Giter Site home page Giter Site logo

mfreiholz / if.svnadmin Goto Github PK

View Code? Open in Web Editor NEW
349.0 29.0 151.0 1.98 MB

Web-based GUI to manage Subversion repositories and User/Group permissions (+LDAP support)

Home Page: http://svnadmin.insanefactory.com/

License: GNU General Public License v2.0

ApacheConf 0.01% PHP 96.12% CSS 1.68% JavaScript 2.18%

if.svnadmin's Introduction

iF.SVNAdmin

The iF.SVNAdmin application is a web based GUI to your Subversion authorization file. It is based on PHP 5.3 and requires a web server (Apache) to be installed. The application doesn’t need a database back end or anything similar, it completely based on the Subversion authorization- and user authentication file. (+Inludes LDAP support for users and groups)

Documentation

Documentation about installation and configuration can be found on the project homepage. http://svnadmin.insanefactory.com/

Who is responsible for this crap?

Manuel Freiholz ([email protected]), insaneFactory.com

In case you feel happy with the application, got a lot of money to waste and don't know where to put it... you might consider to spend it on my Amazon wish list.

Manuel's Amazon wish list

if.svnadmin's People

Contributors

arnolem avatar diegon avatar joubertredrat avatar mfreiholz avatar oxsean avatar remi-deltombe avatar vectornet-suporte avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

if.svnadmin's Issues

LDAP Search does not work without limit [possible solution included]

Hi,

I have svnadmin running on linux debian. After Configuration with LDAP it told me that no users could be found.
After investigating the code a little bit, I found out, that the problem was, that ldap_search was executed with a limit set to zero (which means unlimited).
For some reason (sadly I do not know exactly) this won't work for me.
To make it work I had to set
ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);
before ldap_search() calls.

Hope this helps.

Support multiple path values for SVNParentPath

It would be cool if multiple SVNParentPath values could be supported. For examples we have a /home/svn/repositories for active projects and a /home/svn/archives for closed projects. This structure simplifies the backup procedures and simplify the management of projects.
WebSVN is also used in our Subversion server and also support multiple values for SVNParentPath.

IF.SVNAdmin is a cool project and we recommend it to friends and customers.

Sincerely

repositoryviewer url-decoding missing

When browsing a repository and clicking a folder's or file's link to the left, you will receive a broken URL, in case the repository-string contained url-encoded characters(e.g.: "-",".","/","","ä" ).
By adding urldecode(); you can fix this behavior. As the repo takes care of preventing URI-encapsulation (URIs as filenames, ...) this should be quite safe, but I'd still recommend looking through the source to see if this could break anywhere... just in case.

Here is the fix:

./pages/repository/repositoryview.html.php

at

78,79c78,79
<       <?php if (GetBoolValue("ApacheWebLink")) { ?><a href="<?php print(urldecode($item->apacheWebLink)); ?>" target="_blank"><img src="templates/images/apache-icon.png" alt="A" title="Apache WebDAV"></a><?php } ?>
<       <?php if (GetBoolValue("CustomWebLink")) { ?><a href="<?php print(urldecode($item->customWebLink)); ?>" target="_blank"><img src="templates/images/weblink-icon.gif" alt="W" title="Custom Subversion Browser"></a><?php } ?>

---
>       <?php if (GetBoolValue("ApacheWebLink")) { ?><a href="<?php print($item->apacheWebLink); ?>" target="_blank"><img src="templates/images/apache-icon.png" alt="A" title="Apache WebDAV"></a><?php } ?>
>       <?php if (GetBoolValue("CustomWebLink")) { ?><a href="<?php print($item->customWebLink); ?>" target="_blank"><img src="templates/images/weblink-icon.gif" alt="W" title="Custom Subversion Browser"></a><?php } ?>

Thanks for this tool, works great and is much more userfriendly than svnmanager :-).

Does iF.SVNAdmin support LDAPS

Hi,

Does iF.SVNAdmin support LDAPS protocol (ldap + ssl) ?

If so where do you provide configuration information about certs files ?

Thanks,

nr

Problem installing on Linux

Its not a "problem".
You have to change those paths into something like:

SvnAdminExecutable=/usr/bin/svnadmin
SvnExecutable=/usr/bin/svn

and make sure that the apache user (www-data) has permission to execute this binaries (SElinux requires special configuration).

