You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by "Beyer,Nathan" <NB...@CERNER.COM> on 2006/11/02 20:47:57 UTC

AuthzSVNAccessFile and trailing slashes don't mix

I have SVN 1.4.0 running on Apache httpd on Windows 2003 using LDAP
authentication against ActiveDirectory. I have multiple repos and I've
been able to individually configure each of the repos to restrict
read-write access to specific users, but I can't get more granular
access within a repo. I setup my SVN authz file like the book says, but
that didn't work very well. After hours of fiddling, I removed the
trailing slash from the path in the SVN authz file and everything
started working. Is the SVN book wrong???

-Nathan

Here's my setup.

This is the SVN authz file that doesn't work. User "dddd" can't get
access to "prod:/com.xyz/trunk/com.xyz.app/"
------------
[groups]
architects = xxxx, yyyy, zzzz
devs = aaaaa,  bbbb, cccc

[test:/]
* = rw

[prod:/]
* = r
@architects = rw
@devs = rw

[prod:/com.xyz/trunk/com.xyz.app/]
* = r
@architects = rw
@devs = rw
dddd = rw
---------------

This is the SVN authz file that does work. I just remove the trailing
slash and "ddd" now has access.
---------------
[groups]
architects = xxxx, yyyy, zzzz
devs = aaaaa,  bbbb, cccc

[test:/]
* = rw

[prod:/]
* = r
@architects = rw
@devs = rw

[prod:/com.xyz/trunk/com.xyz.app]
* = r
@architects = rw
@devs = rw
dddd = rw
--------------

For additional reference, here some more setup.

Here's my httpd.conf snippet:
---------------
<VirtualHost *>
    <Directory "C:/webserver/scm">
        Options Indexes FollowSymLinks
        AllowOverride None
    </Directory>
    <Location /svn>
        DAV svn
        SVNParentPath "c:/svn/repos"
        #Setup Output compression
        SetOutputFilter DEFLATE
        #Setup input decompression
        SetInputFilter DEFLATE
        
        <LimitExcept GET PROPFIND OPTIONS REPORT>
            #LDAP authentication via Basic Auth
            AuthName "WHQ_NT_DOMAIN"
            AuthType Basic
            AuthLDAPURL "ldap://xxxx.xxxxxx.xxx:3268/?samAccountName??(&
(objectClass=person) (objectClass=user))"
            AuthLDAPBindDN "CN=XXXXXXX"
            AuthLDAPBindPassword XXXXXXX
            Require valid-user
        </LimitExcept>
        
        AuthzSVNAccessFile "c:/svn/svn-access.conf"
    </Location>
</VirtualHost>
------------------

Here's the SVN repo folders:

C:/svn/
          repos/
                   svn-access.conf
                   test/
                   prod/

-----------------------------------------
CONFIDENTIALITY NOTICE This message and any included attachments
are from Cerner Corporation and are intended only for the
addressee. The information contained in this message is
confidential and may constitute inside or non-public information
under international, federal, or state securities laws.
Unauthorized forwarding, printing, copying, distribution, or use of
such information is strictly prohibited and may be unlawful. If you
are not the addressee, please promptly delete this message and
notify the sender of the delivery error by e-mail or you may call
Cerner's corporate offices in Kansas City, Missouri, U.S.A at (+1)
(816)221-1024. -------------------------------------------