Hi,

I have svnadmin running on linux debian. After Configuration with LDAP it told me that no users could be found.
After investigating the code a little bit, I found out, that the problem was, that ldap_search was executed with a limit set to zero (which means unlimited).
For some reason (sadly I do not know exactly) this won't work for me.
To make it work I had to set
ldap_set_option($conn, LDAP_OPT_REFERRALS, 0);
before ldap_search() calls.

Hope this helps.

Support for native svn-deamon without an apache configuration.

• no path based authorization?

It would be cool if multiple SVNParentPath values could be supported. For examples we have a /home/svn/repositories for active projects and a /home/svn/archives for closed projects. This structure simplifies the backup procedures and simplify the management of projects.
WebSVN is also used in our Subversion server and also support multiple values for SVNParentPath.

IF.SVNAdmin is a cool project and we recommend it to friends and customers.

Sincerely

When browsing a repository and clicking a folder's or file's link to the left, you will receive a broken URL, in case the repository-string contained url-encoded characters(e.g.: "-",".","/","","ä" ).
By adding urldecode(); you can fix this behavior. As the repo takes care of preventing URI-encapsulation (URIs as filenames, ...) this should be quite safe, but I'd still recommend looking through the source to see if this could break anywhere... just in case.

Here is the fix:

./pages/repository/repositoryview.html.php

at

78,79c78,79
<       <?php if (GetBoolValue("ApacheWebLink")) { ?><a href="<?php print(urldecode($item->apacheWebLink)); ?>" target="_blank"><img src="templates/images/apache-icon.png" alt="A" title="Apache WebDAV"></a><?php } ?>
<       <?php if (GetBoolValue("CustomWebLink")) { ?><a href="<?php print(urldecode($item->customWebLink)); ?>" target="_blank"><img src="templates/images/weblink-icon.gif" alt="W" title="Custom Subversion Browser"></a><?php } ?>

---
>       <?php if (GetBoolValue("ApacheWebLink")) { ?><a href="<?php print($item->apacheWebLink); ?>" target="_blank"><img src="templates/images/apache-icon.png" alt="A" title="Apache WebDAV"></a><?php } ?>
>       <?php if (GetBoolValue("CustomWebLink")) { ?><a href="<?php print($item->customWebLink); ?>" target="_blank"><img src="templates/images/weblink-icon.gif" alt="W" title="Custom Subversion Browser"></a><?php } ?>

Thanks for this tool, works great and is much more userfriendly than svnmanager :-).

Hi,

Does iF.SVNAdmin support LDAPS protocol (ldap + ssl) ?

If so where do you provide configuration information about certs files ?

Thanks,

nr

With the release of PHP 5.4 the support for paged LDAP search results has been added. Now it is possible to implement this for iF.SVNAdmin.

PHP Issue: https://bugs.php.net/bug.php?id=42060

e.g. usage:

Its not a "problem".
You have to change those paths into something like:

SvnAdminExecutable=/usr/bin/svnadmin
SvnExecutable=/usr/bin/svn

and make sure that the apache user (www-data) has permission to execute this binaries (SElinux requires special configuration).

Unfortunately, it does not help. These are the following errors:
Error: Path to "svn.exe" does not exist: /usr/bin/svn
#0 /home/xxxx/yyyyy.pl/test/classes/providers/RepositoryViewProvider.class.php(67): IF_SVNClientC->__construct('/usr/bin/svn')
#1 /home/xxxx/yyyyy.pl/test/classes/providers/RepositoryViewProvider.class.php(106): svnadmin\providers\RepositoryViewProvider->__construct()
#2 /home/xxxx/yyyyy.pl/test/include/config.inc.php(287): svnadmin\providers\RepositoryViewProvider::getInstance()
#3/home/xxxx/yyyyy.pl/test/settings.php(2): include('/home/xxxx/yy...')
#4 {main}

It seems that svnclient requires 'svn.exe' file which is not available in Ubuntu.

what should I do ,when forget admin login password?

Add one more layer for the current LDAP provider which provides caching functionality by using the SVNAuthFile.

Why?
Using LDAP with 1000+ users takes much time for each page request.