Unfortunately, it does not help. These are the following errors:
Error: Path to "svn.exe" does not exist: /usr/bin/svn
#0 /home/xxxx/yyyyy.pl/test/classes/providers/RepositoryViewProvider.class.php(67): IF_SVNClientC->__construct('/usr/bin/svn')
#1 /home/xxxx/yyyyy.pl/test/classes/providers/RepositoryViewProvider.class.php(106): svnadmin\providers\RepositoryViewProvider->__construct()
#2 /home/xxxx/yyyyy.pl/test/include/config.inc.php(287): svnadmin\providers\RepositoryViewProvider::getInstance()
#3/home/xxxx/yyyyy.pl/test/settings.php(2): include('/home/xxxx/yy...')
#4 {main}

Implement cached LDAP provider

Add one more layer for the current LDAP provider which provides caching functionality by using the SVNAuthFile.

Why?
Using LDAP with 1000+ users takes much time for each page request.

Missing features

  1. Username + E-Mail address
  2. Invite User to svn by sending out an E-Mail

We used both features in svnmanger quite often. Especially adding an E-Mail address to an account name is very urgent because it makes life of project admins much more easier, if he knows, who is the person behind a special nickname.

Managed commit hooks

Add an interface (plugin) which enables the custom SVN hooks managed by the iF.SVNAdmin application.

Max execution time problem (loop is never left if problem)

Hello,

I have a MaxExecutionTime problem when I go to the list of repositorie (probably a permission problem to read a folder)

I have thousands of error because the loop is never left

PHP Warning: readdir() expects parameter 1 to be resource, boolean given in /include/ifcorelib/IF_SVNBaseC.class.php on line 134, referer: /grouplist.php

// /include/ifcorelib/IF_SVNBaseC.class.php:134
$hd = opendir( $basePath );
while (($file = readdir($hd)) !== false)
{

creating a new user

Hi Manuel,

Is there an option to create a new user or group in ldap via ifsvnadmin?

Thanks :)

post repository creation script

Define a script that will be executed after the creation of a repository. The script can be used to setup hooks, trac project initialization or additional repository functionality. This script will get repository name and path of the new repository as parameters.

Login with pwd file, users and groups from ldap

Hi,

is it possible to login to the webtool with user credentials stored in a password file, but use ldap users and groups to manage the svn access file?

every time i change to ldap i cant login with the "local account".

Cannot login - LDAP issue? - version 1.6.1

Hi,

I've installed SVNAdmin without any problems with LDAP configuration.
After installation in which I pointed mysefl as an administrator I was redirected to loging panel.
I used credentials from LDAP but I coundn't login.
There is no info in the apache log. How can investigate what is wrong?

I kindy ask for your support
Regards,
Tomasz

My configuration
[Ldap]
HostAddress=ldap://localhost:389/
ProtocolVersion=3
BindDN=cn=admin,dc=ictbackyard,dc=com
BindPassword=admin
CacheEnabled=false
CacheFile=./data/ldap.cache.json

[Users:ldap]
BaseDN=ou=Accounts,dc=ictbackyard,dc=com
SearchFilter=(&(objectClass=inetOrgPerson))
Attributes=uid

[Groups:ldap]
BaseDN=DC=insanefactory,DC=com
SearchFilter=(objectClass=group)
Attributes=sAMAccountName
GroupsToUserAttribute=member
GroupsToUserAttributeValue=distinguishedName

[Update:ldap]
AutoRemoveUsers=true
AutoRemoveGroups=true

E-Mail address as alias

If you are implementing aliases, can we please have the possibility to add an e-mail field to user create/edit?

Auto class loading

Actually all classes which are used getting included in the /data/config.inc.php file. Better way would be to use an custom class loader.

Probably requires a new structure of source files.

Repository name limitation

Hello,

It's not possible to create a new repository with a '.' caracter.
my deposit are often domain
Ex : "wixiweb.fr"

Thanks

You have not defined an "UserEditProviderType".

You have not defined an "UserEditProviderType", but the system also could not find any user from the configured user view provider.
You should now create a new user in your configured backend (e.g.: LDAP/Active Directory).

Max execution time problem (loop is never left if problem)

Hello,

I have a MaxExecutionTime problem when I go to the list of repositorie (probably a permission problem to read a folder)

I have thousands of error because the loop is never left

PHP Warning: readdir() expects parameter 1 to be resource, boolean given in /include/ifcorelib/IF_SVNBaseC.class.php on line 134, referer: /grouplist.php

// /include/ifcorelib/IF_SVNBaseC.class.php:134
$hd = opendir( $basePath );
while (($file = readdir($hd)) !== false)
{

iF.SVNAdmin screenshots usage.

