Active Directory and uses secure http (https) to communicate with clients you can use the following setup as a template for your configuration.

Binary files cannot be easily merged. The lock-modify-unlock versioning model seems to be the only appropriate model for these type of files. This description also includes client and server side configuration to accommodate for the lock-modify-unlock model for binary files.

Steps to follow:

1) Download and install Apache 2.2 + open SSL from http://www.apache.org. Do use Apache 2.2 instead of Apache 2.0 if you want to connect to Active Directory

2) Download the apache 2.2 binary compatible version of svn from http://svn.tigris.org

3) Copy all dll's and modules (.so files) from subversion/bin directory to the apache2.2 /modules directory

4) Copy an existing svn repository or create a new repository
COPY:<pre>
cd "c:\program files\subversion\bin"
svnadmin hotcopy //computer/share/subversion/repositories/repo1 c:/subversion/repositories/repo1</pre>
CREATE:
<pre>svnadmin create c:/subversion/repositories/repo1</pre>

5) Create a authorization file: svn.authz
<pre>### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to a
### single user, to a group of users defined in a special [groups]
### section, or to anyone using the '*' wildcard. Each definition can
### grant read ('r') access, read-write ('rw') access, or no access
### ('').
[groups]
group1 = harry,sally
group2 = romeo,julia
group3 = sally,julia

[/]
* = r
@group1 = rw
</pre>
6) Create a SSL certificate

- Openssl.exe included with this version of Apache 2.2 does not seem to be configured well on windows. In order to create a certificate, you need a well configured version of openssl. For this example configuration of subversion with https, file Openssl-0.9.7e-Win32.zip[http://support.etouch.net/cm/wiki/support.Downloads.wiki/1021721main_Openssl-0.9.7e-Win32.zip] combined with file openssl.conf[http://support.etouch.net/cm/wiki/support.Downloads.wiki/1021722main_openssl.cnf] were downloaded from support.etouch.net[http://support.etouch.net/cm/wiki/support.Downloads.wiki/home/Enabling%20SSL%20with%20Apache%20on%20Windows%202003%20for%20SamePage.html]

- run the following commands
<pre>openssl req -config openssl.cnf -new -out svn.example.com.csr
openssl rsa -in privkey.pem -out svn.example.com.key
openssl x509 -in svn.example.com.csr -out svn.example.com.cert -req -signkey svn.example.com.key -days 1000
</pre>
- copy the resulting *.cert and *.key files to the apache2.2/conf directory

7) Edit apache/conf/httpd.conf
<pre>
LoadModule dav_module modules/mod_dav.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule ssl_module modules/mod_ssl.so

<VirtualHost _default_:443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile conf/svn.example.com.cert
SSLCertificateKeyFile conf/svn.example.com.key
#<FilesMatch "\.(cgi|shtml|phtml|php3?)$">
# SSLOptions +StdEnvVars
#</FilesMatch>
#<Directory "C:/Program Files/Apache Group/Apache2/cgi">
# SSLOptions +StdEnvVars
#</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

#redirect /repos to /repos/
RedirectMatch ^(/repos)$ $1/

<Location /repos/>
DAV svn
# SVNPath c:/subversion/repositories/repo1
SVNParentPath c:/subversion/repositories
SVNListparentPath on
Order allow,deny
Allow from all

AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthName "svn.example.com"
AuthzSVNAccessFile c:/subversion/repositories/svn.authz

#at least one of your domain servers listens on port 3268 (besides default ldap port 389)
#use the server that listens on port 3268 if you have more than one AD server. The service
#on port 389 uses referrals to the other AD servers. Referrals are used anonymously. Anonymoys
#binding will not work on most AD-servers.
AuthLDAPURL "ldap://dc.example.nl:3268/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)"
#AuthLDAPURL "ldap://dc.example.nl:389/DC=example,DC=com?sAMAccountName??(objectClass=*)"
AuthLDAPBindDN "CN=apache_bind,CN=users,DC=example,DC=com"
AuthLDAPBindPassword [password_for_ad_user_apache_bind]
#AuthLDAPFollowReferrals off

AuthLDAPGroupAttributeIsDN on
AuthLDAPGroupAttribute member
SSLRequireSSL
#require ldap-group CN=svnusers,CN=Users,DC=example,DC=com
require valid-user
</Location>
</VirtualHost>
</pre>

8) Apply ldap patch for MS-AD

When a Microsoft Active Directory times out, it sends a TCP RST instad of a TCP FIN to the client. There is a workaround for this MS AD bug in Apache mod_ldap, see http://www.apachelounge.com/forum/viewtopic.php?t=1995 or download http://www.anneb.dds.nl/httpd-2.2.6_ldappatch_win32_vc6.zip
Replace apache modules mod_lap.so and mod_authnz_ldap.so with the files from the downloaded zip file. This configuration allows you to add more than one repository in directory c:/subversion/repositories. All repositories are listed in the browser using URL https://svn.example.com/repos. User names and passwords are validated against Active Directory. Standard svn clients can not browse the list of repositories. Instead you should use the full path to a particular repository, for instance https://svn.example.com/repos/repo1.