1. Username + E-Mail address
2. Invite User to svn by sending out an E-Mail

We used both features in svnmanger quite often. Especially adding an E-Mail address to an account name is very urgent because it makes life of project admins much more easier, if he knows, who is the person behind a special nickname.

Add an interface (plugin) which enables the custom SVN hooks managed by the iF.SVNAdmin application.

Hello,

I have a MaxExecutionTime problem when I go to the list of repositorie (probably a permission problem to read a folder)

I have thousands of error because the loop is never left

PHP Warning: readdir() expects parameter 1 to be resource, boolean given in /include/ifcorelib/IF_SVNBaseC.class.php on line 134, referer: /grouplist.php

// /include/ifcorelib/IF_SVNBaseC.class.php:134
$hd = opendir( $basePath );
while (($file = readdir($hd)) !== false)
{

Hi Manuel,

Is there an option to create a new user or group in ldap via ifsvnadmin?

Thanks :)

Define a script that will be executed after the creation of a repository. The script can be used to setup hooks, trac project initialization or additional repository functionality. This script will get repository name and path of the new repository as parameters.

Hi,

is it possible to login to the webtool with user credentials stored in a password file, but use ldap users and groups to manage the svn access file?

every time i change to ldap i cant login with the "local account".

Hi,

I've installed SVNAdmin without any problems with LDAP configuration.
After installation in which I pointed mysefl as an administrator I was redirected to loging panel.
I used credentials from LDAP but I coundn't login.
There is no info in the apache log. How can investigate what is wrong?

I kindy ask for your support
Regards,
Tomasz

My configuration
[Ldap]
HostAddress=ldap://localhost:389/
ProtocolVersion=3
BindDN=cn=admin,dc=ictbackyard,dc=com
BindPassword=admin
CacheEnabled=false
CacheFile=./data/ldap.cache.json

[Users:ldap]
BaseDN=ou=Accounts,dc=ictbackyard,dc=com
SearchFilter=(&(objectClass=inetOrgPerson))
Attributes=uid

[Groups:ldap]
BaseDN=DC=insanefactory,DC=com
SearchFilter=(objectClass=group)
Attributes=sAMAccountName
GroupsToUserAttribute=member
GroupsToUserAttributeValue=distinguishedName

[Update:ldap]
AutoRemoveUsers=true
AutoRemoveGroups=true

If you are implementing aliases, can we please have the possibility to add an e-mail field to user create/edit?

Hi,

I have the following config.ini configuration:
[GUI]
..
ApacheDirectoryListing=https://host/svn/%1/%2

The generated link contains an extra sign on the second level of relative path part, which points to wrong resource: https://host/svn/repo/ina%2Fsce

I use version 1.6.1.

Kind regards,
Tomasz Zieleniewski

Actually all classes which are used getting included in the /data/config.inc.php file. Better way would be to use an custom class loader.

Probably requires a new structure of source files.

Hello,

It's not possible to create a new repository with a '.' caracter.
my deposit are often domain
Ex : "wixiweb.fr"

Thanks

You have not defined an "UserEditProviderType", but the system also could not find any user from the configured user view provider.
You should now create a new user in your configured backend (e.g.: LDAP/Active Directory).

Hello,

I have a MaxExecutionTime problem when I go to the list of repositorie (probably a permission problem to read a folder)

I have thousands of error because the loop is never left

PHP Warning: readdir() expects parameter 1 to be resource, boolean given in /include/ifcorelib/IF_SVNBaseC.class.php on line 134, referer: /grouplist.php

// /include/ifcorelib/IF_SVNBaseC.class.php:134
$hd = opendir( $basePath );
while (($file = readdir($hd)) !== false)
{

Hi,

Please clarify if it is allowed to use iF.SVNAdmin screenshots in the following cases (please point restrictions if they apply):

1. Internal organization/company usage,
2. Usage within ecosystem, partners and cooperating companies with signed NDAs and agreements,
3. Public usage on conferences and lectures.

