What is the fix for bug 2486??

[Ed snooper <ed...@yahoo.com>]

Hello,

I was trying to create  multiple project folders off the subverison repository root, but I kept getting "forbidden" errors UNLESS I granted full access to the root, and then revoked all users on each subdirectory, and then granted individual users priv's on the subdirectory.....  seems to me that this is the bug 2486 as below... but the bug report says it has been fixed -what is the fix?

http://subversion.tigris.org/issues/show_bug.cgi?id=2486

WORKAROUND:

[repo1:/]
*=r

[repo1:/proj1]
*=
user1 =rw
 user2 = rw
 user3 = rw 
 user4 =rw

[repo1:/EasyLobby]
*=
user1 =rw
user2 = rw
user3 = rw 



Ed

 		
---------------------------------
Do you Yahoo!?
 Get on board. You're invited to try the new Yahoo! Mail.

Re: What is the fix for bug 2486??

[Garrett Rooney <ro...@electricjellyfish.net>]

On 8/31/06, Ed snooper <ed...@yahoo.com> wrote:
> Garrett,
>
> OK... I think I found the problem:
>
> If you use the workaround (mentioned before) you can see each project in the
> repository, but it only allows you to read the ones for which you have
> priv's, as in:
>
> https://subversion.test.com/repo1
>
> BUT, if you just grant subdir access (as from the accessControl.conf) then
> you have to explicity call just the project:
>
> https://subversion.test.com/repo1/proj1
>
> ================
> I installed svn 1.3.2 with apache 2.0.58/9 and mod_dav

Ok, this is what I said before, if you're using apache/mod_authz_svn
you still need the workaround, there's still a bug there.  If you're
using svnserve then it was fixed in 1.3.2.

-garrett

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: What is the fix for bug 2486??

[Ed snooper <ed...@yahoo.com>]

Garrett,

OK... I think I found the problem:

If you use the workaround (mentioned before) you can see each project in the repository, but it only allows you to read the ones for which you have priv's, as in:

https://subversion.test.com/repo1
 
BUT, if you just grant subdir access (as from the accessControl.conf) then you have to explicity call just the project:

https://subversion.test.com/repo1/proj1
  
================
I installed svn 1.3.2 with apache 2.0.58/9 and mod_dav

I created a repository (repo1)

I added the following the httpd.conf:

<Location /repo1>
DAV svn
SVNPath c:\svn_repository\repo1
AuthzSVNAccessFile \apache\conf\accessControl.conf
Require valid-user
AuthType Basic
AuthName "Subversion repository"
AuthUserFile \apache\conf\passwd
</Location>


I created the accessControl.conf as follows:

[repo1:/proj1]
user1 = rw
user2 = rw

[repo1:/proj2]
 user1 = rw
 user2 = rw
user3=rw
 

Then when I try to access the repository:
https://subversion.test.com/repo1

it gives me a 403 forbidden error, BUT if I grant read on root and revoke all to each subdir, and then grant to each user on each subdir, it works....

I need to do https://subversion.test.com/repo1/proj1


 
Ed

Garrett Rooney <ro...@electricjellyfish.net> wrote: On 8/31/06, Ed snooper  wrote:
> Thank You again Garrett,
>
> I have been pulling my hair out trying to get this to work.....It sure seems
> like the bug still exists.... it sounds like I should be able to do the
> below, but I get "forbidden":
>
>
> [repo1:/proj1]
> user1 =rw
>  user2 = rw
>  user3 = rw
>  user4 =rw
>
> [repo1:/proj2]
>
> user1 =rw
> user2 = rw
> user3 = rw
>
> Ed

What exactly are you doing that gives you a forbidden response?  I
just tried it here, and it seems to work...

-garrett


 		
---------------------------------
Stay in the know. Pulse on the new Yahoo.com.  Check it out. 

Re: What is the fix for bug 2486??

[Garrett Rooney <ro...@electricjellyfish.net>]

On 8/31/06, Ed snooper <ed...@yahoo.com> wrote:
> Thank You again Garrett,
>
> I have been pulling my hair out trying to get this to work.....It sure seems
> like the bug still exists.... it sounds like I should be able to do the
> below, but I get "forbidden":
>
>
> [repo1:/proj1]
> user1 =rw
>  user2 = rw
>  user3 = rw
>  user4 =rw
>
> [repo1:/proj2]
>
> user1 =rw
> user2 = rw
> user3 = rw
>
> Ed

What exactly are you doing that gives you a forbidden response?  I
just tried it here, and it seems to work...

-garrett

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: What is the fix for bug 2486??