9) Force users to set svn:needs-lock property on new binary files

Binary files cannot be merged. Versioning should follow the lock-modify-unlock model. You can force using this model for binary files with the following pre-commit script as part of the svn repository
- create a pre-commit.cmd script in the repository\hooks directory
<pre>@echo off
set REPOS=%1
set TRANSACTION=%2
set SVNLOOK="c:\Program Files\Subversion\apache2.2\bin\svnlook.exe"
set TEMP=c:\temp

if exist %TEMP%\tempfile%2 del %TEMP%\tempfile%2
for /f "tokens=1,2 usebackq" %%i in (`%SVNLOOK% changed -t %2 %1`) do @if %%i==A @echo %%j >> %TEMP%\tempfile%2
if not exist %TEMP%\tempfile%2 goto NOFILESADDED
for /f "usebackq" %%i in (`findstr /E /I /R "\.bmp.$ \.gif.$ \.ico.$ \.jpeg.$ \.jpg.$ \.png.$ \.tif.$ \.tiff.$ \.doc.$ \.jar.$ \.odt.$ \.pdf.$ \.ppt.$ \.swf.$ \.vsd.$ \.xls.$ \.zip.$" %TEMP%\tempfile%2`) do (
%SVNLOOK% propget -t %2 %1 svn:needs-lock %%i 1> nul 2> nul
if ERRORLEVEL 1 (
echo commit denied, binary files must have property svn:needs-lock >&2
type %TEMP%\tempfile%2 >&2
del %TEMP%\tempfile%2
EXIT /B 1
)
)
del %TEMP%\tempfile%2
:NOFILESADDED
EXIT /B 0
</pre>

10) Recursively set svn:needs-lock property on binaries

If you need to apply svn:needs-lock on already existing binaries in a repository, do the following on a client (not on the svn server):
- checkout a repository
- add to following line to a cmd script:
<pre>FOR /R c:\full\path\to\repository %%v in (*.bmp *.gif *.ico *.jpeg *.jpg *.png *.tif *.tiff *.doc *.jar *.odc *.odf *.odg *.odi *.odp *.ods *.odt *.pdf *.ppt *.ser *.swf *.vsd *.xls *.zip) do svn propset svn:needs-lock yes %%~fv
</pre>
- run the script

11) Configure users to automatically use svn:needs-lock property on new binary files

New binary files should have the svn:needs-lock property set, this is verified by the script of step 9. This can be achieved automatically if users configure their svn client config file.

- under windows the SVN config file is "C:\Documents and Settings\[USER_NAME]\Application Data\Subversion\config"

Replace the [miscellany] and [auto-props] sections in the svn config file with the following:
<pre>
[miscellany]
enable-auto-props = yes

[auto-props]
### The format of the entries is:
### file-name-pattern = propname[=value][;propname[=value]...]
### The file-name-pattern can contain wildcards (such as '*' and
### '?'). All entries which match will be applied to the file.
### Note that auto-props functionality must be enabled, which
### is typically done by setting the 'enable-auto-props' option.
*.apt = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.c = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.c++ = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.cpp = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.cs = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.css = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.dtd = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.ent = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.fml = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.groovy = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.h = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.h++ = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.hpp = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.html = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.idl = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.include = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.java = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.js = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.jsp = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.ldf = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.ldif = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.mak = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.mdo = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.php = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.rb = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.rtf = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.sql = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.svg = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.t2t = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.vm = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.xhtml = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.xml = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.xsd = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.xsl = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.xslt = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
Makefile = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision

*.launch = svn:eol-style=native
*.MF = svn:eol-style=native
*.properties = svn:eol-style=native
*.script = svn:eol-style=native
*.txt = svn:eol-style=native

*.dsp = svn:eol-style=CRLF
*.dsw = svn:eol-style=CRLF

*.iml = svn:eol-style=LF

*.bat = svn:eol-style=CRLF;svn:executable;svn:keywords=Author Date Id HeadURL Revision
*.cmd = svn:eol-style=CRLF;svn:executable;svn:keywords=Author Date Id HeadURL Revision