Hi,

Please clarify if it is allowed to use iF.SVNAdmin screenshots in the following cases (please point restrictions if they apply):

  1. Internal organization/company usage,
  2. Usage within ecosystem, partners and cooperating companies with signed NDAs and agreements,
  3. Public usage on conferences and lectures.

Screenshot are to be used within documentation and presentations.
Kind regards,
Tomasz Zieleniewski

Location based roles

Feature request
Use case: I have a svn server with several users. Some of them are in project team. Their leader requests right to manage other project members access rights (read/write). As I see current codebase only allow that in server wide but I would like to do this in repository or access-path wide.

Thanks

Initial setup doesn't work

The config.tpl.ini gets copied to config.ini on first application start and the user gets redirected to settings.php to enter initial configuration values.

Since 1.6.1 it doesn't work anymore, because the IF_SVNClientC constructors throws an exception, as soon as the path to the svn.exe is wrong (which it is from the beginning!).

unable to fetch all the users and groups from openldap

i am trying to integrate ifsvnadmin with openldap. I was able to make a bind to the ldap server. But when i try to fetch all the users and groups, it returns nothing. In the ldap server i see that i clearly have 5 users.

Below is my LDAP user information details:

Base DN - OU=example,DC=maxcrc,DC=com
Search Filter - (&(objectClass=person)(objectClass=user))
Attributes - sAMAccountName

and in the log file, i dont see any errors.

any suggestions? quick help would be appreciated :) thanks in advance

many SVNAuthFile files

Hi guys,

I'm trying to migrate to iF.SVNAdmin from a legacy environment. The problem is that I have many SVN Access Files, each one for a different SVN project. Since in config.ini i can use just one SVNAuthFile, there is any way i can manage these repositories/AuthFile using just one iF.SVNAdmin instalation?

I thought to have several config.ini and manage Apache to some how choose the right file.

sorry to ask this here but i didn’t found the answer in any other place.

Regards

Another installing problem on Linux

Hi,

tried to install svnadmin on linux machine. Downloaded zip file, unzip it, copy its content to /var/www/svnadmin, change file permission on ./data folder but when I tried to get to http://server/svnadmin... page is completely blank. Any idea what have I done wrong? Thank you.

Error when browsing and creating repos

Hey there! Great job with this tool! Besides the repo-handling stuff, everything works like a charm.

When browsing an existing repo (preexisting repos are located just fine):
XML parse error: (code=5) Invalid document end
The error is originating in repository/repositoryview.html.php at line 5:

 <a href="repositoryview.php?pi=<?php print(GetValue("Repository")->getEncodedParentIdentifier()); ?>&amp;r=<?php print(GetValue("Repository")->getEncodedN$
  : <?php PrintStringValue("CurrentPath"); ?>

whereas the function call that throws the exception is:

print(GetValue("Repository")->getEncodedParentIdentifier());

When creating a new repo via the web interface however, i get the following exception:

Command="/usr/bin/svnadmin" create --fs-type 'fsfs' "../brian_cache/repo"; Return=1; Output=Array;

Permissions seem to be alright, and after some hours of debugging im still unsure what the problem is. Maybe it's the config?

My config:

[Common]
FirstStart=0
BackupFolder=./data/backup/

[Translation]
Directory=./translations/

[Engine:Providers]
AuthenticationStatus=basic
UserViewProviderType=passwd
UserEditProviderType=passwd
GroupViewProviderType=svnauthfile
GroupEditProviderType=svnauthfile
AccessPathViewProviderType=svnauthfile
AccessPathEditProviderType=svnauthfile
RepositoryViewProviderType=svnclient
RepositoryEditProviderType=svnclient

[ACLManager]
UserRoleAssignmentFile=./data/userroleassignments.ini

[Subversion]
SVNAuthFile=../brian_cache/.brian_cache.svnauthz

[Repositories:svnclient]
SVNParentPath=../brian_cache
SvnExecutable=/usr/bin/svn
SvnAdminExecutable=/usr/bin/svnadmin

[Users:passwd]
SVNUserFile=../brian_cache/.brian_cache.htpasswd

[Users:digest]
SVNUserDigestFile=../brian_cache/.brian_cache.digest
SVNDigestRealm=Kernspeicher

[GUI]
RepositoryDeleteEnabled=false
RepositoryDumpEnabled=false
AllowUpdateByGui=true
ApacheDirectoryListing=https://<whatever>/brian_cache/%1/%2

(i played around with authtype digest, but currently am using plain htpasswd)

Thanks for your help,
C

LDAP and svnauthfile

Is possible to use both on users and permissions, or its hard to change to get this?