Screenshot are to be used within documentation and presentations.
Kind regards,
Tomasz Zieleniewski

I just have installed apache and subversion (3rd package) and it's working. But I can't install IF.SVNAdmin (error : The file does not exist)

Feature request
Use case: I have a svn server with several users. Some of them are in project team. Their leader requests right to manage other project members access rights (read/write). As I see current codebase only allow that in server wide but I would like to do this in repository or access-path wide.

Thanks

The config.tpl.ini gets copied to config.ini on first application start and the user gets redirected to settings.php to enter initial configuration values.

Since 1.6.1 it doesn't work anymore, because the IF_SVNClientC constructors throws an exception, as soon as the path to the svn.exe is wrong (which it is from the beginning!).

i am trying to integrate ifsvnadmin with openldap. I was able to make a bind to the ldap server. But when i try to fetch all the users and groups, it returns nothing. In the ldap server i see that i clearly have 5 users.

Below is my LDAP user information details:

Base DN - OU=example,DC=maxcrc,DC=com
Search Filter - (&(objectClass=person)(objectClass=user))
Attributes - sAMAccountName

and in the log file, i dont see any errors.

any suggestions? quick help would be appreciated :) thanks in advance

Add a "download/dump" button for each repository on the repository-list-page.

Hi guys,

I'm trying to migrate to iF.SVNAdmin from a legacy environment. The problem is that I have many SVN Access Files, each one for a different SVN project. Since in config.ini i can use just one SVNAuthFile, there is any way i can manage these repositories/AuthFile using just one iF.SVNAdmin instalation?

I thought to have several config.ini and manage Apache to some how choose the right file.

sorry to ask this here but i didn’t found the answer in any other place.

Regards

Hi,

tried to install svnadmin on linux machine. Downloaded zip file, unzip it, copy its content to /var/www/svnadmin, change file permission on ./data folder but when I tried to get to http://server/svnadmin... page is completely blank. Any idea what have I done wrong? Thank you.

Add a plugin API.
Change all providers to plugins.

Hey there! Great job with this tool! Besides the repo-handling stuff, everything works like a charm.

When browsing an existing repo (preexisting repos are located just fine):
XML parse error: (code=5) Invalid document end
The error is originating in repository/repositoryview.html.php at line 5:

 <a href="repositoryview.php?pi=<?php print(GetValue("Repository")->getEncodedParentIdentifier()); ?>&amp;r=<?php print(GetValue("Repository")->getEncodedN$
  : <?php PrintStringValue("CurrentPath"); ?>

whereas the function call that throws the exception is:

print(GetValue("Repository")->getEncodedParentIdentifier());

When creating a new repo via the web interface however, i get the following exception:

Command="/usr/bin/svnadmin" create --fs-type 'fsfs' "../brian_cache/repo"; Return=1; Output=Array;

Permissions seem to be alright, and after some hours of debugging im still unsure what the problem is. Maybe it's the config?

My config:

[Common]
FirstStart=0
BackupFolder=./data/backup/

[Translation]
Directory=./translations/

[Engine:Providers]
AuthenticationStatus=basic
UserViewProviderType=passwd
UserEditProviderType=passwd
GroupViewProviderType=svnauthfile
GroupEditProviderType=svnauthfile
AccessPathViewProviderType=svnauthfile
AccessPathEditProviderType=svnauthfile
RepositoryViewProviderType=svnclient
RepositoryEditProviderType=svnclient

[ACLManager]
UserRoleAssignmentFile=./data/userroleassignments.ini

[Subversion]
SVNAuthFile=../brian_cache/.brian_cache.svnauthz

[Repositories:svnclient]
SVNParentPath=../brian_cache
SvnExecutable=/usr/bin/svn
SvnAdminExecutable=/usr/bin/svnadmin

[Users:passwd]
SVNUserFile=../brian_cache/.brian_cache.htpasswd

[Users:digest]
SVNUserDigestFile=../brian_cache/.brian_cache.digest
SVNDigestRealm=Kernspeicher

[GUI]
RepositoryDeleteEnabled=false
RepositoryDumpEnabled=false
AllowUpdateByGui=true
ApacheDirectoryListing=https://<whatever>/brian_cache/%1/%2

(i played around with authtype digest, but currently am using plain htpasswd)

Thanks for your help,
C

Is possible to use both on users and permissions, or its hard to change to get this?