*.ksh = svn:eol-style=LF;svn:executable;svn:keywords=Author Date Id HeadURL Revision
*.sh = svn:eol-style=LF;svn:executable;svn:keywords=Author Date Id HeadURL Revision

*.pl = svn:eol-style=native;svn:executable;svn:keywords=Author Date Id HeadURL Revision
*.py = svn:eol-style=native;svn:executable;svn:keywords=Author Date Id HeadURL Revision

*.bmp = svn:mime-type=image/bmp;svn:needs-lock=*
*.gif = svn:mime-type=image/gif;svn:needs-lock=*
*.ico = svn:mime-type=image/x-icon;svn:needs-lock=*
*.jpeg = svn:mime-type=image/jpeg;svn:needs-lock=*
*.jpg = svn:mime-type=image/jpeg;svn:needs-lock=*
*.png = svn:mime-type=image/png;svn:needs-lock=*
*.tif = svn:mime-type=image/tiff;svn:needs-lock=*
*.tiff = svn:mime-type=image/tiff;svn:needs-lock=*

*.doc = svn:mime-type=application/msword;svn:needs-lock=*
*.jar = svn:mime-type=application/octet-stream;svn:needs-lock=*
*.odc = svn:mime-type=application/vnd.oasis.opendocument.chart;svn:needs-lock=*
*.odf = svn:mime-type=application/vnd.oasis.opendocument.formula;svn:needs-lock=*
*.odg = svn:mime-type=application/vnd.oasis.opendocument.graphics;svn:needs-lock=*
*.odi = svn:mime-type=application/vnd.oasis.opendocument.image;svn:needs-lock=*
*.odp = svn:mime-type=application/vnd.oasis.opendocument.presentation;svn:needs-lock=*
*.ods = svn:mime-type=application/vnd.oasis.opendocument.spreadsheet;svn:needs-lock=*
*.odt = svn:mime-type=application/vnd.oasis.opendocument.text;svn:needs-lock=*
*.pdf = svn:mime-type=application/pdf;svn:needs-lock=*
*.ppt = svn:mime-type=application/vnd.ms-powerpoint;svn:needs-lock=*
*.ser = svn:mime-type=application/octet-stream;svn:needs-lock=*
*.swf = svn:mime-type=application/x-shockwave-flash;svn:needs-lock=*
*.vsd = svn:mime-type=application/x-visio;svn:needs-lock=*
*.xls = svn:mime-type=application/vnd.ms-excel;svn:needs-lock=*
*.zip = svn:mime-type=application/zip;svn:needs-lock=*
</pre>

Subversion configured for Windows Active Directory HTTPS

2007-12-08T02:13:32Z

Anneb:

If you want to set up a subversion server on a windows machine that recognizes users from Microsoft Active Directory and uses secure http (https) to communicate with clients you can use the following setup as a template for your configuration.

Binary files cannot be easily merged. The lock-modify-unlock versioning model seems to be the only appropriate model for these type of files. This description also includes client and server side configuration to accommodate for the lock-modify-unlock model for binary files.

Steps to follow:

1) Download and install Apache 2.2 + open SSL from www.apache.org. Do use Apache 2.2 instead of Apache 2.0 if you want to connect to Active Directory

2) Download the apache 2.2 binary compatible version of svn from http://svn.tigris.org

3) Copy all dll's and modules (.so files) from subversion/bin directory to the apache2.2 /modules directory

4) Copy an existing svn repository or create a new repository
COPY:<pre>
cd "c:\program files\subversion\bin"
svnadmin hotcopy //computer/share/subversion/repositories/repo1 c:/subversion/repositories/repo1</pre>
CREATE:
<pre>svnadmin create c:/subversion/repositories/repo1</pre>

5) Create a authorization file: svn.authz
<pre>### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to a
### single user, to a group of users defined in a special [groups]
### section, or to anyone using the '*' wildcard. Each definition can
### grant read ('r') access, read-write ('rw') access, or no access
### ('').
[groups]
group1 = harry,sally
group2 = romeo,julia
group3 = sally,julia

[/]
* = r
@group1 = rw
</pre>
6) Create a SSL certificate

- Openssl.exe included with this version of Apache does not seem to work well on windows. In order to create a certificate, you need a well working version of openssl. For me, file Openssl-0.9.7e-Win32.zip, for instance from: http://support.etouch.net/cm/wiki/support.Downloads.wiki/1021721main_Openssl-0.9.7e-Win32.zip worked well

