I have a repeating authentication block for each of my repositories and was wondering, if there is a way to reuse the block and optimize our setup.

This setup enables us to browse to code.domain.com to view all the repositories and browse the source code (as all repositories are open for read).

Here is my current configuration:

<VirtualHost *:80>
    DocumentRoot /u01/subversion/repositories
    ServerName code.domain.com
    ServerAdmin admin@domain.com

    <Location />
        Options Indexes MultiViews FollowSymLinks IncludesNoExec
        Order allow,deny
        Allow from all      

    <Location /repoA>
        DAV svn
        SVNPath /u01/subversion/repositories/repoA
        SVNIndexXSLT "/share/svnxslt/svnindex.xsl"

        AuthzSVNAccessFile /u01/subversion/svnrepos.acl
        AuthName "Source Code Repository / Repertoire de code"

        AuthBasicProvider ldap
        AuthType Basic
        AuthzLDAPAuthoritative off
        AuthLDAPURL "ldap://domain.com?sAMAccountName" NONE
        AuthLDAPBindDN "bindDN"
        AuthLDAPBindPassword bindPwd
        Satisfy Any
        Require valid-user

    # duplicated Location for repoB, repoC, etc...


I found this (and implemented it), however, I get the following error:

[Fri Jul 26 14:41:37 2013] [error] [client x.x.x.x] (25)Inappropriate ioctl for device: The URI does not contain the name of a repository. [403, #190001]

Configuration file:

<VirtualHost *:80>
    DocumentRoot /u01/subversion/repositories
    ServerName code.domain.com
    ServerAdmin admin@domain.com

    <Location />

        Options Indexes MultiViews FollowSymLinks IncludesNoExec
        Order allow,deny
        Allow from all

          DAV svn
          SVNParentPath /u01/subversion/repositories
          AuthBasicProvider ldap
          AuthzLDAPAuthoritative Off
          AuthLDAPURL "ldap://domain.com?sAMAccountName" NONE
          AuthLDAPBindDN "bindDN"
          AuthLDAPBindPassword "bindPwd"
          AuthType Basic
          AuthName "Use your sAMAccountName to connect. If you're unsure, write to contact@...com."

    <Location /repoA>
      SVNPath /u01/subversion/respositories/repoA
      Satisfy Any
      require valid-user

    # Other Locations for each repoB, repoC, etc...

Worst case, I keep the redundant configuration I guess.

Update #1

Almost there... can't browse the root of the domain however - get a 401 error...

<VirtualHost *:80>
    ServerName code.domain.com
    ServerAdmin admin@domain.com

    DocumentRoot /u01/subversion/repositories/
    <Directory /u01/subversion/repositories/>
        Options Indexes MultiViews FollowSymLinks IncludesNoExec
        Order allow,deny
        allow from all

    <Location />
        AuthBasicProvider ldap
        AuthType Basic
        AuthzLDAPAuthoritative off
        AuthName "SVN Repository. Authorization required."
        AuthLDAPBindDN "bindDN"
        AuthLDAPBindPassword "bindPwd"
        AuthLDAPURL "ldap://domain.com?sAMAccountName" NONE
        AuthzSVNAccessFile /u01/subversion/svnrepos.acl
        SVNParentPath /u01/subversion/repositories

        Satisfy Any
        Require valid-user

    <Location /repoA>
        DAV svn
        SVNPath /u01/subversion/repositories/repoA
         SVNIndexXSLT /share/svnxslt/svnindex.xsl

    # Other Locations   


Update #2

I'm getting this error now when browsing the root only: Directory index forbidden by Options directive: /u01/subversion/repositories/

However, I see that Indexes is present in the Option declaration in the Directory directive...

Update #3 (Lazy Badger proposed solution)

When I access the root, I see .xsl and .css files and not the repositories. However, /svn/ will list the repo, but the end goal is to have /svn/ be the root of the site instead.

<VirtualHost *:80>

    # /u01/subversion-docs is where .xsl and .css reside
    DocumentRoot "/u01/subversion-docs"

    <Directory />
      Options Indexes MultiViews FollowSymLinks IncludesNoExec
      AllowOverride None
      Order allow,deny
      Allow from all

      RewriteEngine on
      RewriteCond %{REQUEST_URI} ^/svn$
      RewriteRule ^(.*/svn)$ %1/ [R=301,L]

    <Location /svn/>
      DAV svn

      SVNListParentPath on
      SVNParentPath /u01/subversion/repositories
      SVNIndexXSLT "/svnindex.xsl"  


      Satisfy Any
      require valid-user


3 Answers3


I'm using the following config in production environment

<VirtualHost *:80>
    ServerAdmin webmaster@example.net
    ServerName svn.example.net

    DocumentRoot /vhosts/svn.example.net/
    <Directory /vhosts/svn.example.net/>
        Options -Indexes
        AllowOverride None
        Order allow,deny
        allow from all

    <Location />
        AuthBasicProvider ldap
        AuthType Basic
        AuthzLDAPAuthoritative on
        AuthName "SVN Repository. Authorization required."
        AuthLDAPGroupAttribute memberUid
        AuthLDAPGroupAttributeIsDN off
        AuthLDAPBindDN uid=w3-ldap_reader,ou=system,ou=users,dc=example,dc=net
        AuthLDAPBindPassword 7654321
        AuthLDAPURL ldap://,dc=net?uid?sub
        Require ldap-group cn=svn,ou=groups,dc=example,dc=net