Thanks

Potential security bug

If an "Administrator" grants "Role-Manager" role user X than this user can raise this privilege to "Administrator" role for himself.

Password restrictions

Since users have the possibility to change their own password, it should be possible to define some restrictions for their password complexity.

Use SID from LDAP (ActiveDirectory) instead of sAMAccountName

Discussion from website to this issue:

Jacq says:
March 13, 2012 at 9:24 pm

Hi,
I’m using iF.SVNAdmin since last release and I would like to try it together with visualsvn server.
The problem is that visualsvn server stores the permisions in an auth-win file and uses the windows SID instead of the samaccountname. I think this decission was made some time ago to support active directory integration and to support AD groups.
Could you think about adding the option for if.svnadmin to use SID instead usernames when integrated to AD?
The easier change neccesary should be to translate the SID to usernames and keep the same auth-win file for both apps, but the issue will be more difficult when the SID belongs to a AD group.
Here is a related thread explaining the same problem with websvn+visualsvn, but they decided not to add the support due to be a visualsvn issue.
Thanks


Manuel Freiholz says:
March 14, 2012 at 7:49 pm

Hi Jacq,
i will have a further look at it.

Is the SID an attribute of the member in Active Directory?


Jacq says:
March 14, 2012 at 10:52 pm

Yes is an unique identifier of all active directory objects.
I think that visualsvn switch to SID instead of names to support activedirectory group, they could have used samaccountname but I think it may be not unique.
May be for ifsvnadmin the natural approach should be to define a new group provider for ldap.
If you prefer we could move this conversation to the issues tracker.

support for authorization settings in per-repository files

VisualSVN Server 2.6 introduce change to authorization file, which cause that SVNAdmin is no longer working with VisualSVN Server 2.6.
Information from VisualSVN changelog:

Move authorization settings to per-repository files. For enhanced isolation of security settings and better performance, each repository now has it's dedicated authorization settings file ('VisualSVN.svn-authz' or 'VisualSVN.win-authz' file in a '/conf/' folder of a repository). The repositories root no longer has Read / Write permission set for "Everyone" group by default.

LDAP group settings in config.ini

Hi,
Manuel may you please provide a short description of the LDAP group mechanism and configuration?
What is the relation between LDAP groups and authz groups in SVN?
How should be groups created in LDAP in order to have mutual synchroznization?
Thanks in advance
Tomasz

Move translations into a *.php file with variables

Instead of using a *.csv file format, migrate everything to use *.php files with variables, e.g.:

<?php
$TR["KEY_1"] = "Example Text";
$TR["KEY_2"] = "Some more text...";
$TR["KEY_3"] = "Text with %1 custom variables/arguments";
?>
  • context based translation is possible
  • the translation manager of "Roundcube Webmailer" may be used

Add better project management

Add a new page for project management.
The current "Quick 'n Dirty" way with Projekt-Managers on the Access-Path list page is not enough.

Feel free to post more ideas about this topic..

Logging

Add some logging mechanisms for debug and security purpose.

Example sections:

  • SVN Commands
  • Logins or failed login attempts
  • Right changes
    ... and more ...

Load / import repository

Add a "load/import" button for each repository on the repository-list-page and maybe direct on the "create new repository" page.

Role management

Add custom pages to manage roles. Enable the administrator to create custom roles or modify existing roles and their rights.

Unassign an user from Access-Path fails

If I select one or more users from Access-Path of a Repository the action failes with php error:

Catchable fatal error: Argument 1 passed to svnadmin\core\Engine::addException() must be an instance of Exception, string given, called in /data/svnadmin-1.6/classes/core/Engine.class.php(316) : eval()'d code on line 90 and defined in /data/svnadmin-1.6/classes/core/Engine.class.php on line 17

I checked the source and in unnasign_permission.php this exception is fired:
$appEngine->addException(tr("Can not remove user %0 from access path %1", array($oU->name, $oAP->path)));
and it failes due to string error.

