You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@subversion.apache.org by "C. Michael Pilato" <cm...@collab.net> on 2008/06/30 18:08:35 UTC
Review requested: documenting the 'aliases' authz feature
Hey, folks. I'm dropping a last-minute addition into the svnbook to
describe the new 'aliases' authz-file feature. Can someone read over this
and sanity-check it? Thanks.
------------------------------------------------------------------------
Subversion 1.5 brings another useful feature to the access file syntax:
username aliases. Some authentication systems expect and carry relatively
short usernames of the sorts we've been describing here—harry, sally, joe,
etc. But other systems may carry much more complex usernames. For example,
Harry's username in an LDAP-protected system might be /O=Red
Bean/OU=Engineers/DC=com/DC=red-bean/CN=Harold Hacker. With usernames like
that, the access file can become quite bloated with complex username strings
that are easy to mistype. Fortunately, username aliases allow you to only
have to type the correct complex username once, in a statement which assigns
to it a more easily digestable alias.
[aliases]
harry = /O=Red Bean/OU=Engineers/DC=com/DC=red-bean/CN=Harold Hacker
sally = /O=Red Bean/OU=Engineers/DC=com/DC=red-bean/CN=Sally Swatterbug
joe = /O=Red Bean/OU=Engineers/DC=com/DC=red-bean/CN=Gerald I. Joseph
…
Once you've defined a set of aliases, you can refer to the users elsewhere
in the access file via their aliases in all the same places you could have
instead used their actual usernames. Simply prepend an ampersand to the
alias to distinguish it from a regular username:
[groups]
calc-developers = &harry, &sally, &joe
paint-developers = &frank, &sally, &jane
everyone = @calc-developers, @paint-developers
You might also choose to use aliases if your users' usernames change
frequently. Doing so allows you to need to update only the aliases table
when these username changes occur, instead of doing
global-search-and-replace operations on the whole access file.
--
C. Michael Pilato <cm...@collab.net>
CollabNet <> www.collab.net <> Distributed Development On Demand
Re: Review requested: documenting the 'aliases' authz feature
Posted by Sander Striker <s....@striker.nl>.
On Mon, Jun 30, 2008 at 9:21 PM, C. Michael Pilato <cm...@collab.net> wrote:
> Blair Zajac wrote:
>>
>> C. Michael Pilato wrote:
>>>
>>> Hey, folks. I'm dropping a last-minute addition into the svnbook to
>>> describe the new 'aliases' authz-file feature. Can someone read over this
>>> and sanity-check it? Thanks.
+1.
>> Looks good. I haven't tested the feature, but the write-up is a good one.
>
> Actually, it was brought to my attention to the sample "LDAP" entries I gave
> weren't really LDAPpish at all, but more like SSL client cert DNs.
Which it works well for... :)
> So I've changed the examples to look like:
>
> [aliases]
> harry = CN=Harold Hacker,OU=Engineers,DC=red-bean,DC=com
> sally = CN=Sally Swatterbug,OU=Engineers,DC=red-bean,DC=com
> joe = CN=Gerald I. Joseph,OU=Engineers,DC=red-bean,DC=com
Cheers,
Sander
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Re: Review requested: documenting the 'aliases' authz feature
Posted by "C. Michael Pilato" <cm...@collab.net>.
Blair Zajac wrote:
> C. Michael Pilato wrote:
>> Hey, folks. I'm dropping a last-minute addition into the svnbook to
>> describe the new 'aliases' authz-file feature. Can someone read over
>> this and sanity-check it? Thanks.
>
> Looks good. I haven't tested the feature, but the write-up is a good one.
Actually, it was brought to my attention to the sample "LDAP" entries I gave
weren't really LDAPpish at all, but more like SSL client cert DNs. So I've
changed the examples to look like:
[aliases]
harry = CN=Harold Hacker,OU=Engineers,DC=red-bean,DC=com
sally = CN=Sally Swatterbug,OU=Engineers,DC=red-bean,DC=com
joe = CN=Gerald I. Joseph,OU=Engineers,DC=red-bean,DC=com
> BTW, you've hired Harold Hacker? He left our company after doing a rm
> -fr / our central file server. I'm sorry I can't recommend him :)
Heheh.
--
C. Michael Pilato <cm...@collab.net>
CollabNet <> www.collab.net <> Distributed Development On Demand
Re: Review requested: documenting the 'aliases' authz feature
Posted by Blair Zajac <bl...@orcaware.com>.
C. Michael Pilato wrote:
> Hey, folks. I'm dropping a last-minute addition into the svnbook to
> describe the new 'aliases' authz-file feature. Can someone read over
> this and sanity-check it? Thanks.
Looks good. I haven't tested the feature, but the write-up is a good one.
BTW, you've hired Harold Hacker? He left our company after doing a rm -fr / our
central file server. I'm sorry I can't recommend him :)
Blair
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org