- run the following commands
<pre>openssl req -config openssl.cnf -new -out svn.example.com.csr
openssl rsa -in privkey.pem -out svn.example.com.key
openssl x509 -in svn.example.com.csr -out svn.example.com.cert -req -signkey svn.example.com.key -days 1000
</pre>
- copy the resulting *.cert and *.key files to the apache2.2/conf directory

7) Edit apache/conf/httpd.conf
<pre>
LoadModule dav_module modules/mod_dav.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule ssl_module modules/mod_ssl.so

<VirtualHost _default_:443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile conf/svn.example.com.cert
SSLCertificateKeyFile conf/svn.example.com.key
#<FilesMatch "\.(cgi|shtml|phtml|php3?)$">
# SSLOptions +StdEnvVars
#</FilesMatch>
#<Directory "C:/Program Files/Apache Group/Apache2/cgi">
# SSLOptions +StdEnvVars
#</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

#redirect /repos to /repos/
RedirectMatch ^(/repos)$ $1/

<Location /repos/>
DAV svn
# SVNPath c:/subversion/repositories/repo1
SVNParentPath c:/subversion/repositories
SVNListparentPath on
Order allow,deny
Allow from all

AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthName "svn.example.com"
AuthzSVNAccessFile c:/subversion/repositories/svn.authz

#at least one of your domain servers listens on port 3268 (besides default ldap port 389)
#use the server that listens on port 3268 if you have more than one AD server. The service
#on port 389 uses referrals to the other AD servers. Referrals are used anonymously. Anonymoys
#binding will not work on most AD-servers.
AuthLDAPURL "ldap://dc.example.nl:3268/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)"
#AuthLDAPURL "ldap://dc.example.nl:389/DC=example,DC=com?sAMAccountName??(objectClass=*)"
AuthLDAPBindDN "CN=apache_bind,CN=users,DC=example,DC=com"
AuthLDAPBindPassword [password_for_ad_user_apache_bind]
#AuthLDAPFollowReferrals off

AuthLDAPGroupAttributeIsDN on
AuthLDAPGroupAttribute member
SSLRequireSSL
#require ldap-group CN=svnusers,CN=Users,DC=example,DC=com
require valid-user
</Location>
</VirtualHost>
</pre>

8) Apply ldap patch for MS-AD
When a Microsoft Active Directory times out, it sends a TCP RST instad of a TCP FIN to the client. There is a workaround for this MS AD bug in Apache mod_ldap, see http://www.apachelounge.com/forum/viewtopic.php?t=1995 or download http://www.anneb.dds.nl/httpd-2.2.6_ldappatch_win32_vc6.zip
Replace apache modules mod_lap.so and mod_authnz_ldap.so with the files from the downloaded zip file. This configuration allows you to add more than one repository in directory c:/subversion/repositories. All repositories are listed in the browser using URL https://svn.example.com/repos. User names and passwords are validated against Active Directory. Standard svn clients can not browse the list of repositories. Instead you should use the full path to a particular repository, for instance https://svn.example.com/repos/repo1.

9) Force users to set svn:needs-lock property on new binary files
Binary files cannot be merged. Versioning should follow the lock-modify-unlock model. You can force using this model for binary files with the following pre-commit script as part of the svn repository
- create a pre-commit.cmd script in the repository\hooks directory
<pre>@echo off
set REPOS=%1
set TRANSACTION=%2
set SVNLOOK="c:\Program Files\Subversion\apache2.2\bin\svnlook.exe"
set TEMP=c:\temp

if exist %TEMP%\tempfile%2 del %TEMP%\tempfile%2
for /f "tokens=1,2 usebackq" %%i in (`%SVNLOOK% changed -t %2 %1`) do @if %%i==A @echo %%j >> %TEMP%\tempfile%2
if not exist %TEMP%\tempfile%2 goto NOFILESADDED
for /f "usebackq" %%i in (`findstr /E /I /R "\.bmp.$ \.gif.$ \.ico.$ \.jpeg.$ \.jpg.$ \.png.$ \.tif.$ \.tiff.$ \.doc.$ \.jar.$ \.odt.$ \.pdf.$ \.ppt.$ \.swf.$ \.vsd.$ \.xls.$ \.zip.$" %TEMP%\tempfile%2`) do (
%SVNLOOK% propget -t %2 %1 svn:needs-lock %%i 1> nul 2> nul
if ERRORLEVEL 1 (
echo commit denied, binary files must have property svn:needs-lock >&2
type %TEMP%\tempfile%2 >&2
del %TEMP%\tempfile%2
EXIT /B 1
)
)
del %TEMP%\tempfile%2
:NOFILESADDED
EXIT /B 0
</pre>

