Article

(View Disclaimer)

Jon Hardman
Software Engineer II
Identity Manager Resource Kit

Table of Contents

• Overview
• Prerequisites
• Installation and Configuration
• SUSE Linux
• eDirectory (for stand-alone configuration)
• Installation:
• eDirectory Configuration:
• Add SLE-10-SDK-SP2 installation source
• Install Apache2 and subversion-server software
• Configure apache2 and subversion
• Create parent subversion repository
• Enable https for apache2 (optional)
• Enabling ldaps secure ldap authentication (optional)
• Check in Designer projects
• Check out Designer projects
• Conclusion

Overview

An exciting new feature of Designer 3 is the ability to use the subversion version control system to manage Designer projects. This allows you to track a project's history, see who made the changes, and roll-back to previous revisions if necessary. The Designer help files describe how to set up a local, windows subversion server to keep your Designer projects on your local machine. In most enterprises, however, a centrally accessible, server-based subversion server is desirable. This document describes how to set up an apache2, http subversion server that can authenticate against your LDAP server (preferably eDirectory) to host your Designer projects, which can be updated, check-out, etc., from multiple clients.

Operating System:
        SUSE Linux Enterprise Server 10 SP2 (SLES10SP2)
        SUSE Linux Enterprise Server 10 Software Development Kit SP2 (sle-10-sdk-sp2)
eDirectory version:
        eDirectory 8.8.2 for Linux
Identity Manager version:
        IDM 3.5.1 for Linux (optional)
Apache and Subversion:
        apache2.2.3-16.18
        subversion1.3.1-1.5
Designer version:
        Designer for Identity Manager v3

Prerequisites

SUSE Linux Enterprise Server 10 SP2 i386 architecture
SUSE Linux Enterprise Server 10 Software Development Kit SP2 (sle-10-sdk-sp2)

eDirectory 8.8.2 installation files (archive or iso)

Installation source for SUSE Linux Enterprise Server 10 Software Development Kit SP2

This article assumes a working knowledge of SUSE Linux and eDirectory in general.

Installation and Configuration

SUSE Linux

1. Install SLES 10 SP2 i386. For software pattern installation, select the default installation.

eDirectory (for stand-alone configuration)

Installation:

1. Download eDirectory 8.8.2 iso from download.novell.com
2. “su” to root ('su' in console, enter root password)
3. Mount the eDirectory installation .iso as /media/cdrom ('mount -t iso9660 -o loop eDir_882.iso /media/cdrom')
4. “cd” into /media/cdrom (this may also be “/media/cdrom/eDirectory/setup”, depending on the eDirectory version) ('cd /media/cdrom')
5. execute './nds-install'. Select options 1 and 2 for full eDirectory installation.

   eDirectory installation is now complete. You can now configure your eDirectory tree using the eDirectory utility 'ndsconfig'.

eDirectory Configuration:

1. First, you must set your system PATH for the nds binaries/libraries by issuing command '. /opt/novell/eDirectory/bin/./ndspath' in the console. (Note that the command starts with dot-space)
2. Now configure your eDirectory tree from the command line using ndsconfig; i.e. 'ndsconfig new -t MYTREE -a cn=admin.o=novell -n o=novell -S myserver -i -e -D /var/opt/novell/instance0 -d /var/opt/novell/instance0/data/dib -w password --config-file /var/opt/novell/nds0.conf' (The '-i' option ignores duplicate tree lookup, '-e' enables ldap clear-text password.
3. Once eDirectory configuration is complete, you can verify ndsd is up and running with 'ndsstat'.

