You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@subversion.apache.org by Esmond Pitt <es...@bigpond.com> on 2012/09/12 08:08:00 UTC

AuthzSVNAccessFile and [alias]

The value of an alias in the AuthzSVNAccess file seems constrained to be
whatever login name the user used.
 
However I am using LDAP authentication, and it is preferable for me for it
to be the full DN of the user rather than whatever he supplied as the login
name.
 
I have 'AuthLDAPRemoteUserIsDN on', which promotes this behaviour for the
REMOTE_USER variable within Apache.
 
Is there a way of propagating that behaviour to the AuthzSVNAccess file?
 
Thanks in advance
 
EJP

RE: AuthzSVNAccessFile and [alias]

Posted by Esmond Pitt <es...@bigpond.com>.

No, I want the RHS to be the full DN. Presently it has to be the email
address or nickname or whatever else the user actually typed into the login
dialog.

EJP
-----Original Message-----
From: Daniel Shahaf [mailto:d.s@daniel.shahaf.name] 
Sent: Saturday, 15 September 2012 8:45 AM
To: Esmond Pitt
Cc: users@subversion.apache.org
Subject: Re: AuthzSVNAccessFile and [alias]

To clarify, you want the left-hand side of an alias line to be the full DN,
right?

How is this going to work?  Does our ini parser allow the LHS to contain
embedded '=' sign?

https://svn.apache.org/repos/asf/subversion/trunk/subversion/libsvn_subr/con
fig_file.c
http://docs.python.org/library/configparser

Esmond Pitt wrote on Wed, Sep 12, 2012 at 16:08:00 +1000:
> The value of an alias in the AuthzSVNAccess file seems constrained to 
> be whatever login name the user used.
>  
> However I am using LDAP authentication, and it is preferable for me 
> for it to be the full DN of the user rather than whatever he supplied 
> as the login name.
>  
> I have 'AuthLDAPRemoteUserIsDN on', which promotes this behaviour for 
> the REMOTE_USER variable within Apache.
>  
> Is there a way of propagating that behaviour to the AuthzSVNAccess file?
>  
> Thanks in advance
>  
> EJP

Re: AuthzSVNAccessFile and [alias]

Posted by Daniel Shahaf <d....@daniel.shahaf.name>.

To clarify, you want the left-hand side of an alias line to be the full DN, right?

How is this going to work?  Does our ini parser allow the LHS to contain
embedded '=' sign?

https://svn.apache.org/repos/asf/subversion/trunk/subversion/libsvn_subr/config_file.c
http://docs.python.org/library/configparser

Esmond Pitt wrote on Wed, Sep 12, 2012 at 16:08:00 +1000:
> The value of an alias in the AuthzSVNAccess file seems constrained to be
> whatever login name the user used.
>  
> However I am using LDAP authentication, and it is preferable for me for it
> to be the full DN of the user rather than whatever he supplied as the login
> name.
>  
> I have 'AuthLDAPRemoteUserIsDN on', which promotes this behaviour for the
> REMOTE_USER variable within Apache.
>  
> Is there a way of propagating that behaviour to the AuthzSVNAccess file?
>  
> Thanks in advance
>  
> EJP