10) Recursively set svn:needs-lock property on binaries
If you need to apply svn:needs-lock on already existing binaries in a repository, do the following on a client (not on the svn server):
- checkout a repository
- add to following line to a cmd script:
<pre>FOR /R c:\full\path\to\repository %%v in (*.bmp *.gif *.ico *.jpeg *.jpg *.png *.tif *.tiff *.doc *.jar *.odc *.odf *.odg *.odi *.odp *.ods *.odt *.pdf *.ppt *.ser *.swf *.vsd *.xls *.zip) do svn propset svn:needs-lock yes %%~fv
</pre>
- run the script

11) Make sure that users automatically set the svn:needs-lock property on binary files (this is verified by the script of step 9)
All committers should add the following to their svn client config
- under windows the SVN config file is "C:\Documents and Settings\[USER_NAME]\Application Data\Subversion\config"
<pre>
[miscellany]
enable-auto-props = yes

[auto-props]
### The format of the entries is:
### file-name-pattern = propname[=value][;propname[=value]...]
### The file-name-pattern can contain wildcards (such as '*' and
### '?'). All entries which match will be applied to the file.
### Note that auto-props functionality must be enabled, which
### is typically done by setting the 'enable-auto-props' option.
*.apt = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.c = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.c++ = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.cpp = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.cs = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.css = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.dtd = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.ent = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.fml = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.groovy = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.h = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.h++ = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.hpp = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.html = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.idl = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.include = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.java = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.js = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.jsp = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.ldf = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.ldif = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.mak = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.mdo = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.php = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.rb = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.rtf = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.sql = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.svg = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.t2t = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.vm = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.xhtml = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.xml = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.xsd = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.xsl = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.xslt = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
Makefile = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision

*.launch = svn:eol-style=native
*.MF = svn:eol-style=native
*.properties = svn:eol-style=native
*.script = svn:eol-style=native
*.txt = svn:eol-style=native

*.dsp = svn:eol-style=CRLF
*.dsw = svn:eol-style=CRLF

*.iml = svn:eol-style=LF

*.bat = svn:eol-style=CRLF;svn:executable;svn:keywords=Author Date Id HeadURL Revision
*.cmd = svn:eol-style=CRLF;svn:executable;svn:keywords=Author Date Id HeadURL Revision

*.ksh = svn:eol-style=LF;svn:executable;svn:keywords=Author Date Id HeadURL Revision
*.sh = svn:eol-style=LF;svn:executable;svn:keywords=Author Date Id HeadURL Revision

*.pl = svn:eol-style=native;svn:executable;svn:keywords=Author Date Id HeadURL Revision
*.py = svn:eol-style=native;svn:executable;svn:keywords=Author Date Id HeadURL Revision

*.bmp = svn:mime-type=image/bmp;svn:needs-lock=*
*.gif = svn:mime-type=image/gif;svn:needs-lock=*
*.ico = svn:mime-type=image/x-icon;svn:needs-lock=*
*.jpeg = svn:mime-type=image/jpeg;svn:needs-lock=*
*.jpg = svn:mime-type=image/jpeg;svn:needs-lock=*
*.png = svn:mime-type=image/png;svn:needs-lock=*
*.tif = svn:mime-type=image/tiff;svn:needs-lock=*
*.tiff = svn:mime-type=image/tiff;svn:needs-lock=*

*.doc = svn:mime-type=application/msword;svn:needs-lock=*
*.jar = svn:mime-type=application/octet-stream;svn:needs-lock=*
*.odc = svn:mime-type=application/vnd.oasis.opendocument.chart;svn:needs-lock=*
*.odf = svn:mime-type=application/vnd.oasis.opendocument.formula;svn:needs-lock=*
*.odg = svn:mime-type=application/vnd.oasis.opendocument.graphics;svn:needs-lock=*
*.odi = svn:mime-type=application/vnd.oasis.opendocument.image;svn:needs-lock=*
*.odp = svn:mime-type=application/vnd.oasis.opendocument.presentation;svn:needs-lock=*
*.ods = svn:mime-type=application/vnd.oasis.opendocument.spreadsheet;svn:needs-lock=*
*.odt = svn:mime-type=application/vnd.oasis.opendocument.text;svn:needs-lock=*
*.pdf = svn:mime-type=application/pdf;svn:needs-lock=*
*.ppt = svn:mime-type=application/vnd.ms-powerpoint;svn:needs-lock=*
*.ser = svn:mime-type=application/octet-stream;svn:needs-lock=*
*.swf = svn:mime-type=application/x-shockwave-flash;svn:needs-lock=*
*.vsd = svn:mime-type=application/x-visio;svn:needs-lock=*
*.xls = svn:mime-type=application/vnd.ms-excel;svn:needs-lock=*
*.zip = svn:mime-type=application/zip;svn:needs-lock=*
</pre>

Subversion configured for Windows Active Directory HTTPS

2007-12-08T01:56:33Z

Anneb:

If you want to set up a subversion server on a windows machine that recognizes users from Microsoft Active Directory and uses secure http (https) to communicate with clients you can use the following setup as a template for your configuration.

