Thanks to the Apache project and other Open Source projects, there are multiple options, including LDAP, SSPI, and Kerberos.
The first option is accessing AD users and groups via LDAP. This works for both *Nix and win32 variants. It is also relatively simple to configure and well documented.
Example Apache configuration block:
<Location /svn/> # normal SVN configuration options snipped AuthBasicProvider ldap # Require ldap-group cn=groupname, o=orgunit Require valid-user # basic user authentication AuthType Basic AuthName "LDAP Subversion repository" AuthLDAPBindDN "user@domain" AuthLDAPBindPassword password # Define LDAP query for authenticating against Active Directory AuthLDAPURL ldap://ad.example.com/DC=svnusers,DC=example,DC=com?sAMaccountName?sub?(objectClass=*) </Location>
A second option, for win32 servers, is to use mod_auth_SSPI. This uses the NTLM protocol across the wire to authenticate windows clients against their login session.
Pros: Simple configuration
Cons: Only works for domain clients, only works for win32 servers
Gotchas : have to have the SVN server in the site lists for Trusted or Intranet realms
Example:
<Location /svn/> # normal SVN configuration options snipped SSPIAuth On SSPIDomain example.com SSPIPerRequestAuth On </Location>
The third option is to use Kerberos authentication. If you are operating a mixed Win32/*Nix environment, this is likely already configured and can be leveraged. If this is the path you wish proceed down, please contact Support for more information.
Pros: Completely cross-platform and transparent when configured correctly
Cons: Incorrect configuration can be tricky to troubleshoot.
All of these options are fully supported via the Open Source Subversion support package. The CollabNet Binary support does not cover SSPI nor Kerberos, but it can be used via LDAP.