Add SLE-10-SDK-SP2 installation source

Download SLES10 SDK SP2 and set it as an installation source:

1. Download SLES 10 SDK SP2 from download.novell.com

1. http://download.novell.com/Download?buildid=eRAdQt...
2. Save DVD1 and DVD2 to your local file system
3. Start 'yast2' and add DVD1.iso as an installation source
4. Finish

Install Apache2 and subversion-server software

Install required software

1. “rug in apache2 apache2-doc neon subversion-server”
2. Finish installation
3. create subversion group and user
1. (su) groupadd -r svn; useradd -r -g svn -d /srv/svn -s /bin/false svn

Configure apache2 and subversion

1. enable the needed apache2 modules from the command line
1. (su) a2enmod dav
2. (su) a2enmod dav_svn
3. (su) a2enmod ldap
4. (su) a2enmod authnz_ldap
2. Configure subversion server for apache2
   Each repository requires its own entry in the /etc/apache2/conf.d/subversion.conf file. For ease of use, etc., we will configure 1 'parent' repository, and then create 'child' projects below the parent for the Designer projects.
3. Configure the parent repository
1. Using a text editor (vi in this case), run: (as root) “ vi /etc/apache2/conf.d/subversion.conf”
2. subversion.conf should read as follows:

# Example configuration for a subversion repository 
# see /usr/share/doc/packages/subversion for the full documentation 
# 
<IfModule mod_dav_svn.c> 
<Location /repos> 
   DAV svn  
   SVNParentPath /srv/svn/repos 
   SVNListParentPath on 

#   # Limit write permission to list of valid users. 
   <LimitExcept GET PROPFIND OPTIONS REPORT> 
#      # Require SSL connection for password protection. 
#      # SSLRequireSSL 
# 
      AuthBasicProvider ldap 
      AuthType Basic 
      AuthName "LDAP Authorization Realm" 
        AuthLDAPURL ldap://127.0.0.1:389/OU=users,O=company,DC=data
        require ldap-attribute objectClass=user 
   </LimitExcept> 
</Location>
</IfModule> 

In this case, the subversion location will be /srv/svn/repos, the ldap server is 127.0.0.1:389 (clear-text ldap), and the users are in the container OU=users,O=company, DC=data

Without the SVNListParentPath directive, you cannot go to the repositories' index page - you will get an 'Access Forbidden' response.

Create parent subversion repository

Create and configure the subversion repository

1. (su) mkdir -p /srv/svn/repos
2. Restart apache2 (rcapache2 restart)
3. Set up a project repository (mydesignerprojects, for example)
1. 'svnadmin create /srv/svn/repos/mydesignerprojects'
2. chown -R wwwrun:www /srv/svn/repos/mydesignerprojects/


Enable https for apache2 (optional)

1. Run 'gensslcert' to generate new, valid certs
2. copy /etc/apache2/vhosts.d/ssl-vhost.template /etc/apache2/vhosts.d/ssl-vhost.conf
3. rcapache2 restart -DSSL
4. You may need to copy the https certificate files to your Designer client in order to avoid prompts from the Designer svn client (There is an option to save the certificate information on the initial check-in, check-out via https)


Enabling ldaps secure ldap authentication (optional)

See http://httpd.apache.org/docs/2.2/mod/mod_ldap.html

Check in Designer projects

1. In Designer, from either the outline or project view, select 'Check In...'
2. For the 'repository location', enter the parent svn repository created in step 5.1 above (http://server.ipaddress.or.hostname/repos/mydesign...)
3. For the 'project name', you may enter whatever identifier you like (project1)
4. Enter a comment (i.e. initial checkin) and hit OK
1. You will be prompted for a username and password. The username will be the eDirectory RDN (no context or 'cn=') of a user in the LDAP context listed in the subversion.conf file and the password is the user's eDirectory password.
2. Your project will be added to the mydesignerprojects svn repository.


Check out Designer projects

You (or your colleagues) can now check-out projects that have been added to the subversion repository from other Designer clients.

1. From Designer menu, 'Project ? Import Project ? Version Control...'
2. Version control URL or file path is “http://yoursubserver/repos/mydesignerprojects/”
1. You should now see a list of your Designer projects in the lower Designer pane.
2. Expand the project you wish to 'check out', highlight the project icon, and hit the Finish button.
3. The project will be imported from the subversion server to your Designer workspace and opened in Designer's project view.

Conclusion

You now have a web-based, centrally accessible subversion server with which you can use version control to track your Designer/IDM projects. Further enhancements can be made to the version control system to control access rights, group membership, etc., which are beyond the scope of this document. For enterprise deployments or multiple user consulting projects, Designer's version control feature is an extremely powerful tool to enable team collaboration.

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.