Binary files cannot be easily merged. The lock-modify-unlock versioning model seems to be the only appropriate model for these type of files. This description also includes client and server side configuration to accommodate for the lock-modify-unlock model for binary files.

Steps to follow

1) download and install Apache 2.2 + open SSL from www.apache.org
Do use Apache 2.2 instead of Apache 2.0 if you want to connect to Active Directory

2) download the apache 2.2 binary compatible version of svn from http://svn.tigris.org

3) copy all dll's and modules (.so files) from subversion/bin directory to the apache2.2 /modules directory

4) copy an existing svn repository or create a new repository
COPY:
<pre>cd "c:\program files\subversion\bin"
svnadmin hotcopy //computer/share/subversion/repositories/repo1 c:/subversion/repositories/repo1</pre>
CREATE:
<pre>svnadmin create c:/subversion/repositories/repo1</pre>

5) create a authorization file: svn.authz
<pre>### This file is an example authorization file for svnserve.
### Its format is identical to that of mod_authz_svn authorization
### files.
### As shown below each section defines authorizations for the path and
### (optional) repository specified by the section name.
### The authorizations follow. An authorization line can refer to a
### single user, to a group of users defined in a special [groups]
### section, or to anyone using the '*' wildcard. Each definition can
### grant read ('r') access, read-write ('rw') access, or no access
### ('').
[groups]
group1 = harry,sally
group2 = romeo,julia
group3 = sally,julia

[/]
* = r
@group1 = rw
</pre>
6) create a SSL certificate
- openssl.exe included with this version of Apache does not seem to work well on windows. In order to create a certificate, you need a well working version of openssl. For me, file Openssl-0.9.7e-Win32.zip, for instance from: http://support.etouch.net/cm/wiki/support.Downloads.wiki/1021721main_Openssl-0.9.7e-Win32.zip worked well
- run the following commands
<pre>openssl req -config openssl.cnf -new -out svn.example.com.csr
openssl rsa -in privkey.pem -out svn.example.com.key
openssl x509 -in svn.example.com.csr -out svn.example.com.cert -req -signkey svn.example.com.key -days 1000
</pre>
- copy the cert and key files to the apache2.2/conf directory

7) edit apache/conf/httpd.conf
<pre>
LoadModule dav_module modules/mod_dav.so
LoadModule dav_svn_module modules/mod_dav_svn.so
LoadModule authz_svn_module modules/mod_authz_svn.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule ssl_module modules/mod_ssl.so

<VirtualHost _default_:443>
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile conf/svn.example.com.cert
SSLCertificateKeyFile conf/svn.example.com.key
<FilesMatch "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "C:/Program Files/Apache Group/Apache2/cgi">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

#redirect /repos to /repos/
RedirectMatch ^(/repos)$ $1/

<Location /repos/>
DAV svn
# SVNPath c:/subversion/repositories/repo1
SVNParentPath c:/subversion/repositories
SVNListparentPath on
Order allow,deny
Allow from all

AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthName "svn.example.com"
AuthzSVNAccessFile c:/subversion/repositories/svn.authz

#at least one of your domain servers listens on port 3268 (besides default ldap port 389)
#use the server that listens on port 3268 if you have more than one AD server. The service
#on port 389 uses referrals to the other AD servers. Referrals are used anonymously. Anonymoys
#binding will not work on most AD-servers.
AuthLDAPURL "ldap://dc.example.nl:3268/DC=example,DC=com?sAMAccountName?sub?(objectClass=*)"
#AuthLDAPURL "ldap://dc.example.nl:389/DC=example,DC=com?sAMAccountName??(objectClass=*)"
AuthLDAPBindDN "CN=apache_bind,CN=users,DC=example,DC=com"
AuthLDAPBindPassword [password_for_ad_user_apache_bind]
#AuthLDAPFollowReferrals off

AuthLDAPGroupAttributeIsDN on
AuthLDAPGroupAttribute member
SSLRequireSSL
#require ldap-group CN=svnusers,CN=Users,DC=example,DC=com
require valid-user
</Location>
</VirtualHost>
</pre>

8) Apply ldap patch for MS-AD
When a Microsoft Active Directory times out, it sends a TCP RST instad of a TCP FIN to the client. There is a workaround for this MS AD bug in Apache mod_ldap, see http://www.apachelounge.com/forum/viewtopic.php?t=1995 or download http://www.anneb.dds.nl/httpd-2.2.6_ldappatch_win32_vc6.zip
Replace apache modules mod_lap.so and mod_authnz_ldap.so with the files from the downloaded zip file.

