Installation and configuration of Apache Subversion on IBM AIX 7.1 with LDAP and SSL
A simple way to install Subversion using yum on AIX 7.1 and configure it using LDAP and SSL in Apache HTTP configuration
Struggling to install and configure Apache Subversion on IBM® AIX®? If you have been unsuccessful in installing with RPM Package Manager (RPM) because of dependency issues then it is time to try out other options. This article discusses an alternate method that focuses on first configuring yum on AIX and then installing and configuring Subversion with Lightweight Directory Access Protocol (LDAP) and Secure Sockets Layer (SSL).
- IBM AIX 7.1 TL4 or later
- OpenSSL 1.0.2k (188.8.131.520) or later
- rpm.rte 184.108.40.206 or later
- Subversion v1.9.5
- Apache httpd v2.4
Before we begin with installation, we need to check for Technology Level (TL) version of the AIX operating system, OpenSSL and rpm.rte package version.
- Check your AIX OS version. Make sure that you have AIX 7.1 TL4 or later. (This is to avoid any error messages while installing rpm.rte packages mentioned in next steps).
- Make sure you have the latest version of the OpenSSL package from IBM installed on AIX.
- Install the yum packages in AIX.
a. Check the version of rpm.rte package in your server.
b. Download rpm.rte version 220.127.116.11 or later from http://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/INSTALLP/ppc/ . Run the
installp -aXYgd . Allcommand to install rpm.rte.
c. verify the updated version of the rpm.rte package.
Note: If your AIX level is not the same or later than AIX 6.1 TL9 SP6, AIX 7.1 TL4, or AIX 7.2, you might receive the error “error: incorrect format: unknown tag” after installing rpm.rte.
Refer to the yum README file for detailed information about this.
d. Download and install the RPM packages from the yum_bundle.tar file from https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/ezinstall/ppc/.
Make sure that there are no conflicting RPM packages while installing it from the yum_bundle.tar file.
#tar ‑xvf yum_bundle.tar #cd yum_bundle #rpm ‑ivh ∗.rpm
e. Verify some of the basic yum commands to check whether they are running as expected. For example, run
yum repolistto list the repositories enabled.
- Install the Apache HTTP server using
yum. It will install the latest available Apache package from the AIX Toolbox yum repository.
#yum install httpd
- Install the
mod_dav_svnmodule. This will also install Subversion software as a part of its dependency.The
#yum install mod_dav_svn
mod_dav_svninstalls the modules into the /opt/freeware/libexec/ directory. Copy these Subversion modules
mod_authz_svn.sofrom the /opt/freeware/libexec/ directory to the /opt/freeware/lib/httpd/modules directory. This is because Apache HTTP Server looks for all the required modules in /opt/freeware/lib/httpd/modules. We are keeping all the modules in the same directory.
- Install the
mod_sslmodule. This module installs httpd-ssl.conf, which can be configured to reflect the Secure Sockets Layer (SSL) certificates to be used with the Apache HTTP server.
#yum install mod_ssl
Configuring and verifying Subversion
After installing Subversion, Apache HTTP Server, mod_dav_svn and mod_ssl, we need to configure Apache HTTP server to work with Subversion, LDAP, and SSL modules. Then, we need to recycle Apache HTTP Server for the configuration changes to take effect.
- In the httpd.conf file, update the user and group name from apache:apache to the required user and group name that you want to configure for your setup.
- Enable following modules by uncommenting them in the httpd.conf file. These modules are required to start the Apache HTTP service properly when using it along with LDAP authentication and Subversion modules from the httpd-subversion.conf file.
mod_dav.so mod_socache_shmcb.so mod_authnz_ldap.so mod_ldap.so mod_rewrite.so ‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑ LoadModule dav_module /opt/freeware/lib/httpd/modules/mod_dav.so LoadModule socache_shmcb_module /opt/freeware/lib/httpd/modules/mod_socache_shmcb.so LoadModule authnz_ldap_module /opt/freeware/lib/httpd/modules/mod_authnz_ldap.so LoadModule ldap_module /opt/freeware/lib/httpd/modules/mod_ldap.so LoadModule rewrite_module /opt/freeware/lib/httpd/modules/mod_rewrite.so ‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑
- If you want to use SSL certificates, then you must mention the certificate and key files in the httpd-ssl.conf configuration file. Also, verify that the modssl.so module is loaded in it. _LoadModule ssl_module /opt/freeware/lib/httpd/modules/mod_ssl.so
- Create a test Subversion repository.
- Verify that the following Subversion modules are loaded in the httpd-subversion.conf file. Add the following stanza to the httpd-subversion.conf file. This stanza mentions about the configuration of the repository and its LDAP authentication mechanism. You can also control the authentication using the LDAP groups.
LoadModule dav_svn_module /opt/freeware/lib/httpd/modules/mod_dav_svn.so LoadModule authz_svn_module /opt/freeware/lib/httpd/modules/mod_authz_svn.soIn case you want to control access only for a specific group of users, use
‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑ <Location /svn/test> DAV svn SVNPath /Subversion/test AuthType basic AuthName "LDAP Authorization" AuthBasicProvider ldap AuthLDAPURL ldap://your.domain/ou=your,o=domain?mail Require valid‑user </Location> ‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑
Require ldap-groupin place of
Require valid-userwith its suitable parameters. For example:
Require ldap‑group cn=LDAP_group_name,ou=memberlist,ou=yourgroups,o=domain
- Recycle Apache HTTP service and verify the Subversion repository URL.
a. Restart Apache HTTP services:
b. Verify the running Apache HTTP processes:
c. Check the version of Subversion:
The following output is displayed.
compiled Jan 10 2017, 06:22:25 on powerpc‑ibm‑aix18.104.22.168 Copyright (C) 2016 The Apache Software Foundation. This software consists of contributions made by many people; see the NOTICE file for more information. Subversion is open source software, see http://subversion.apache.org/ The following repository access (RA) modules are available: ∗ ra_svn : Module for accessing a repository using the svn network protocol. ‑ handles 'svn' scheme ∗ ra_local : Module for accessing a repository on local disk. ‑ handles 'file' scheme The following authentication credential caches are available: ∗ Plaintext cache in /.subversion ∗ GPG‑Agent ‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑‑
d. Access the Apache HTTP server:
URL: http://hostname or https://hostname
e. Access your Subversion repository on a web browser:
Now, your Subversion repository is configured with LDAP as well as SSL and ready to use.