Server Security

The Security page allows you to configure several security aspects of Sublime.

Anonymous Access

The Anonymous Access section allows you to specify what kind of access non-Sublime users will have to the web interface. This applies to any user browsing to the Sublime web interface who does not log in - and is not a user you created in the User Management screen.

  • None - No anonymous access will be allowed. All users must log in to access the Sublime web interface.
  • Simple Browsing - Anonymous users will be able to browse the sublime web interface and see repositories, but they will not be able to browse repository contents or view the commit log.
  • Full Browsing - Same as Simple Browsing, but users will also be able to browse repository contents and view the commit log.

One thing to note about these options is that they can be overridden on a per-repository basis. When creating a new repository you have the option to specify what kind of access anonymous users should have. If you choose “None”, then no anonymous users will see that repository even if you have granted anonymous users “Full Browsing” on this screen.

Repository Creation

This section allows you to specify who can create new repositories. If you select “Users and Administrators”, then any user will have the ability to create new repositories (not anonymous users however). If you select “Administrators Only”, then only administrators will be able to create new repositories.

How you configure this depends on the polices you want to enforce in your organization.

Security Screen

Authentication

This section allows you to change how your users authenticate to Sublime and also Subversion.

Changing these settings will most likely require you to re-configure permissions for your existing repositories. If you have a large number of existing repositories you may want to avoid making this change.

Subversion Authentication

With Subversion authentication, you create and manage your user accounts directly from the Sublime administration interface. When users access their repositories, they use the SVN protocol over port 3690.

When switching to Subversion authentication, you must enter the username and password for an administrator account. Once you make the change you will be required to log in with this new administrator account.

LDAP / Active Directory Authentication

With LDAP or Active Directory authentication, you will use existing user accounts in your Active Directory or LDAP store. Users will log into Sublime and access their repositories using their existing domain username and password.

Note: If you want to use LDAP / Active Directory authentication, you must have Apache already configured correctly. Sublime will NOT configure this for you.

When switching to LDAP authentication you must provide the following information:

  • LDAP Search Root: Enter the path to your domain where Sublime should look for user accounts. Optionally check the Entire Sub Tree box to specify that all child containers should be searched as well.
  • User Filter: Enter an LDAP filter to filter out service accounts or other objects that should not be considered valid users. You may test these settings by clicking the Test Settings button. When you click this a search will be performed and you will see all accounts that match these settings.
  • Your Username: Enter your own domain username. You will be given administrative rights so that you can continue to manage Sublime.

Authentication Configuration

After you make this change you must log in using the same username you entered in the Your Username field.