Thanks

If an "Administrator" grants "Role-Manager" role user X than this user can raise this privilege to "Administrator" role for himself.

Since users have the possibility to change their own password, it should be possible to define some restrictions for their password complexity.

Discussion from website to this issue:

Jacq says:
March 13, 2012 at 9:24 pm

Hi,
I’m using iF.SVNAdmin since last release and I would like to try it together with visualsvn server.
The problem is that visualsvn server stores the permisions in an auth-win file and uses the windows SID instead of the samaccountname. I think this decission was made some time ago to support active directory integration and to support AD groups.
Could you think about adding the option for if.svnadmin to use SID instead usernames when integrated to AD?
The easier change neccesary should be to translate the SID to usernames and keep the same auth-win file for both apps, but the issue will be more difficult when the SID belongs to a AD group.
Here is a related thread explaining the same problem with websvn+visualsvn, but they decided not to add the support due to be a visualsvn issue.
Thanks

Manuel Freiholz says:
March 14, 2012 at 7:49 pm

Hi Jacq,
i will have a further look at it.

Is the SID an attribute of the member in Active Directory?

Jacq says:
March 14, 2012 at 10:52 pm

Yes is an unique identifier of all active directory objects.
I think that visualsvn switch to SID instead of names to support activedirectory group, they could have used samaccountname but I think it may be not unique.
May be for ifsvnadmin the natural approach should be to define a new group provider for ldap.
If you prefer we could move this conversation to the issues tracker.

VisualSVN Server 2.6 introduce change to authorization file, which cause that SVNAdmin is no longer working with VisualSVN Server 2.6.
Information from VisualSVN changelog:

Move authorization settings to per-repository files. For enhanced isolation of security settings and better performance, each repository now has it's dedicated authorization settings file ('VisualSVN.svn-authz' or 'VisualSVN.win-authz' file in a '/conf/' folder of a repository). The repositories root no longer has Read / Write permission set for "Everyone" group by default.

I'm sure that this comand is run correctly with bash.Any suggest?

Hi,
Manuel may you please provide a short description of the LDAP group mechanism and configuration?
What is the relation between LDAP groups and authz groups in SVN?
How should be groups created in LDAP in order to have mutual synchroznization?
Thanks in advance
Tomasz

Instead of using a *.csv file format, migrate everything to use *.php files with variables, e.g.:

<?php
$TR["KEY_1"] = "Example Text";
$TR["KEY_2"] = "Some more text...";
$TR["KEY_3"] = "Text with %1 custom variables/arguments";
?>

• context based translation is possible
• the translation manager of "Roundcube Webmailer" may be used

Add a new page for project management.
The current "Quick 'n Dirty" way with Projekt-Managers on the Access-Path list page is not enough.

Feel free to post more ideas about this topic..

Add some logging mechanisms for debug and security purpose.

Example sections:

• SVN Commands
• Logins or failed login attempts
• Right changes
  ... and more ...

Add a "load/import" button for each repository on the repository-list-page and maybe direct on the "create new repository" page.

Add custom pages to manage roles. Enable the administrator to create custom roles or modify existing roles and their rights.

If I select one or more users from Access-Path of a Repository the action failes with php error:

Catchable fatal error: Argument 1 passed to svnadmin\core\Engine::addException() must be an instance of Exception, string given, called in /data/svnadmin-1.6/classes/core/Engine.class.php(316) : eval()'d code on line 90 and defined in /data/svnadmin-1.6/classes/core/Engine.class.php on line 17

I checked the source and in unnasign_permission.php this exception is fired:
$appEngine->addException(tr("Can not remove user %0 from access path %1", array($oU->name, $oAP->path)));
and it failes due to string error.

I was not able to figure out why this exception is fired

Hi,

Thanks you for your great product.

I have found an issue with version 1.6.1.