9) Force users to set svn:needs-lock property on new binary files
Binary files cannot be merged. Versioning should follow the lock-modify-unlock model. You can force using this model for binary files with the following pre-commit script as part of the svn repository
- create a pre-commit.cmd script in the repository\hooks directory
<pre>@echo off
set REPOS=%1
set TRANSACTION=%2
set SVNLOOK="c:\Program Files\Subversion\apache2.2\bin\svnlook.exe"
set TEMP=c:\temp

if exist %TEMP%\tempfile%2 del %TEMP%\tempfile%2
for /f "tokens=1,2 usebackq" %%i in (`%SVNLOOK% changed -t %2 %1`) do @if %%i==A @echo %%j >> %TEMP%\tempfile%2
if not exist %TEMP%\tempfile%2 goto NOFILESADDED
for /f "usebackq" %%i in (`findstr /E /I /R "\.bmp.$ \.gif.$ \.ico.$ \.jpeg.$ \.jpg.$ \.png.$ \.tif.$ \.tiff.$ \.doc.$ \.jar.$ \.odt.$ \.pdf.$ \.ppt.$ \.swf.$ \.vsd.$ \.xls.$ \.zip.$" %TEMP%\tempfile%2`) do (
%SVNLOOK% propget -t %2 %1 svn:needs-lock %%i 1> nul 2> nul
if ERRORLEVEL 1 (
echo commit denied, binary files must have property svn:needs-lock >&2
type %TEMP%\tempfile%2 >&2
del %TEMP%\tempfile%2
EXIT /B 1
)
)
del %TEMP%\tempfile%2
:NOFILESADDED
EXIT /B 0
</pre>

10) recursively set svn:needs-lock property on binaries
If you need to apply svn:needs-lock on already existing binaries in a repository, do the following on a client (not on the svn server):
- checkout a repository
- add to following line to a cmd script:
<pre>FOR /R c:\full\path\to\repository %%v in (*.bmp *.gif *.ico *.jpeg *.jpg *.png *.tif *.tiff *.doc *.jar *.odc *.odf *.odg *.odi *.odp *.ods *.odt *.pdf *.ppt *.ser *.swf *.vsd *.xls *.zip) do svn propset svn:needs-lock yes %%~fv
</pre>
- run the script

11) Make sure that users automatically set the svn:needs-lock property on binary files (this is verified by the script of step 9)
All committers should add the following to their svn client config
- under windows the SVN config file is "C:\Documents and Settings\[USER_NAME]\Application Data\Subversion\config"
<pre>
[miscellany]
enable-auto-props = yes

[auto-props]
### The format of the entries is:
### file-name-pattern = propname[=value][;propname[=value]...]
### The file-name-pattern can contain wildcards (such as '*' and
### '?'). All entries which match will be applied to the file.
### Note that auto-props functionality must be enabled, which
### is typically done by setting the 'enable-auto-props' option.
*.apt = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.c = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.c++ = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.cpp = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.cs = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.css = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.dtd = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.ent = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.fml = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.groovy = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.h = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.h++ = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.hpp = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.html = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.idl = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.include = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.java = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.js = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.jsp = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.ldf = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.ldif = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.mak = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.mdo = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.php = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.rb = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.rtf = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.sql = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.svg = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.t2t = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.vm = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.xhtml = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.xml = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.xsd = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.xsl = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
*.xslt = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision
Makefile = svn:eol-style=native;svn:keywords=Author Date Id HeadURL Revision

*.launch = svn:eol-style=native
*.MF = svn:eol-style=native
*.properties = svn:eol-style=native
*.script = svn:eol-style=native
*.txt = svn:eol-style=native

*.dsp = svn:eol-style=CRLF
*.dsw = svn:eol-style=CRLF

*.iml = svn:eol-style=LF

*.bat = svn:eol-style=CRLF;svn:executable;svn:keywords=Author Date Id HeadURL Revision
*.cmd = svn:eol-style=CRLF;svn:executable;svn:keywords=Author Date Id HeadURL Revision