    <Location /Soft>
        DAV svn
        SVNPath /svn/soft
        AuthzSVNAccessFile /etc/svn/svn-soft.conf
        SVNReposName "Software repository."
        SVNIndexXSLT "/svnindex.xsl"

    <Location /Education>
        DAV svn
        SVNPath /svn/education
        AuthzSVNAccessFile /etc/svn/svn-edu.conf
        SVNReposName "Education repository."
        SVNIndexXSLT "/svnindex.xsl"

    <Location /Vacation>
        DAV svn
        SVNPath /svn/vacation
        AuthzSVNAccessFile /etc/svn/svn-vacation.conf
        SVNReposName "Vacation repository."
        SVNIndexXSLT "/svnindex.xsl"

    <Location /NDA>
        DAV svn
        SVNPath /svn/NDA
        AuthzSVNAccessFile /etc/svn/svn-nda.conf
        SVNReposName "NDA repository."
        SVNIndexXSLT "/svnindex.xsl"
  • This is much better than mine for sure .... or combine the two ideas an dputh each location it its own conf file. I like modularity as it makes it easier to clone configs and fewer errors. – jeffatrackaid Jul 26 '13 at 19:06
  • @alex-hha I'm really close... I can see the individual repositories fine, however, root gives me 401... I've added Satisfy Any and require valid-user.... – TechFanDan Jul 26 '13 at 19:18
  • I am not a webdav guru but your root probably needs a SVNPath, SVNREposName and xslt. – jeffatrackaid Jul 26 '13 at 19:33
  • @alex-hha I'm not longer seeing a 401... however, I'm not getting a listing of repositories either... see update #2 – TechFanDan Jul 26 '13 at 19:53
  • I have 3 files in the virt doc root - index.html, svnindex.css and svnindex.xsl. The index.html I have created by myself. It contain just у welcome message. – ALex_hha Jul 26 '13 at 20:57

I'm sorry, but you must to read and remember some ABCs before going deeper

  • Single <Location> can handle any amount of Subversion repositories (if they are childs of common directory)
  • Single AuthzSVNAccessFile can handle any amount of repositories and paths inside these repositories
  • Directives, defined in <Location> container, are inherited in subpaths of location, if not explicitly redefined

If you business-task is really

Have a collection of repositories with common LPAD-authentication and XSLT-based templating of HTML-pages with path-based authorization

Let's transform my ugly draft (VisualSVN Server default config used, less important parts skipped) into functional solution for your case

DocumentRoot "htdocs"
<Directory />
  Options FollowSymLinks
  AllowOverride None

  RewriteEngine on
  RewriteCond %{REQUEST_URI} ^/svn$
  RewriteRule ^(.*/svn)$ %1/ [R=301,L]
<Location /svn/>
  DAV svn

  SVNListParentPath on
  SVNIndexXSLT "/svnindex.xsl"  
  AuthType Basic
  AuthBasicProvider file
  AuthUserFile "...htpasswd"
  AuthzSVNAccessFile "...authz"

  Satisfy Any
  require valid-user



  • ServerRoot defined in order to use relative paths later
  • DocumentRoot doesn't correlate with DAV-location later and it's ordinary (not WebDAV) part of site, which contain template for SVNIndexXSLT directive
  • WebDAV location moved out of root of site in order to have "normal" part of site for ordinary http

First change: basic auth replaced by LDAP-powered

<Location /svn/>
  DAV svn

  SVNListParentPath on
  SVNIndexXSLT "/svnindex.xsl"  
  AuthBasicProvider ldap
  AuthType Basic
  AuthzLDAPAuthoritative off
  AuthName "SVN Repository. Authorization required."
  AuthLDAPBindDN "bindDN"
  AuthLDAPBindPassword "bindPwd"
  AuthLDAPURL "ldap://domain.com?sAMAccountName" NONE
  AuthzSVNAccessFile "...authz"
  Satisfy Any
  require valid-user    

Second change: SVNParentPath

<Location /svn/>
  DAV svn

  SVNListParentPath on
  SVNParentPath /u01/subversion/repositories/
  SVNIndexXSLT "/svnindex.xsl"

Third change: ServerRoot+DocumentRoot

Define these roots somehow, don't forget to place svnindex.xsl and all other needed files to DocumentRoot

Fourth change

Add ACLs to AuthzSVNAccessFile, write paths inside collection of repo as [REPO:/PATH/IN/REPO]

Lazy Badger
  • @TekiusFanatikus - check `SVNIndexXSLT` directive – Lazy Badger Aug 04 '13 at 09:41

You may want to use Includes. Still some redundancy but would allow most of your configuration to be set in one file.

Really depends on your goals and how often you maintain these files.

See: http://httpd.apache.org/docs/current/mod/core.html#include

One technique I've used is to use a directory to hold all of the locations. Include this directory in your main apache configuration.

Include /etc/httpd/conf/svn.d/*.conf

Then in svn.d/*.conf I create one file per instance. Say, repoa.conf.

In repoa.conf, I include another file that has the standard stanzas for all repos.

To add a new repo, I just copy repoa.conf to repob.conf, update paths, restart.

Not pretty but quick and easy.

