You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by Markus Kreuzspiegl <mk...@gmx.at> on 2007/03/31 09:39:06 UTC
LDAP Documentation/Sample
hello,
i started using subversion few days ago. and the most things are working
fine now .
i also like to use ldap, but cant find much information in the
documentation.
has some one more information for me, maybe a pdf, link or sample entries?
thanx,
Markus
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Re: LDAP Documentation/Sample
Posted by Thomas Recloux <th...@gmail.com>.
Hello markus
> but does somebody know, if there is a tool, to export my ldap-groups into an
> authz-file-[group]-format.
I use bash scripts launched hourly by the cron daemon for this.
Here is a sample :
#!/bin/bash
#
#
##############################################
# Constants
##############################################
BIND_DN=CN=xxxxxxxxxxxxx
BIND_PWD=xxxxxxxxxxxxxxx
AUTH_FILE=/etc/apache2/svn.authz
##############################################
# First group
# Search LDAP for first group members and keep only the
'sAmAccountName' attribute
#
SEARCH=`ldapsearch -D $BIND_DN -w $BIND_PWD -b
"OU=firstgroup,OU=users,DC=mycompagnny,DC=fr" -h ldap.mycompagny.fr -x
'(objectClass=user)' sAMAccountName | grep 'sAMAccountName:' | sed
s/'sAMAccountName: '//`
# Replace spaces by commas
SEARCH=`echo $SEARCH | sed s/' '/', '/g`
# Upcase dand lowcase
FOO_a=`echo $SEARCH | tr A-Z a-z`
FOO_b=`echo $SEARCH | tr a-z A-Z`
FOO=`echo $FOO_a, $FOO_b`
# Other groups
# Generate the file
DATE=`date`
echo "# File generated from LDAP directory, do not modify" > $AUTH_FILE
echo "# Generated on $DATE" >> $AUTH_FILE
echo "[groups]" >> $AUTH_FILE
echo "foo=$FOO" >> $AUTH_FILE
...other groups
...svn branches
echo "[/]" >> $AUTH_FILE
echo "@foo=rw" >> $AUTH_FILE
echo "[/branch]" >> $AUTH_FILE
echo "@bar=" >> $AUTH_FILE
--
Thomas Recloux
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
AW: LDAP Documentation/Sample
Posted by Markus Kreuzspiegl <mk...@gmx.at>.
okay,
but does somebody know, if there is a tool, to export my ldap-groups into an
authz-file-[group]-format.
markus
_____
Von: Mark Phippard [mailto:markphip@gmail.com]
Gesendet: Sonntag, 01. April 2007 20:57
An: Markus Kreuzspiegl
Cc: Clemens Mensik; users@subversion.tigris.org
Betreff: Re: LDAP Documentation/Sample
On 4/1/07, Markus Kreuzspiegl <mk...@gmx.at> wrote:
thx mark and clemens for your answer,
also thx jeremy for his blog!
if i use marks or jeremy's <Location /...> settings, is it possible to use
my ldap user groups (memberOf) that i had set in my active directory?
like it's explaned in the manual at 'Server Configuration --> Path-Based
Authorzation' on page 164-166
# harry and sally are ldap-users (sAMAccountName)
[calc:/brances/calc/bug-142]
harry = rw
sally = r
# calc-developers and paint-developers are ldap-groups and
# all users that are memberOf this group have rw-access
[calc:/projects/calc]
@calc-developers = rw
[paint:/projects/paint]
@paint-developers = rw
jane = r
is this right? would this work with this settings?
or did i had to add/change something?
regards, markus
It is currently not possible to directly reference your LDAP groups in the
authz file. You still have to add the [groups] section and assign users to
those groups.
--
Thanks
Mark Phippard
http://markphip.blogspot.com/
Re: LDAP Documentation/Sample
Posted by Mark Phippard <ma...@gmail.com>.
On 4/1/07, Markus Kreuzspiegl <mk...@gmx.at> wrote:
>
> thx mark and clemens for your answer,
> also thx jeremy for his blog!
>
> if i use marks or jeremy's <Location /...> settings, is it possible to use
> my ldap user groups (memberOf) that i had set in my active directory?
