You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Ashwin Basagouda Patil <as...@robosoftin.com> on 2008/01/30 16:08:36 UTC

[users@httpd] SVN LADP Group Authentication

Dear All,


Sorry for asking again with new subject line, but please note that I never 
received any response from any one for this my request. Please help me in 
this regards.

Please read full mail. Please excuse me if it so long. I tried to explain 
my configuration.

We recently upgraded our SVN server to 1.4.5 and apache 2.054 also it is 
configured for authentication to SVN by user in LDAP. It is working fine 
for all the users. 

Now we are need of group authentication, I mean the users present in a 
group of LDAP should grant the access to SVN, if group name is mentioned in 
the SVN_Authorization file. 


I have virtual hosting for the apache configuration: 

Apache configuration: ssl.conf file





##################### start of file #######################################
NameVirtualHost *:443
LDAPTrustedCA        /usr/local/apache2/conf/ssl/cacert.pem
LDAPTrustedCAType    BASE64_FILE
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
<IfDefine SSL>
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/usr/local/apache2/logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/usr/local/apache2/logs/ssl_mutex
AcceptMutex flock
SSLEngine on
SSLCipherSuite ALL:!ADH:!
EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/apache2/conf/ssl/server.crt
SSLCertificateKeyFile /usr/local/apache2/conf/ssl/server.key
SSLCACertificateFile /usr/local/apache2/conf/ssl/cacert.pem

####################### test@robosoft.co.in ###############################

<VirtualHost *:443>
        ServerName test.robosoft.co.in
        ServerAdmin root@robosoftin.com
        DocumentRoot  /Volumes/Projects/test/
  <Location />
        DAV svn
        SVNPath /Volumes/Projects/Subversion/Projects/test/

        AuthName "Robosoft Technologies Pvt Ltd"
        AuthType Basic
        
AuthLDAPUrl "ldaps://roboserver.robosoft.co.in/cn=users,dc=RoboServer?cn"
#       Auth on
        Require ldap-group cn=groups,dc=RoboServer?cn

# Our access control policy
        
AuthzSVNAccessFile /Volumes/Projects/Subversion/Projects/test/test.txt
</Location>
       ErrorLog /Volumes/Projects/Subversion/Projects/test/error.log
       CustomLog /Volumes/Projects/Subversion/Projects/test/access.log 
common
<FilesMatch "\.(cgi|shtml|phtml|php3?)$">
       SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/apache2/cgi-bin">
       SSLOptions +StdEnvVars
</Directory>
       SetEnvIf User-Agent ".*MSIE.*" \
       nokeepalive ssl-unclean-shutdown \
       downgrade-1.0 force-response-1.0

</VirtualHost>

</IfDefine>


##########################################################################


Also IO have the bello configuration in my SVN_Authorization file as listed 
bellow.

Path : as mentioned in ssl.conf file 

AuthzSVNAccessFile /Volumes/Projects/Subversion/Projects/test/test.txt

[/]
ashwin = r
name2 = r
name3 = r
name4 = r
* = 

[/dir1]
ashwin = rw
name2 = r
name3 = rw
name4 = rw
* = 

[/dir1/dir2]
ashwin = rw
name2 = r
name3 = 
name4 = r
* = 


[/dirA]
ashwin = rw
name2 = r
name3 = 
name4 = r

[/dirA/dirB]
ashwin = rw
name2 = r
name3 = 
name4 = r
* = 

#################END OF FILE AuthzSVNAccessFile ########################

Please help me how I can success to authenticate a user present in the LDAP 
dir group and group name is mentioned in "AuthzSVNAccessFile".


Thanks in Advence.
Ashwin Patil






-----------------------------------------------
Robosoft Technologies - Come home to Technology

Disclaimer: This email may contain confidential material. If you were not an intended recipient, please notify the sender and delete all copies. Emails to and from our network may be logged and monitored. This email and its attachments are scanned for virus by our scanners and are believed to be safe. However, no warranty is given that this email is free of malicious content or virus.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org