When integrating LDAP with Subversion Edge (now known as Apache Subversion with ViewVC), administrators often encounter situations where authenticated LDAP users don't appear in the web console's user selection interface for role assignment. This occurs because:
- Subversion Edge doesn't automatically populate user lists from LDAP
- The system requires explicit role mapping for LDAP-authenticated users
- There's no automatic synchronization between LDAP directories and the console
To properly assign roles to LDAP users, follow these configuration steps:
1. Log in to Subversion Edge web console as admin
2. Navigate to: Settings → Authentication
3. Select "LDAP" as the authentication method
4. Configure your LDAP server parameters:
- Server URL: ldap://your.ldap.server:389
- Base DN: dc=example,dc=com
- User DN pattern: uid={0},ou=users
5. Save the configuration
6. Restart the Subversion Edge serviceFor users still not appearing, create a CSV file with the following format:
username,role
jdoe,admin
asmith,developer
bjones,reviewerThen upload it via:
curl -X POST -F "file=@users_roles.csv" http://admin:password@svn-server:3343/csv/security/role-membership/uploadAs a last resort, you can modify the database directly:
UPDATE SVN_SECURITY_ROLE_MEMBERSHIP
SET USERNAME = 'ldap_username'
WHERE ROLE_ID = 'desired_role_id';Remember to back up your database before making direct changes.
- Verify LDAP bind credentials are correct
- Check network connectivity between Subversion Edge and LDAP server
- Ensure user attributes match your LDAP configuration
- Review server logs for authentication errors
When integrating LDAP with Subversion Edge, a common frustration occurs when authenticated LDAP users don't appear in the web console's user list. This prevents administrators from assigning them to roles like "Repository Read" or "Repository Write". The root cause typically lies in Subversion Edge's default behavior of only displaying users who have previously logged in through the web interface.
Since LDAP users won't automatically populate in the UI until their first login, you'll need to manually trigger their appearance. Here's the step-by-step process:
1. Have the LDAP user attempt to log in to the Subversion Edge web interface
2. After successful login (even if they see no permissions), check the Users list
3. The user should now appear in the consoleFor larger deployments, manually triggering each user login isn't practical. You can use Subversion Edge's REST API to automate role assignment:
POST /svnedge/api/1.0/users/{username}/roles
Content-Type: application/json
Authorization: Basic {base64-encoded-admin-credentials}
{
"roleName": "Repository Read",
"repository": "project-repo"
}Here's a Python script to assign roles to multiple LDAP users at once:
import requests
from requests.auth import HTTPBasicAuth
edge_url = "https://svn-edge.example.com/svnedge/api/1.0"
admin_user = "admin"
admin_pass = "password"
users = ["ldap_user1", "ldap_user2", "ldap_user3"]
role = "Repository Write"
for user in users:
response = requests.post(
f"{edge_url}/users/{user}/roles",
json={"roleName": role},
auth=HTTPBasicAuth(admin_user, admin_pass)
)
if response.status_code == 200:
print(f"Successfully assigned {role} to {user}")
else:
print(f"Failed to assign role to {user}: {response.text}")If users still don't appear after these steps:
- Verify LDAP configuration in /opt/csvn/data/conf/csvn-production.conf
- Check Subversion Edge logs at /opt/csvn/data/logs/csvn.log
- Ensure LDAP users have proper DN formatting in their usernames if required
For critical service accounts, you can pre-create them before first login by:
curl -X POST -H "Content-Type: application/json" \
-u admin:password \
-d '{"username":"service_account","password":"temp123","force":true}' \
https://svn-edge.example.com/svnedge/api/1.0/users