[Ed snooper <ed...@yahoo.com>]

Thank You again Garrett,

I have been pulling my hair out trying to get this to work.....It sure seems like the bug still exists.... it sounds like I should be able to do the below, but I get "forbidden":

[repo1:/proj1]
user1 =rw
 user2 = rw
 user3 = rw 
 user4 =rw

[repo1:/proj2]
user1 =rw
user2 = rw
user3 = rw 

Ed

Garrett Rooney <ro...@electricjellyfish.net> wrote: On 8/31/06, Ed snooper  wrote:
> Thanks Garret,
>
> Forgive me, I am just a newbie user, -what did the fix within svnserve
> affect -what difference did it make to usage?  Is the below "workaround"
> still required (grant read to all on root, and then revoke to all on subdir,
> and then grant...)
>
> I am running 1.3.2

I don't think the workaround should be required, and the fix should be
in 1.3.2.  AFAIK you shouldn't have to give read access to the root in
order for people to be able to write to subdirs over ra_svn anymore,
so perhaps you're experiencing a different problem?

-garrett


 		
---------------------------------
Do you Yahoo!?
 Get on board. You're invited to try the new Yahoo! Mail.

Re: What is the fix for bug 2486??

[Garrett Rooney <ro...@electricjellyfish.net>]

On 8/31/06, Ed snooper <ed...@yahoo.com> wrote:
> Thanks Garret,
>
> Forgive me, I am just a newbie user, -what did the fix within svnserve
> affect -what difference did it make to usage?  Is the below "workaround"
> still required (grant read to all on root, and then revoke to all on subdir,
> and then grant...)
>
> I am running 1.3.2

I don't think the workaround should be required, and the fix should be
in 1.3.2.  AFAIK you shouldn't have to give read access to the root in
order for people to be able to write to subdirs over ra_svn anymore,
so perhaps you're experiencing a different problem?

-garrett

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: What is the fix for bug 2486??

[Ed snooper <ed...@yahoo.com>]

Thanks Garret,

Forgive me, I am just a newbie user, -what did the fix within svnserve affect -what difference did it make to usage?  Is the below "workaround" still required (grant read to all on root, and then revoke to all on subdir, and then grant...)

I am running 1.3.2

Ed



Garrett Rooney <ro...@electricjellyfish.net> wrote: On 8/31/06, Ed snooper  wrote:
> Hello,
>
> I was trying to create  multiple project folders off the subverison
> repository root, but I kept getting "forbidden" errors UNLESS I granted full
> access to the root, and then revoked all users on each subdirectory, and
> then granted individual users priv's on the subdirectory.....  seems to me
> that this is the bug 2486 as below... but the bug report says it has been
> fixed -what is the fix?
>
> http://subversion.tigris.org/issues/show_bug.cgi?id=2486
>
> WORKAROUND:
>
> [repo1:/]
> *=r
>
> [repo1:/proj1]
> *=
> user1 =rw
>  user2 = rw
>  user3 = rw
>  user4 =rw
>
> [repo1:/EasyLobby]
> *=
> user1 =rw
> user2 = rw
> user3 = rw

I believe that issue referred to the support in svnserve, and you
should be able to pick up the fix by upgrading to a newer release of
svn.  There still appears to be a problem with mod_authz_svn, as one
of the relevant tests is marked as XFail for dav.

-garrett

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org



 		
---------------------------------
Get your email and more, right on the  new Yahoo.com 

Re: What is the fix for bug 2486??

[Garrett Rooney <ro...@electricjellyfish.net>]

On 8/31/06, Ed snooper <ed...@yahoo.com> wrote:
> Hello,
>
> I was trying to create  multiple project folders off the subverison
> repository root, but I kept getting "forbidden" errors UNLESS I granted full
> access to the root, and then revoked all users on each subdirectory, and
> then granted individual users priv's on the subdirectory.....  seems to me
> that this is the bug 2486 as below... but the bug report says it has been
> fixed -what is the fix?
>
> http://subversion.tigris.org/issues/show_bug.cgi?id=2486
>
> WORKAROUND:
>
> [repo1:/]
> *=r
>
> [repo1:/proj1]
> *=
> user1 =rw
>  user2 = rw
>  user3 = rw
>  user4 =rw
>
> [repo1:/EasyLobby]
> *=
> user1 =rw
> user2 = rw
> user3 = rw

I believe that issue referred to the support in svnserve, and you
should be able to pick up the fix by upgrading to a newer release of
svn.  There still appears to be a problem with mod_authz_svn, as one
of the relevant tests is marked as XFail for dav.

-garrett

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: What is the fix for bug 2486??

