You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Ashwin Basagouda Patil <as...@robosoftin.com> on 2008/01/30 16:08:36 UTC
[users@httpd] SVN LADP Group Authentication
Dear All,
Sorry for asking again with new subject line, but please note that I never
received any response from any one for this my request. Please help me in
this regards.
Please read full mail. Please excuse me if it so long. I tried to explain
my configuration.
We recently upgraded our SVN server to 1.4.5 and apache 2.054 also it is
configured for authentication to SVN by user in LDAP. It is working fine
for all the users.
Now we are need of group authentication, I mean the users present in a
group of LDAP should grant the access to SVN, if group name is mentioned in
the SVN_Authorization file.
I have virtual hosting for the apache configuration:
Apache configuration: ssl.conf file
##################### start of file #######################################
NameVirtualHost *:443
LDAPTrustedCA /usr/local/apache2/conf/ssl/cacert.pem
LDAPTrustedCAType BASE64_FILE
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
<IfDefine SSL>
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/usr/local/apache2/logs/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/usr/local/apache2/logs/ssl_mutex
AcceptMutex flock
SSLEngine on
SSLCipherSuite ALL:!ADH:!
EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache2/conf/ssl/server.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl/server.key
SSLCACertificateFile /usr/local/apache2/conf/ssl/cacert.pem
####################### test@robosoft.co.in ###############################
<VirtualHost *:443>
ServerName test.robosoft.co.in
ServerAdmin root@robosoftin.com
DocumentRoot /Volumes/Projects/test/
<Location />
DAV svn
SVNPath /Volumes/Projects/Subversion/Projects/test/
AuthName "Robosoft Technologies Pvt Ltd"
AuthType Basic
AuthLDAPUrl "ldaps://roboserver.robosoft.co.in/cn=users,dc=RoboServer?cn"
# Auth on
Require ldap-group cn=groups,dc=RoboServer?cn
# Our access control policy
AuthzSVNAccessFile /Volumes/Projects/Subversion/Projects/test/test.txt
</Location>
ErrorLog /Volumes/Projects/Subversion/Projects/test/error.log
CustomLog /Volumes/Projects/Subversion/Projects/test/access.log
common
<FilesMatch "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/apache2/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
</IfDefine>
##########################################################################
Also IO have the bello configuration in my SVN_Authorization file as listed
bellow.
Path : as mentioned in ssl.conf file
AuthzSVNAccessFile /Volumes/Projects/Subversion/Projects/test/test.txt
[/]
ashwin = r
name2 = r
name3 = r
name4 = r
* =
[/dir1]
ashwin = rw
name2 = r
name3 = rw
name4 = rw
* =
[/dir1/dir2]
ashwin = rw
name2 = r
name3 =
name4 = r
* =
[/dirA]
ashwin = rw
name2 = r
name3 =
name4 = r
[/dirA/dirB]
ashwin = rw
name2 = r
name3 =
name4 = r
* =
#################END OF FILE AuthzSVNAccessFile ########################
Please help me how I can success to authenticate a user present in the LDAP
dir group and group name is mentioned in "AuthzSVNAccessFile".
Thanks in Advence.
Ashwin Patil
-----------------------------------------------
Robosoft Technologies - Come home to Technology
Disclaimer: This email may contain confidential material. If you were not an intended recipient, please notify the sender and delete all copies. Emails to and from our network may be logged and monitored. This email and its attachments are scanned for virus by our scanners and are believed to be safe. However, no warranty is given that this email is free of malicious content or virus.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org