> like it's explaned in the manual at 'Server Configuration --> Path-Based
> Authorzation' on page 164-166
>
> # harry and sally are ldap-users (sAMAccountName)
> [calc:/brances/calc/bug-142]
> harry = rw
> sally = r
>
> # calc-developers and paint-developers are ldap-groups and
> # all users that are memberOf this group have rw-access
> [calc:/projects/calc]
> @calc-developers = rw
>
> [paint:/projects/paint]
> @paint-developers = rw
> jane = r
>
> is this right? would this work with this settings?
> or did i had to add/change something?
>
> regards, markus
>
It is currently not possible to directly reference your LDAP groups in the
authz file. You still have to add the [groups] section and assign users to
those groups.
--
Thanks
Mark Phippard
http://markphip.blogspot.com/
AW: LDAP Documentation/Sample
Posted by Markus Kreuzspiegl <mk...@gmx.at>.
thx mark and clemens for your answer,
also thx jeremy for his blog!
if i use marks or jeremy's <Location /...> settings, is it possible to use
my ldap user groups (memberOf) that i had set in my active directory?
like it's explaned in the manual at 'Server Configuration --> Path-Based
Authorzation' on page 164-166
# harry and sally are ldap-users (sAMAccountName)
[calc:/brances/calc/bug-142]
harry = rw
sally = r
# calc-developers and paint-developers are ldap-groups and
# all users that are memberOf this group have rw-access
[calc:/projects/calc]
@calc-developers = rw
[paint:/projects/paint]
@paint-developers = rw
jane = r
is this right? would this work with this settings?
or did i had to add/change something?
regards, markus
_____
Von: Mark Phippard [mailto:markphip@gmail.com]
Gesendet: Samstag, 31. März 2007 12:57
An: Markus Kreuzspiegl
Cc: users@subversion.tigris.org
Betreff: Re: LDAP Documentation/Sample
On 3/31/07, Markus Kreuzspiegl <mk...@gmx.at> wrote:
hello,
i started using subversion few days ago. and the most things are working
fine now .
i also like to use ldap, but cant find much information in the
documentation.
has some one more information for me, maybe a pdf, link or sample entries?
Here is a blog post that might help:
http://blogs.open.collab.net/svn/2007/03/subversion_ldap.html
--
Thanks
Mark Phippard
http://markphip.blogspot.com/
Re: LDAP Documentation/Sample
Posted by Mark Phippard <ma...@gmail.com>.
On 3/31/07, Markus Kreuzspiegl <mk...@gmx.at> wrote:
>
> hello,
>
> i started using subversion few days ago. and the most things are working
> fine now .
> i also like to use ldap, but cant find much information in the
> documentation.
> has some one more information for me, maybe a pdf, link or sample entries?
Here is a blog post that might help:
http://blogs.open.collab.net/svn/2007/03/subversion_ldap.html
--
Thanks
Mark Phippard
http://markphip.blogspot.com/
Re: LDAP Documentation/Sample
Posted by Clemens Mensik <c....@ip2.at>.
it works ;-)
Some time ago I was looking for the same thing and found a solution but
I didn't bookmark the link, so I'll just post an example configuration.
* first you have to install some apache2 modules:
/mods-enabled/auth_ldap.load
/mods-enabled/ldap.load
(svn modules have to be installed too!)
* now you have to setup your apache:
<Location /svn>
DAV svn
SVNPath <local path to your repository>
AuthLDAPBindDN cn=admin,dc=domain,dc=at
AuthLDAPBindPassword <ldap pw>
AuthType Basic
AuthName "<repo name>"
AuthLDAPURL ldap://localhost/dc=domain,dc=at?uid?sub?(objectClass=*)
AuthzSVNAccessFile <local path to svn authz >
Require valid-user
</Location>
hope everything's clear. If not, just write me an email.
regards
clemens
Markus Kreuzspiegl wrote:
> hello,
>
> i started using subversion few days ago. and the most things are working
> fine now .
> i also like to use ldap, but cant find much information in the
> documentation.
> has some one more information for me, maybe a pdf, link or sample entries?
>
> thanx,
> Markus
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
--
-------------------------------------------------------------
Clemens A. Mensik IP SQUARE Softwareerzeuger GmbH
Geschäftsführer Mooslackengasse 17 - 1190 Wien
+43-699-10016667 c.mensik@ipsquare.at
-------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org