I was not able to figure out why this exception is fired

Synchronize provide a disaster in a particular configuration

Hi,

Thanks you for your great product.

I have found an issue with version 1.6.1.

My data provider configuration:
User view provider type: ldap
User edit provider type: off
Group view provider type: svnauthfile
Group edit provider type: svnauthfile
Repository view provider type: off
Repository edit provider type: off

LDAP providers:
Search filter: (samAccountType=805306368)
Attributes: sAMAccountName

When I clic on "Update > Synchronize" it remove all my group in the subversion authorization file. The management of group works fine (add, manage, remove groups).

[Tue Feb 05 11:19:01 2013] [error] [client 127.0.0.1] PHP Warning: ldap_search() [function.ldap-search]: Partial search results returned: Sizelimit exceeded in C:\wamp\www\iFSVNAdmin\include\ifcorelib\IF_AbstractLdapConnector.class.php on line 291, referer: http://localhost/iFSVNAdmin/update.php
[Tue Feb 05 11:19:01 2013] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/iFSVNAdmin/update.php
[Tue Feb 05 11:19:01 2013] [error] [client 127.0.0.1] PHP 1. {main}() C:\wamp\www\iFSVNAdmin\update.php:0, referer: http://localhost/iFSVNAdmin/update.php
[Tue Feb 05 11:19:01 2013] [error] [client 127.0.0.1] PHP 2. svnadmin\core\Engine->handleAction() C:\wamp\www\iFSVNAdmin\update.php:41, referer: http://localhost/iFSVNAdmin/update.php
[Tue Feb 05 11:19:01 2013] [error] [client 127.0.0.1] PHP 3. eval() C:\wamp\www\iFSVNAdmin\classes\core\Engine.class.php:313, referer: http://localhost/iFSVNAdmin/update.php
[Tue Feb 05 11:19:01 2013] [error] [client 127.0.0.1] PHP 4. svnadmin\providers\ldap\LdapUserViewProvider->update() C:\wamp\www\iFSVNAdmin\classes\core\Engine.class.php(313) : eval()'d code:54, referer: http://localhost/iFSVNAdmin/update.php
[Tue Feb 05 11:19:01 2013] [error] [client 127.0.0.1] PHP 5. svnadmin\providers\ldap\LdapUserViewProvider->updateSvnAuthFile() C:\wamp\www\iFSVNAdmin\classes\providers\ldap\LdapUserViewProvider.class.php:247, referer: http://localhost/iFSVNAdmin/update.php
[Tue Feb 05 11:19:01 2013] [error] [client 127.0.0.1] PHP 6. svnadmin\providers\ldap\LdapUserViewProvider->userExists() C:\wamp\www\iFSVNAdmin\classes\providers\ldap\LdapUserViewProvider.class.php:767, referer: http://localhost/iFSVNAdmin/update.php
[Tue Feb 05 11:19:01 2013] [error] [client 127.0.0.1] PHP 7. IF_AbstractLdapConnector->objectSearch() C:\wamp\www\iFSVNAdmin\classes\providers\ldap\LdapUserViewProvider.class.php:295, referer: http://localhost/iFSVNAdmin/update.php
[Tue Feb 05 11:19:01 2013] [error] [client 127.0.0.1] PHP 8. ldap_search() C:\wamp\www\iFSVNAdmin\include\ifcorelib\IF_AbstractLdapConnector.class.php:291, referer: http://localhost/iFSVNAdmin/update.php

Tell me if you need more information.

Regards,

Wrong user name in userroleassignments.ini after installation.

Hi,

During an installtion I configured the LDAP authentication.
In my setup LDAP users are identified by uid param. User identifiers contain @ sign.
After configuration saving user name in userroleassignments.ini contained %40 instead of @ sign.
This required manual replacement while user couldn't login.
Future administration roles assignment through gui used correct names.

Regards
Tomasz

Synchronize action removes random ldap users from access file

I created access-paths and added ldap users to them. SVNAdmin wrote these users to access file.
If I do a force synchronize then some of users removed from access file (webpage said that users no longer exists but i can readd them at access-paths page). If i set AutoRemoveUsers=false then no problem.

My setup:
version: 1.6.2
User view provider type: ldap
Group view provider type: off
Repository view provider type: off

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.