building a versioning document repository
TRANSCRIPT
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 1/32
Building a VersioningDocument RepositoryUsing Apache HTTP Server, OpenLDAP, and Subversion
By: Craig A. McElroy
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 2/32
Who Am I?
• Co-founder of Metissian & Contegix
• Contegix is a colocation and managed hostingcompany specializing in Linux and Mac OS X
located in downtown St. Louis, MO.
• Maintainer of Subversion OS X Packages at http://www.metissian.com
• Early adopter of the Subversion version control
system
• Been using it since pre 1.0 release for sourcecontrol, document versioning, etc.
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 3/32
Document Repository
• A document repository is any central storage locationfor documents.
•Various storage and access mechanisms
• NFS
• Samba
• Simple Web Application
• WebDAV
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 4/32
WebDAV
• What is WebDAV?
• Briefly: WebDAV stands for “Web-basedDistributed Authoring and Versioning”
• Set of extensions to the HTTP protocol whichallow remote collaborative authoring of webresources.
• Defined in RFC 2518
• Visit http://www.webdav.org/ for more information.
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 5/32
WebDAV Servers
• Apache HTTP Server
• mod_dav - Base WebDAV support module whichrequires another module to define the storage
implementation.
• mod_dav_fs - WebDAV module provided by Apachewhich uses underlying filesystem for storage.
• Other mod_dav implementations exist (as we’ll see
in a bit)
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 6/32
WebDAV Servers
• Jakarta Slide
• http://jakarta.apache.org/slide/index.html
•Zope
• http://www.zope.org/
• .Mac
• Apple’s .Mac service is WebDAV based.
• A number of other Open Source and Commercialservers.
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 7/32
WebDAV Clients
• Nautilus 2
• Official file manager/browser for GNOME.
•http://www.gnome.org/projects/nautilus
• Linux davfs2
• A filesystem module for the Linux kernel based onCoda (http://coda.cs.cmu.edu/)
• http://dav.sourceforge.net/• Cadaver Command Line Client
• http://www.webdav.org/cadaver/
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 8/32
WebDAV Clients
• Mac OS X
• Apple’s OS X has an integrated WebDAV client.
•Prior to 10.4 did not support https.
• Win32 WebFolders
• Windows 98, 2000, and XP have an integratedWebDAV client known as “WebFolders”
• Not as integrated as Apple’s implementation.• WebDrive Commercial Windows Client
• http://www.southrivertech.com/
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 9/32
DeltaV Extensions
• Despite the “V” in WebDAV, there is no versioningmodel included in the WebDAV RFC.
•Because RFC 2518 left out versioning concepts,
another capable group was left with the responsibilityof writing RFC 3253, which adds versioning toWebDAV.
• WebDAV/DeltaV clients and servers are often called
just “DeltaV” clients and servers, since DeltaV impliesthe existence of basic WebDAV.
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 10/32
DeltaV
• The coolest feature of the DeltaV extensions isAutoversioning.
•Allows basic WebDAV clients that are not aware of
versioning to create new versions by simply doing aPUT operation.
• The server will translate that to the series of operations that will generate a new version of the
existing file.• In the event of a needed file restore, a system
administrator could simply pull an old version.
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 11/32
LDAP
• What is LDAP?
• Lightweight Directory Access Protocol
•Designed at the University of Michigan to adapt acomplex enterprise directory system (called X.500)to the modern internet.
• De-facto standard for user information storage,searching, and authentication.
• Many implementations of LDAP Servers
• Tremendous client support
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 12/32
LDAP Servers
• OpenLDAP - http://www.openldap.org/
• Open Source LDAP Server
•Novell eDirectory
• Red Hat Directory Server (Formerly NetscapeDirectory Server)
• Microsoft Active Directory
• Supports the LDAP interface, but has some quirks• Apache DS - Pure Java LDAP Server
• http://directory.apache.org/subprojects/apacheds/
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 13/32
LDAP Clients
• Nearly all E-Mail clients support LDAP Databasesearches
•Apache Authentication Modules
• Apache 2.0: mod_auth_ldap
• http://httpd.apache.org/docs-2.0/mod/mod_auth_ldap.html
• Apache 2.1: mod_authnz_ldap
• http://httpd.apache.org/docs-2.1/mod/mod_authnz_ldap.html
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 14/32
Subversion
• http://subversion.tigris.org/
• Subversion is a version control system with aWebDAV/DeltaV server implementation for Apache
• mod_dav_svn Apache Module
• Subversion was designed to be a replacement for CVSin the version control realm
•Provides many added benefits because of it’sWebDAV/DeltaV capabilities
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 15/32
DeltaV in Subversion
• Currently, not all features of DeltaV are implementedin Subversion, but most of the core ones are.
•RFC 3253 is still relatively new, and Subversion
developers intend to improve support in futurereleases.
• But, what about Autoversioning?!?!?
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 16/32
Autoversioning
• Does autoversioning really work in Subversion?
• Well, sort of.
•At this time, Subversion still lacks support for theWebDAV LOCK and UNLOCK methods, so editinga file in place is not supported.
• Can still copy the file to local filesystem, edit it, andcopy it back.
• Come on? Is this really the best we can do?
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 17/32
mod_dav_lock
• Apache 2.1 (still in beta) has introduced a newmod_dav_lock module.
