2021 Call for Code Awards: Live from New York, with SNL’s Colin Jost! Learn more

Installation and configuration of Apache Subversion on IBM AIX 7.1 with LDAP and SSL


Struggling to install and configure Apache Subversion on IBM® AIX®? If you have been unsuccessful in installing with RPM Package Manager (RPM) because of dependency issues then it is time to try out other options. This article discusses an alternate method that focuses on first configuring yum on AIX and then installing and configuring Subversion with Lightweight Directory Access Protocol (LDAP) and Secure Sockets Layer (SSL).

System requirements

  • IBM AIX 7.1 TL4 or later
  • OpenSSL 1.0.2k ( or later
  • rpm.rte or later
  • Subversion v1.9.5
  • Apache httpd v2.4

Installing Subversion

Before we begin with installation, we need to check for Technology Level (TL) version of the AIX operating system, OpenSSL and rpm.rte package version.

  1. Check your AIX OS version. alt Make sure that you have AIX 7.1 TL4 or later. (This is to avoid any error messages while installing rpm.rte packages mentioned in next steps).
  2. Make sure you have the latest version of the OpenSSL package from IBM installed on AIX. alt
  3. Install the yum packages in AIX.
    a. Check the version of rpm.rte package in your server. alt
    b. Download rpm.rte version or later from http://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/INSTALLP/ppc/ . Run the smitty installp or installp -aXYgd . All command to install rpm.rte.
    c. verify the updated version of the rpm.rte package. alt
    Note: If your AIX level is not the same or later than AIX 6.1 TL9 SP6, AIX 7.1 TL4, or AIX 7.2, you might receive the error “error: incorrect format: unknown tag” after installing rpm.rte.
    Refer to the yum README file for detailed information about this.
    d. Download and install the RPM packages from the yum_bundle.tar file from https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/ezinstall/ppc/.
    Make sure that there are no conflicting RPM packages while installing it from the yum_bundle.tar file.
     #tar ‑xvf yum_bundle.tar
     #cd yum_bundle
     #rpm ‑ivh ∗.rpm

    e. Verify some of the basic yum commands to check whether they are running as expected. For example, run yum repolist to list the repositories enabled. alt
  4. Install the Apache HTTP server using yum. It will install the latest available Apache package from the AIX Toolbox yum repository.
    #yum install httpd
  5. Install the mod_dav_svn module. This will also install Subversion software as a part of its dependency.
    #yum install mod_dav_svn
    alt The mod_dav_svn installs the modules into the /opt/freeware/libexec/ directory. Copy these Subversion modules mod_dav_svn.so and mod_authz_svn.so from the /opt/freeware/libexec/ directory to the /opt/freeware/lib/httpd/modules directory. This is because Apache HTTP Server looks for all the required modules in /opt/freeware/lib/httpd/modules. We are keeping all the modules in the same directory.
  6. Install the mod_ssl module. This module installs httpd-ssl.conf, which can be configured to reflect the Secure Sockets Layer (SSL) certificates to be used with the Apache HTTP server.
    #yum install mod_ssl

Configuring and verifying Subversion

After installing Subversion, Apache HTTP Server, mod_dav_svn and mod_ssl, we need to configure Apache HTTP server to work with Subversion, LDAP, and SSL modules. Then, we need to recycle Apache HTTP Server for the configuration changes to take effect.

  1. In the httpd.conf file, update the user and group name from apache:apache to the required user and group name that you want to configure for your setup.
  2. Enable following modules by uncommenting them in the httpd.conf file. These modules are required to start the Apache HTTP service properly when using it along with LDAP authentication and Subversion modules from the httpd-subversion.conf file.
    LoadModule dav_module /opt/freeware/lib/httpd/modules/mod_dav.so
    LoadModule socache_shmcb_module /opt/freeware/lib/httpd/modules/mod_socache_shmcb.so
    LoadModule authnz_ldap_module /opt/freeware/lib/httpd/modules/mod_authnz_ldap.so
    LoadModule ldap_module /opt/freeware/lib/httpd/modules/mod_ldap.so
    LoadModule rewrite_module /opt/freeware/lib/httpd/modules/mod_rewrite.so
  3. If you want to use SSL certificates, then you must mention the certificate and key files in the httpd-ssl.conf configuration file. Also, verify that the modssl.so module is loaded in it. _LoadModule ssl_module /opt/freeware/lib/httpd/modules/mod_ssl.so
  4. Create a test Subversion repository. alt
  5. Verify that the following Subversion modules are loaded in the httpd-subversion.conf file.
    LoadModule dav_svn_module     /opt/freeware/lib/httpd/modules/mod_dav_svn.so
    LoadModule authz_svn_module   /opt/freeware/lib/httpd/modules/mod_authz_svn.so
    Add the following stanza to the httpd-subversion.conf file. This stanza mentions about the configuration of the repository and its LDAP authentication mechanism. You can also control the authentication using the LDAP groups.
    <Location /svn/test>
      DAV svn
      SVNPath /Subversion/test
      AuthType basic
      AuthName "LDAP Authorization"
      AuthBasicProvider ldap
      AuthLDAPURL ldap://your.domain/ou=your,o=domain?mail
      Require valid‑user
    In case you want to control access only for a specific group of users, use Require ldap-group in place of Require valid-user with its suitable parameters. For example:
     Require ldap‑group cn=LDAP_group_name,ou=memberlist,ou=yourgroups,o=domain
  6. Recycle Apache HTTP service and verify the Subversion repository URL.
    a. Restart Apache HTTP services: alt
    b. Verify the running Apache HTTP processes: alt
    c. Check the version of Subversion: alt
    The following output is displayed.
    compiled Jan 10 2017, 06:22:25 on powerpc‑ibm‑aix6.1.8.0
    Copyright (C) 2016 The Apache Software Foundation.
    This software consists of contributions made by many people;
    see the NOTICE file for more information.
    Subversion is open source software, see http://subversion.apache.org/
    The following repository access (RA) modules are available:
    ∗ ra_svn : Module for accessing a repository using the svn network protocol.
      ‑ handles 'svn' scheme
    ∗ ra_local : Module for accessing a repository on local disk.
      ‑ handles 'file' scheme
    The following authentication credential caches are available:
    ∗ Plaintext cache in /.subversion
    ∗ GPG‑Agent

    d. Access the Apache HTTP server:
    URL: http://hostname or https://hostname
    e. Access your Subversion repository on a web browser:
    URL: http://hostname/svn/test/

Now, your Subversion repository is configured with LDAP as well as SSL and ready to use.