My data provider configuration:
User view provider type: ldap
User edit provider type: off
Group view provider type: svnauthfile
Group edit provider type: svnauthfile
Repository view provider type: off
Repository edit provider type: off

LDAP providers:
Search filter: (samAccountType=805306368)
Attributes: sAMAccountName

When I clic on "Update > Synchronize" it remove all my group in the subversion authorization file. The management of group works fine (add, manage, remove groups).

[Tue Feb 05 11:19:01 2013] [error] [client 127.0.0.1] PHP Warning: ldap_search() [function.ldap-search]: Partial search results returned: Sizelimit exceeded in C:\wamp\www\iFSVNAdmin\include\ifcorelib\IF_AbstractLdapConnector.class.php on line 291, referer: http://localhost/iFSVNAdmin/update.php
[Tue Feb 05 11:19:01 2013] [error] [client 127.0.0.1] PHP Stack trace:, referer: http://localhost/iFSVNAdmin/update.php
[Tue Feb 05 11:19:01 2013] [error] [client 127.0.0.1] PHP 1. {main}() C:\wamp\www\iFSVNAdmin\update.php:0, referer: http://localhost/iFSVNAdmin/update.php
[Tue Feb 05 11:19:01 2013] [error] [client 127.0.0.1] PHP 2. svnadmin\core\Engine->handleAction() C:\wamp\www\iFSVNAdmin\update.php:41, referer: http://localhost/iFSVNAdmin/update.php
[Tue Feb 05 11:19:01 2013] [error] [client 127.0.0.1] PHP 3. eval() C:\wamp\www\iFSVNAdmin\classes\core\Engine.class.php:313, referer: http://localhost/iFSVNAdmin/update.php
[Tue Feb 05 11:19:01 2013] [error] [client 127.0.0.1] PHP 4. svnadmin\providers\ldap\LdapUserViewProvider->update() C:\wamp\www\iFSVNAdmin\classes\core\Engine.class.php(313) : eval()'d code:54, referer: http://localhost/iFSVNAdmin/update.php
[Tue Feb 05 11:19:01 2013] [error] [client 127.0.0.1] PHP 5. svnadmin\providers\ldap\LdapUserViewProvider->updateSvnAuthFile() C:\wamp\www\iFSVNAdmin\classes\providers\ldap\LdapUserViewProvider.class.php:247, referer: http://localhost/iFSVNAdmin/update.php
[Tue Feb 05 11:19:01 2013] [error] [client 127.0.0.1] PHP 6. svnadmin\providers\ldap\LdapUserViewProvider->userExists() C:\wamp\www\iFSVNAdmin\classes\providers\ldap\LdapUserViewProvider.class.php:767, referer: http://localhost/iFSVNAdmin/update.php
[Tue Feb 05 11:19:01 2013] [error] [client 127.0.0.1] PHP 7. IF_AbstractLdapConnector->objectSearch() C:\wamp\www\iFSVNAdmin\classes\providers\ldap\LdapUserViewProvider.class.php:295, referer: http://localhost/iFSVNAdmin/update.php
[Tue Feb 05 11:19:01 2013] [error] [client 127.0.0.1] PHP 8. ldap_search() C:\wamp\www\iFSVNAdmin\include\ifcorelib\IF_AbstractLdapConnector.class.php:291, referer: http://localhost/iFSVNAdmin/update.php

Tell me if you need more information.

Regards,

Hi,

During an installtion I configured the LDAP authentication.
In my setup LDAP users are identified by uid param. User identifiers contain @ sign.
After configuration saving user name in userroleassignments.ini contained %40 instead of @ sign.
This required manual replacement while user couldn't login.
Future administration roles assignment through gui used correct names.

Regards
Tomasz

The project structure

*/trunk
*/branches
*/tags

should be created within one commit (revision).

Command:
svn mkdir /var/svn/repo1/trunk /var/svn/repo1/branches /var/svn/repo1/tags

I created access-paths and added ldap users to them. SVNAdmin wrote these users to access file.
If I do a force synchronize then some of users removed from access file (webpage said that users no longer exists but i can readd them at access-paths page). If i set AutoRemoveUsers=false then no problem.

My setup:
version: 1.6.2
User view provider type: ldap
Group view provider type: off
Repository view provider type: off