LDAP + SASL authentification

I’ve found again, that simple things don’t get so simple in OpenSource world, and you have to do it yourself when you want something. That’s the difference, in the world of commercial software you have to, either pay big money or you never get feature you need (and mostly both ;-))

I’ve  slightly unusual and paranoid subversions svnserve setup (which i’ll describe later) and my requirement was to use LDAP for user authentication. Well i’know there is possibility to use apache ldap authentication for this, but running separate web server only for having this, is imho not a good idea. So my next try was SASL authentication that svn now supports.  New dilemma raised, because subversion disallows PLAIN authentication mechanism, I needed either plain text passwords in LDAP or write my own SASL plugin. Fortunately i’ve found this page http://southbrain.com/south/2008/06/writing-a-cyrus-sasl-ldap-auxp.html, with existing solution and (almost) working code.

Subversion however didn’t cooperated well with this (ie. it passes realm within username to sasl etc…), so i’ve to made some modifications to let this work for me and my existing setup. So here it is eldap (easy ldap) auxprop module.

I’ve made some cleanups to the code, simplified installation, added some little features and fixed some bugs and I’m releasing this as separate module (however still compatible with original gienger ldap). Later i’m planning to describe how to modify your LDAP (and some ldap user management applications) to let it work with this. Till than you have to read original post about how to do it (or bug me).

I hope it helps you.