*.ksh = svn:eol-style=LF;svn:executable;svn:keywords=Author Date Id HeadURL Revision
*.sh = svn:eol-style=LF;svn:executable;svn:keywords=Author Date Id HeadURL Revision

*.pl = svn:eol-style=native;svn:executable;svn:keywords=Author Date Id HeadURL Revision
*.py = svn:eol-style=native;svn:executable;svn:keywords=Author Date Id HeadURL Revision

*.bmp = svn:mime-type=image/bmp;svn:needs-lock=*
*.gif = svn:mime-type=image/gif;svn:needs-lock=*
*.ico = svn:mime-type=image/x-icon;svn:needs-lock=*
*.jpeg = svn:mime-type=image/jpeg;svn:needs-lock=*
*.jpg = svn:mime-type=image/jpeg;svn:needs-lock=*
*.png = svn:mime-type=image/png;svn:needs-lock=*
*.tif = svn:mime-type=image/tiff;svn:needs-lock=*
*.tiff = svn:mime-type=image/tiff;svn:needs-lock=*

*.doc = svn:mime-type=application/msword;svn:needs-lock=*
*.jar = svn:mime-type=application/octet-stream;svn:needs-lock=*
*.odc = svn:mime-type=application/vnd.oasis.opendocument.chart;svn:needs-lock=*
*.odf = svn:mime-type=application/vnd.oasis.opendocument.formula;svn:needs-lock=*
*.odg = svn:mime-type=application/vnd.oasis.opendocument.graphics;svn:needs-lock=*
*.odi = svn:mime-type=application/vnd.oasis.opendocument.image;svn:needs-lock=*
*.odp = svn:mime-type=application/vnd.oasis.opendocument.presentation;svn:needs-lock=*
*.ods = svn:mime-type=application/vnd.oasis.opendocument.spreadsheet;svn:needs-lock=*
*.odt = svn:mime-type=application/vnd.oasis.opendocument.text;svn:needs-lock=*
*.pdf = svn:mime-type=application/pdf;svn:needs-lock=*
*.ppt = svn:mime-type=application/vnd.ms-powerpoint;svn:needs-lock=*
*.ser = svn:mime-type=application/octet-stream;svn:needs-lock=*
*.swf = svn:mime-type=application/x-shockwave-flash;svn:needs-lock=*
*.vsd = svn:mime-type=application/x-visio;svn:needs-lock=*
*.xls = svn:mime-type=application/vnd.ms-excel;svn:needs-lock=*
*.zip = svn:mime-type=application/zip;svn:needs-lock=*
</pre>

Subversion configured for Windows Active Directory HTTPS

2007-12-08T00:54:46Z

Anneb: New page: If you want to set up a subversion server on a windows machine that recognizes users from Microsoft Active Directory and uses secure http (https) to communicate with clients you can use th...

Main Page

2007-12-08T00:40:05Z

Anneb: /* HowTos */

<big>'''Welcome to the Subversion Wiki.'''</big>

== Got a question about Subversion? ==

Since this wiki seems to lack content at the moment, try the [http://subversion.tigris.org/faq.html Subversion FAQ].

Also, there is [http://subversionary.org another wiki] related to Subversion. At this time, it contains more content than this wiki. However unlike this wiki, it doesn't use the more popular MediaWiki engine, and apprently, due to spam problems, was forced to shut off public editing.

== HowTos ==

* Manage [[System Configurations]] like <tt>/etc</tt> files using subversion.
* Setting up [[Subversion configured for Windows Active Directory HTTPS]]

== Contrib tools ==

* [[svnmerge.py]] - Automatic branch management with merge tracking support.
* [[Repository Upgrade]] - Upgrade from an older repository to latest (1.4) (Windows)
* [[Subclipse]] - The subversion plugin for Eclipse
* [[SVNKit]] - Pure Java Subversion library
* [http://svnnotifier.tigris.org SVN Notifier] - Notifies you about other people's commits to subversion

== MediaWiki help ==

This wiki uses the MediaWiki software. Consult the [http://meta.wikipedia.org/wiki/MediaWiki_User's_Guide User's Guide] for information on using the wiki software.

=== Getting started ===

* [http://www.mediawiki.org/wiki/Help:Configuration_settings Configuration settings list]
* [http://www.mediawiki.org/wiki/Help:FAQ MediaWiki FAQ]
* [http://mail.wikipedia.org/mailman/listinfo/mediawiki-announce MediaWiki release mailing list]
* [http://alfredfazio.ws/notes%3Asubversion Fast-paced overview of Subversion for experienced users]