[sv...@mobsol.be]

Quoting Ed snooper <ed...@yahoo.com>:

> Hello,
>
> I was trying to create  multiple project folders off the subverison
> repository root, but I kept getting "forbidden" errors UNLESS I granted full
> access to the root, and then revoked all users on each subdirectory, and then
> granted individual users priv's on the subdirectory.....  seems to me that
> this is the bug 2486 as below... but the bug report says it has been fixed
> -what is the fix?
>
> http://subversion.tigris.org/issues/show_bug.cgi?id=2486
>
> WORKAROUND:
>
> [repo1:/]
> *=r
>
> [repo1:/proj1]
> *=
> user1 =rw
>  user2 = rw
>  user3 = rw
>  user4 =rw
>
> [repo1:/EasyLobby]
> *=
> user1 =rw
> user2 = rw
> user3 = rw

The issue description shows the revision number of the fix, if you're looking
for the actual code changes. You don't have to change anything in your access
file, just give rw access to the projects as you originally tried to do.

The fix is included in svn 1.3.2, if you're using an older version please
upgrade.

Lieven.


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: What is the fix for bug 2486??

[Ed snooper <ed...@yahoo.com>]

Sorry, I should have mentioned that I am already running svn 1.3.2 -which should have the bug fix!


Ed snooper <ed...@yahoo.com> wrote: Hello,

I was trying to create  multiple project folders off the subverison repository root, but I kept getting "forbidden" errors UNLESS I granted full access to the root, and then revoked all users on each subdirectory, and then granted individual users priv's on the subdirectory.....  seems to me that this is the bug 2486 as below... but the bug report says it has been fixed -what is the fix?

http://subversion.tigris.org/issues/show_bug.cgi?id=2486

WORKAROUND:

[repo1:/]
*=r

[repo1:/proj1]
*=
user1 =rw
 user2 = rw
 user3 = rw 
 user4 =rw

[repo1:/EasyLobby]
*=
user1 =rw
user2 = rw
user3 = rw 



Ed
    

---------------------------------
Do you Yahoo!?
  Get on board. You're invited to try the new Yahoo! Mail.

 				
---------------------------------
Want to be your own boss? Learn how on  Yahoo! Small Business. 

Re: Has anyone got apache/svn authenticating via SSL to active directory?

[mi...@euphonynet.be]

Hello,

it's nto wath you're asking for, but maybe the same(/better?) ... I'm
running mod_auth_kerb to authenticate against active directory (spnego
with a fallback on basic authentication - the server asks a ticket for the
user then) and the users connect over https. If you use apache 2.2 you
have to check out the latest version of mod_auth_kerb as far as I know.
You can use mod_auth_kerb 5.0 with apache 2.0x and apr 0.x. The problem
between mod_auth_kerb 5.0 and apr is that mod_auth_kerb 5.0 doesn't
compile with apr 1.x.

Greetings,

Michel

> Ed snooper wrote:
>> Hello,
>>
>> Does anyone have apache + mod_auth_ldap  authenticating to active
>> directory via SSL ?
>>
>> Ed
>>
>> ------------------------------------------------------------------------
>> All-new Yahoo! Mail
>> <http://us.rd.yahoo.com/evt=43256/*http://advision.webevents.yahoo.com/mailbeta>-
>> Fire up a more powerful email and get things done faster.
> Sure - the SSL and Active Directory are two separate modules for
> configuration.  I am running both.
>
> To be sure - are you referring to a secure LDAP connection, or secure
> HTTP?
>
> Regards,
> Frank
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org

Re: Has anyone got apache/svn authenticating via SSL to active directory?

[Frank Gruman <fg...@verizon.net>]

Ed snooper wrote:
> Hello,
>
> Does anyone have apache + mod_auth_ldap  authenticating to active 
> directory via SSL ?
>
> Ed
>
> ------------------------------------------------------------------------
> All-new Yahoo! Mail 
> <http://us.rd.yahoo.com/evt=43256/*http://advision.webevents.yahoo.com/mailbeta>- 
> Fire up a more powerful email and get things done faster. 
Sure - the SSL and Active Directory are two separate modules for 
configuration.  I am running both.

To be sure - are you referring to a secure LDAP connection, or secure HTTP?

Regards,
Frank

Has anyone got apache/svn authenticating via SSL to active directory?

[Ed snooper <ed...@yahoo.com>]

Hello,

Does anyone have apache + mod_auth_ldap  authenticating to active directory via SSL ?

Ed

 		
---------------------------------
 All-new Yahoo! Mail - Fire up a more powerful email and get things done faster.