• http://httpd.apache.org/docs-2.1/mod/mod_dav_lock.html
• Provides a generic locking API which can be used byany backend provider of mod_dav (mod_dav_svn inour case)
• Uses a file based lock database to provide the locking
mechanism that would otherwise be missing fromSubversion’s DeltaV support.
• Creates the “illusion” that the lock was accepted.
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 18/32
Why These?
• This exact configuration was implemented for a client late 2004.
• Why WebDAV?
• Needed to support multiple platforms.
• Needed to be able to securely access data.
• Why LDAP?
• Client also wanted to consolidate user accounts between a
dozen servers, miscellaneous web applications (including
Bugzilla), etc.• The Document repository need the same accounts.
• Why Subversion?
• Subversion was already being used for version control
system for source code.
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 19/32
Configuration & Demo
• OpenLDAP
• http://www.openldap.org/
•phpLDAPadmin
• http://phpldapadmin.sourceforge.net/
• Apache HTTP Server 2.1 (Beta)
• http://httpd.apache.org/
• Subversion 1.2 (RC)• http://subversion.tigris.org/
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 20/32
OpenLDAP
• Included with any modern Linux distribution
• RHEL v.4 comes with OpenLDAP 2.2
•Edit /etc/openldap/slapd.conf
• Define suffix,rootdn, and rootpw
• suffix “dc=contegix,dc=com”
• rootdn “cn=Manager,dc=contegix,dc=com”
• rootpw {SSHA}................................
• Encrypted rootpw value can be generated using
slappasswd
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 21/32
OpenLDAP
• Start OpenLDAP Server
• Do a simple test using:
•ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
• If this works, we are ready to begin populating theLDAP database.
• Option 1: Use .ldif files and ldapadd commands
•Option 2: Use a LDAP client utility
• phpLDAPadmin
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 22/32
phpLDAPadmin
• Install to a location where it is accessible from awebserver.
• Edit the config.php file
• Define the values for host,base, and auth_type
• $servers[$i][‘host’] = ‘localhost’;
• $servers[$i][‘base’] = ‘dc=contegix,dc=com’;
• $servers[$i][‘auth_type’] = ‘session’
• An auth_type of session will prompt for alogin upon accessing the application.
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 23/32
Setup LDAP Objects
Using phpLDAPadmin• Create the Organization with dcObject andorganization objectClass
• o = Contegix LLC
• Manager organizationalRole
• cn=Manager,dc=contegix,dc=com
• People organizationalUnit
• ou=people• Users, users, users
• Use simpleSecurityObject for our example
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 24/32
Apache HTTP 2.1
• As Apache 2.1 is still Beta, it is most likely not includedwith any Linux distribution.
• Download and build the latest source tarball.
• Important configure options
• --prefix=/opt/httpd/httpd-2.1.x
• --with-ldap
• --enable-mods-shared=all
• --enable-dav-lock
• --enable-ldap
• --enable-authnz-ldap
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 25/32
Apache HTTP 2.1
• Edit httpd.conf
• Specify User and Group
• User webdav• Group webdav
• Ensure that the ldap_module is loaded before
authnz_ldap_module in the LoadModule
directives (is not in the default configuration file)
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 26/32
Subversion 1.2
• While a relatively recent version of Subversion ships withmost Linux distributions, we will need to build against theApache just built.
• Download and build the latest source tarball.• Important configure options
• --prefix=/opt/subversion/subversion-1.2.x
• --with-ssl
•--with-zlib
• --with-apr=/opt/httpd/.../apr-1-config
• --with-apr-util=/opt/httpd/.../apu-1-config
• --with-apxs=/opt/httpd/.../apxs
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 27/32
Creating the
Repository• Setup repository and locks directories.
• mkdir /opt/subversion/repos• mkdir /opt/subversion/locks
• Create the repository with proper permissions.• svnadmin create /opt/subversion/repos/webdav
• chown -R webdav:webdav /opt/subversion/repos/
webdav
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 28/32
Putting It All Together
• Apache Configuration<Location />
DAV svn
SVNPath /opt/subversion/repos/webdav
SVNAutoversioning on
DavGenericLockDB /opt/subversion/locks/davlock
AuthBasicProvider ldap
AuthLDAPUrl ldap://localhost:389/ou=People,dc=contegix,dc=com
AuthzLDAPAuthoritative off
AuthType basic
AuthName "Contegix WebDAV"Require valid-user
</Location>
• Startup Apache
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 29/32
Other Concerns
• SSL
• For the sake of simplicity of our demonstration, wedid not enable HTTPS for the Apache WebDAV
server, or TLS for the OpenLDAP server.
• Client compatibility
• At this time, WebDAV support is still ratherinconsistent.
• Different clients have varying levels of support, andvarious quirks that should be considered that thistime.
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 30/32
Other Concerns
• Limiting Access by Groups
• Can also configure Apache to require that users bemembers of a given group in order to access
WebDAV share
• Controlled access by Directory
• Subversion’s mod_dav_svn can be configured torestrict read and/or read/write access by directory
within the WebDAV share.
• Unfortunately, this feature does not currentlysupport LDAP groups.
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 31/32
Future
• Directory level permissioning.
• Subversion developers intend to add support forhaving groups defined by external authentication
mechanisms.
• DeltaV locking support built into Subversion
• Better compatibility between various DeltaV clients.
•Currently a true DeltaV client may or may not
interoperate well with a mod_dav_svn server.
8/7/2019 Building a Versioning Document Repository
http://slidepdf.com/reader/full/building-a-versioning-document-repository 32/32
Q & A